Hello,
We have a 200D FortiGate (well, two in HA mode) with multiple client VDOMs in NAT mode, each with their own VLAN (multiple servers, SANs, typical data center stuff). Rather than allocating two ports for each VDOM (LAN/WAN), we decided to use unnumbered VDOM routes between each VDOM and the management VDOM, root, so as to only use one port (LAN) per VDOM instance. This works great.
What we need next is twofold:
[ol]So, is there a way 1 and/or 2 this can be accomplished without using independent WAN ports for each VDOM?
As always, thank you in advance for any assistance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Did you found a solution for this?
Currently i'm having the exact same problem.
MBR
- MBR -
NSE1, NSE2, NSE3
FGT60D/E, FWF60D/E, FGT200D
What yo are doing is a meshed vodka approach.
http://socpuppet.blogspot.com/2014/09/a-stacked-vdom-concept-with-fortigate.html
You have a few choices, you can run DNAT VIP on the internet facing vodka to the respective fortigate inside vdom ( 1 2 3 )
or
Assign public ipv4 to the inside vdom1 2 3 and route these thru the internet facing vdom
or
Are the inside vdom "responders" or "initiators"? if it's the latter you could just SNAT the traffic { ipsec/ike } from the vdom to the remote location(S). if your worried about al ipsec coming from the same src-ip, use a peer-id to distinguish each tunnel.
PCNSE
NSE
StrongSwan
thanks emnoc.
I'm trying a configuration with a public ip on the "inner" vdom link interface and also on a loopback interface inside the vdom.
Got the vpn up but i'm still checking the traffic flows which doesn't seem to work properly but this couldl be caused by a particular soho router on the other side.. will try with a fortigate - fortigate configuration.
- MBR -
NSE1, NSE2, NSE3
FGT60D/E, FWF60D/E, FGT200D
Hi! Have you found how to achive an IPsec VPN directly to your VDOM? Regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.