Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
alpha202ej
New Contributor

Created on ‎04-08-2013 03:18 PM

VDOM with VLANs Cannot Connect to Internet

Hi all, I have been trying to make a proof of concept for our office with a FortiGate 50B (v4.0 MR2 Patch 4 firmware) to support a multitenet configuration using the Management VDOM. I have been trying to follow along on the example, however, the FortiGate 50B doesn' t support configuration of individual ports so I have had to fall back on VLANs. For this task I have a HP ProCurve 1700-8 (a L2 managed switch) which supports VLANs. On the switch, port one is configured for tenet one and port two for tenet two. The only issue is that I cannot connect to the internet when connected to either of the ports, however, the root VDOM connects to the internet just fine. I think it has something to do with my firewall rules but since I am adapting the example from the one listed in the FortiOS Handbook: Virtual Domains (Figure 201) I cannot be sure I am doing wrong. I would be grateful for any assistance or guidance with this! :) Thank you for reading!
6063
0 Kudos
6 REPLIES 6
Matthijs
New Contributor II

Created on ‎04-09-2013 01:21 AM

Have you created vdom links between the vdoms and policy' s in both vdom' s to allow the traffic? Don' t forget to route the ip' s you use from the management vdom to the tenet vdom and in the tenet vdom add a default route to the management vdom. check what happens in a traceroute to see where the traffic stops..
1797
0 Kudos
alpha202ej
New Contributor
In response to Matthijs

Created on ‎04-10-2013 10:13 AM

Thank you for the reply. I have setup the routing for the vdoms but it isn' t pinging properly. A thoughr had occurred to me that I may be missing a VLAN for my wan interface I can assign to the extra vdom. It could also be my firewall policies. Do I need to have NAT disabled for communication with the management vdom? Later today I will post a detailed configuration (screenshots of the settings) Thanks!
1797
0 Kudos
alpha202ej
New Contributor

Created on ‎04-11-2013 05:10 PM

Hello guys! I have gone ahead and taken screenshots of my UI and made a diagram of the lab I have setup. Presently I am unable to connect to the internet from TenetA. If any one could look at this configuration and see if there is anything wrong with it, please let me know. This is my diagram of my Management VDOM. All tenets utilize the same internet connection. I am using a FortiGate 50B so I must use VLANs to assign ports. Network Diagram Global Interfaces Root/Management VDOM Root Addresses Root Policies Root Static Route Root Route Monitor TenetA VDOM Root Addresses Root Policies Root Static Route Root Route Monitor Again, any help would be GREATLY appreciated!!!
Preview file
42 KB
1797
0 Kudos
alpha202ej
New Contributor

Created on ‎04-12-2013 01:07 PM

Hi guys, I just wanted to let you know that I got it figured out. It was all in the routing table and firewall polices. If anyone would like a more indepth, please let me know and I will post it. I am currently away from my notes at the moment. Thanks again!
1797
0 Kudos
tvidal
New Contributor
In response to alpha202ej

Created on ‎10-22-2013 08:21 AM

Hi, Any chance to give us an output of your solution ? I am facing the same problem... Many thanks Thomas
1797
0 Kudos
Seizuriffic
New Contributor

Created on ‎05-08-2013 05:20 PM

Please post your solution. I have been beating my head on the table for two days trying to figure out why my VDOMs can' t get out. Any and all help appreciated.
1797
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.