I have a 100F with 3 VDOM's. Each of it provides internet access to some separated internal subnets.
For management reasons, I do have VDOM Links configured with mostly SNMP, ssh and RDP traffic.
To satisfy one of the Security Rating questions (Interface Classification), I should assign a role to the VDOM Links. I can't do that in the interface configuration, like I do it for "normal" interfaces.
For normal interfaces, I would see the differences between the interface roles. Not for VDOM Links..
For VDOM Links, I only could change the role in the Security Control via the Recommendations.
- What is the best VDOM link role? LAN role or WAN role? I would guess LAN, but I am quite unsure.
- What is the difference between LAN role and WAN role in case of the VDOM Link? Same as for any interface?
- What is the best practice for VPN links? WAN role (if connecting to other businesses) or LAN role (if connecting sites of the same business)?
- How "safe" is changing the interface role via the "Recommendations"? I have several interfaces with "Undefined" role (this is probably not good practice, I know.. that's why I want to better this.. )