Hi there,
The existing 2xFortiGate 300E reached the limit of the VDOMs per device (10 out of 10 are already being used). The ongoing project requires creating another set of VDOMs on the firewall. Since it is not possible to purchase another set of VDOMs for the 300 series model, is there any best practice on how to perform the VDOM consolidation (e.g., moving resources and objects from one VDOM to another VDOM in GUI/CLI) and potentially remove the redundant VDOMs?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You will need to remove the objects/resources (interfaces mainly) from the VDOM you are going to delete. They need to be moved to global and then from their you can add them to the new or correct VDOM.
Thanks for the advice! I was wondering what could be the reason for the Ref. number next to the VDOM object under System > VDOM to be greater than the number of objects displayed once I click on that. For example, one of the VDOMs has a Ref. number set to 20, while the number of objects displayed once I click on that number is 5. Does the Reference option calculate all the nested references as well?
Yes, refernce includes the nested reference as well. You can use "show full | grep <ref>" to find references. Rememmber to run this from global and from the specific VDOM.
eg: "show full | grep port2" -> to find references for port2
As for VLANs, it's just routing and creating the needed virtual interfaces. When a tagged frame comes, FortiGate strips VLAN tags and puts the traffic into a virtual interface with the matching VLAN tag on the matching physical interface (Then processes it as usual). Same way in reverse, if a traffic is routed out of a VLAN virtual interface, the tag is added on egress.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.