VDOM in Azure

1mm · ‎07-17-2023

Hello,

I would like to implement VDOM In azure infrastructure.

As I discovered when you implementing VDOM you must to assign interfaces to the VDOMs, but in case of Azure you have just 2 interfaces and I don't know how I can assign 2 interfaces for example to 3 VDOMs?

Yurisk · ‎07-18-2023

Correct, with physical FGT you "share" a physical interface by making it a trunk and creating VLANs that you can individually assign then to different VDOMs, but in public clouds they do not support VLANs/trunking, so each NIC can belong to only 1 VDOM.

Yuri Slobodyanyuk

View solution in original post

srajeswaran · ‎07-17-2023

You can create VDOMs without assigning interfaces. Interface assignment happens after creating VDOM. You can create sub/vlan interfaces if you don't have physical interfaces, but can share why do you need VDOMs if you don't have interfaces?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

1mm · ‎07-17-2023

No, I would like to configure VDOM because I need to "share" my firewall and I'm not sure how I can provide routing\filtration\... without adding interfaces to VDOM?

There is Azure limitations, we have 2 vCPU Fortigate which has just 2 interfaces and I'm not sure how i Can realize VDOM in Azure case.

abarushka · ‎07-17-2023

Hello,

The number of NIC depends on the VM size. Generally the bigger VM, the more interfaces it can support:

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_VM_Azure.pdf (page 7)

The actual working number of consumable network interfaces varies depending on Microsoft Azure instance types/sizes and may be less. Current test version is FortiOS 7.2.3.

Only BYOL supports VDOM. Moreover, FG-VMxxV and FG-VMxxS series do not come with a multi-VDOM feature by default. You can add it by applying separate VDOM addition perpetual licenses.

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_VM_Azure.pdf

FortiGate

1mm · ‎07-17-2023

Thanks @abarushka,

As I understood I must to assign interface to the VDOM for routing, NAT, policing and so on, correct?

abarushka · ‎07-18-2023

Hello,

Generally it is necessary to assign interface / VDOM link to VDOM. In case there is not enough available interfaces, you may consider to redeploy VM and set "bigger" VM with more supported interfaces.

FortiGate

1mm · ‎07-18-2023

Thanks @abarushka for your reply.

Understood, as I see I can't "share" one interface between several VDOMs, I need to assign ports to them.

Yurisk · ‎07-18-2023

Correct, with physical FGT you "share" a physical interface by making it a trunk and creating VLANs that you can individually assign then to different VDOMs, but in public clouds they do not support VLANs/trunking, so each NIC can belong to only 1 VDOM.

Yuri Slobodyanyuk

Shuai · ‎02-20-2025

Wondering if you have already implemented VDOM in Azure, despite the post is old...If you did, did you ran into constraints on available number of NICs on Fortigate-VM?

VDOM in Azure

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website