Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mnz160889
New Contributor

VRF access to Internet

Hi

 

If you have different LAN sub-interfaces in different VRF's but the same VDOM, what is the best way to provide internet access to them?

 

So port 1 is a trunk with multiple VLANs assigned to VRF's

Port 2 is connected to the ISP router which is in the main VRF 0

 

On some other vendors you can configure a default route within the VRF pointing to the main one, but I don't see that as an option here

 

Can anyone advise please?

 

Thanks

 

2 REPLIES 2
Anonymous
Not applicable

Hello @Mnz160889  , 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

   Fortinet Community Team 

GDiFi
Staff
Staff

You would need to setup a vdom-link (even if you are not using vdoms).  For the vdom link you can create vlan sub-interfaces and assign them to the correct VRF.  This document has an overview of how it works:

 

https://docs.fortinet.com/document/fortigate/6.4.5/administration-guide/342655/route-leaking-between...

 

You will probably want to allow over-lapping subnets so the vdom links can be in the same subnet similar to this:

 

 By default, it will not be allowed.
 
# config system setting
set allow-subnet-overlap enable
 
# config system interface
    edit "npu0_vlink0"
        set vdom "root"
        set vrf 10
        set ip 172.16.201.1 255.255.255.0
        set allowaccess ping https ssh snmp http
    next
    edit "npu0_vlink1"
        set vdom "root"
        set vrf 20
        set ip 172.16.201.2 255.255.255.0
        set allowaccess ping https ssh snmp http telnet
    next
end

In the end you would have a static route in each VRF that points to a vdom link that is tied into VRF 0 and then the necessary policies to allow the traffic from the vdom link out the WAN connection you have.

 

Hope this helps.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors