Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
1mm
Contributor

Created on ‎07-17-2023 04:48 AM

VDOM in Azure

Hello,

I would like to implement VDOM In azure infrastructure. 

As I discovered when you implementing VDOM you must to assign interfaces to the VDOMs, but in case of Azure you have just 2 interfaces and I don't know how I can assign 2 interfaces for example to 3 VDOMs? 

Labels:
1548
0 Kudos
1 Solution
Yurisk
SuperUser
SuperUser
In response to 1mm

Created on ‎07-18-2023 02:31 AM

Correct, with physical FGT you "share" a physical interface by making it a trunk and creating VLANs that you can individually assign then to different VDOMs, but in public clouds they do not support VLANs/trunking, so each NIC can belong to only 1 VDOM.

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.

View solution in original post

Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
1445
7 REPLIES 7
srajeswaran
Staff
Staff

Created on ‎07-17-2023 04:59 AM

You can create VDOMs without assigning interfaces. Interface assignment happens after creating VDOM. You can create sub/vlan interfaces if you don't have physical interfaces, but can share why do you need VDOMs if you don't have interfaces?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

1541
1mm
Contributor
In response to srajeswaran

Created on ‎07-17-2023 05:35 AM

No, I would like to configure VDOM because I need to "share" my firewall and I'm not sure how I can provide routing\filtration\... without adding interfaces to VDOM?  

There is Azure limitations, we have 2 vCPU Fortigate which has just 2 interfaces and I'm not sure how i Can realize VDOM in Azure case.

1536
0 Kudos
abarushka
Staff
Staff

Created on ‎07-17-2023 01:14 PM

Hello,

 

The number of NIC depends on the VM size. Generally the bigger VM, the more interfaces it can support:

 

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_VM_Azure.pdf (page 7)

The actual working number of consumable network interfaces varies depending on Microsoft Azure instance types/sizes and may be less. Current test version is FortiOS 7.2.3.

 

Only BYOL supports VDOM. Moreover, FG-VMxxV and FG-VMxxS series do not come with a multi-VDOM feature by default. You can add it by applying separate VDOM addition perpetual licenses.

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_VM_Azure.pdf

FortiGate
1485
1mm
Contributor
In response to abarushka

Created on ‎07-17-2023 10:45 PM

Thanks @abarushka,

As I understood I must to assign interface to the VDOM for routing, NAT, policing and so on, correct?

1467
0 Kudos
abarushka
Staff
Staff
In response to 1mm

Created on ‎07-18-2023 12:36 AM

Hello,

 

Generally it is necessary to assign interface / VDOM link to VDOM. In case there is not enough available interfaces, you may consider to redeploy VM and set "bigger" VM with more supported interfaces. 

FortiGate
1459
0 Kudos
1mm
Contributor
In response to abarushka

Created on ‎07-18-2023 01:57 AM

Thanks @abarushka for your reply.

Understood, as I see I can't "share" one interface between several VDOMs, I need to assign ports to them. 

1450
0 Kudos
Yurisk
SuperUser
SuperUser
In response to 1mm

Created on ‎07-18-2023 02:31 AM

Correct, with physical FGT you "share" a physical interface by making it a trunk and creating VLANs that you can individually assign then to different VDOMs, but in public clouds they do not support VLANs/trunking, so each NIC can belong to only 1 VDOM.

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
1446
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.