Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dan
Contributor

Security Rating, Interface Classification: What should be VDOM Links roles?

I have a 100F with 3 VDOM's. Each of it provides internet access to some separated internal subnets.

For management reasons, I do have VDOM Links configured with mostly SNMP, ssh and RDP traffic. 

 

To satisfy one of the Security Rating questions (Interface Classification), I should assign a role to the VDOM Links. I can't do that in the interface configuration, like I do it for "normal" interfaces. 

For normal interfaces, I would see the differences between the interface roles. Not for VDOM Links..

 

For VDOM Links, I only could change the role in the Security Control via the Recommendations.

 

Questions:

  • What is the best VDOM link role? LAN role or WAN role? I would guess LAN, but I am quite unsure.
  • What is the difference between LAN role and WAN role in case of the VDOM Link? Same as for any interface?
  • What is the best practice for VPN links? WAN role (if connecting to other businesses) or LAN role (if connecting sites of the same business)?
  • How "safe" is changing the interface role via the "Recommendations"? I have several interfaces with "Undefined" role (this is probably not good practice, I know.. that's why I want to better this.. )

Thanks

 

Dan

 

 

1 REPLY 1
ESCHAN_FTNT
Staff
Staff

Hi Dan

Role do not have any effect on the FortiGate. Setting the role means some GUI option is being hidden, and it simplifies things from GUI itself. I don't really set the role and I think it is safe to leave at LAN (default) or undefined.

 

You can refer to https://docs.fortinet.com/document/fortigate/6.2.12/cookbook/574723/interface-settings for more information regarding role.

Labels
Top Kudoed Authors