Hello,
I would like to implement VDOM In azure infrastructure.
As I discovered when you implementing VDOM you must to assign interfaces to the VDOMs, but in case of Azure you have just 2 interfaces and I don't know how I can assign 2 interfaces for example to 3 VDOMs?
Solved! Go to Solution.
Correct, with physical FGT you "share" a physical interface by making it a trunk and creating VLANs that you can individually assign then to different VDOMs, but in public clouds they do not support VLANs/trunking, so each NIC can belong to only 1 VDOM.
You can create VDOMs without assigning interfaces. Interface assignment happens after creating VDOM. You can create sub/vlan interfaces if you don't have physical interfaces, but can share why do you need VDOMs if you don't have interfaces?
No, I would like to configure VDOM because I need to "share" my firewall and I'm not sure how I can provide routing\filtration\... without adding interfaces to VDOM?
There is Azure limitations, we have 2 vCPU Fortigate which has just 2 interfaces and I'm not sure how i Can realize VDOM in Azure case.
Hello,
The number of NIC depends on the VM size. Generally the bigger VM, the more interfaces it can support:
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_VM_Azure.pdf (page 7)
The actual working number of consumable network interfaces varies depending on Microsoft Azure instance types/sizes and may be less. Current test version is FortiOS 7.2.3.
Only BYOL supports VDOM. Moreover, FG-VMxxV and FG-VMxxS series do not come with a multi-VDOM feature by default. You can add it by applying separate VDOM addition perpetual licenses.
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_VM_Azure.pdf
Thanks @abarushka,
As I understood I must to assign interface to the VDOM for routing, NAT, policing and so on, correct?
Hello,
Generally it is necessary to assign interface / VDOM link to VDOM. In case there is not enough available interfaces, you may consider to redeploy VM and set "bigger" VM with more supported interfaces.
Thanks @abarushka for your reply.
Understood, as I see I can't "share" one interface between several VDOMs, I need to assign ports to them.
Correct, with physical FGT you "share" a physical interface by making it a trunk and creating VLANs that you can individually assign then to different VDOMs, but in public clouds they do not support VLANs/trunking, so each NIC can belong to only 1 VDOM.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.