Hello,
I'm trying to dedicate one wan link to a server in my infrastructure.
I'm using a cluster of 601F, 3 Vdoms (Root, Internal, housing). The wan i want to use for my server is already NATed (ISP router cannot be set in bridge mode....) So i created the wan interface, using a private IP (192.168.10.10/24) on one VLAN interface of my root Vdom. Firewall is able to ping the ISP router
But then i can't understand how i'm supposed to route traffic to/from my server through the 2 vdoms ...
Do i need to create a VIP on the root vdom, pointing to the IP address of the internal Vdom on the Vlnk and then another VIP on the internal Vdom pointing to the server ?
Is there any other solutions ?
Thank you
Matthieu
Solved! Go to Solution.
Hi @AGS-1 ,
You may use one VIP only, either in root VDOM or another VDOM, up to you. Then use the regular route control and firewall policy control for the rest.
Think of each VDOM as a standalone physical Fortigates connected to each other with Inter-VDOM links and do policies/routing accordingly. You can create a single VIP on WAN interface in root VDOM pointing to IP address of the server in the another VDOM, then add route in root VDOM for this IP towards Iner-VDOM link between root VDOM and VDOM containing the server, then do policy allowing the needed traffic as well. Not exactly the same but close example https://docs.fortinet.com/document/fortigate/7.6.1/administration-guide/335646/inter-vdom-routing-co...
Hi @AGS-1 ,
You may use one VIP only, either in root VDOM or another VDOM, up to you. Then use the regular route control and firewall policy control for the rest.
Thank you both for your inputs.
I did use 1 VIP on the root VDOM and policy routing magic. It's working.
Thanks !
User | Count |
---|---|
1895 | |
1141 | |
769 | |
447 | |
277 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.