So I been working with Fortigate Firewalls for about three years now and finally have the opportunity to go out and learn more about each feature and right now my focus is on Virtual Domains (VDOMs). I have uploaded a quick image of my test lab at present. I have 3 external networks that belong to different organisations, which are separated by the Forigate 200D and Cisco ASA firewalls. Routing and addressing has been given by each external network and each ASA runs the static address provided by the externals with routing and policies allowing traffic into the internal network, the addressing between the ASAs' and the Fortigate are 3 different /30 subnets.
What I am looking to accomplish here is to remove the ASAs and move to using just the 200D firewall only. This would mean moving the policies, routing, and addressing to the Fortigate however I need to ensure that each external network are separate from one another coming inbound to the Fortigate but are all available through the same interface. So the end goal is to create 3 VDOMs, using WAN1 in each VDOM to connect to the internal network, and 3 individual ports on the 200D for each connection to external.
Can I get anyone's thoughts on if this possible, wise, recommended etc?? Also if anyone has had issues with VDOMs in the past it would be greatly appreciated.
One interface can belong to only one VDOM. So you need totally 4 vdoms but you can use the default root vdom for internal network, then create 3 vdoms and at least 3 vdom links (internal-ext1, internal-ext2, internal-ext3) and route them through internal(root) vdom if they need to talk each others.
I don't see each org's internet path in the diagram so assuming each have own internet path outside of this picture.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.