What is vdom link

Yas · ‎10-31-2014

Hello,

What is vdom link ??

Best regard's

Paul_Dean · ‎10-31-2014

Hello Yas.

VDOM links are a way of connecting VDOMs (virtual firewalls) within a FortiGate without the need to use external physical ports.

You can connect NAT/routed and Transparent VDOMs together or NAT/routed to NAT/routed VDOMs but not Transparent to Transparent VDOMs.

You can find more information in the VDOMs guide which you can find here: http://docs.fortinet.com/...gate-virtual-domains-4

NSE4

norouzi · ‎10-31-2014

Exactly.

Instead of connecting two VDOM together you can connect them virtually.

So it's very faster than physical interfaces and also your physical interfaces are free for other uses.

Still you have to create policies for any traffic.

emnoc · ‎10-31-2014

Vdom and vdom interlinks can come into play and very helpful in some cases.

http://socpuppet.blogspot.com/2014/09/a-stacked-vdom-concept-with-fortigate.html

http://socpuppet.blogspot.com/2014/09/a-meshed-vdom-transparent-using-inter.html

To harp on the other post, I've created two blogs speaking of stack/meshed vdoms using vdom links. I hope this helps.

PCNSE

NSE

StrongSwan

Yas · ‎11-05-2014

Hi,

thank you very much for reply, i understand now the purpose of vlink but i want to no if is it possible to pass snmp flow for exemple vdom internet to vdom root in order to monitor all equipement.

I have ipsecvpn mount on vdom internet, and i want to reach vdom root in order to monitor fortigate master/slave and fortianylser. The issue are by defaut the vlan management are on vdom root so how can i do ???

Best regard's and sorry i didn't have big experience in this technology

emnoc · ‎11-05-2014

Not 100% following you, but I 'll clue you in ; "if the VDOM in question has the allowaccess "snmp" function and the interface is L3 addressable, than I would think you can enable snmp on the interface and in that vdom and monitor the fortigate."

Give it a try, you have nothing to loose

PCNSE

NSE

StrongSwan

Yas · ‎11-07-2014

Hello emnoc,

Maybe it's my fault, i'm not clear actually we have ipsecvpn mount on vdom internet and i want to monitor some machine on vdom ROOT the issue is vlan management are by default on vdom ROOT.

Best regard's,

emnoc · ‎11-07-2014

Okay so you have a multi-vdom with "internet-vdom" terminating the VPN. You want to monitor/manager machines in another vdom? Right ?

if yes this is as simple as providing routing over the internet-vdom & a vdom-link and applying the correct fwpolicies. I don't see this as being a showstopper.

Just following my design with stack( meshed vdom ) and it should be clear. A vdom is a compartmentalize virtual firewall within the same hardware skin. routing and fwpolicies and of course the VPN allowing that traffic.

PCNSE

NSE

StrongSwan

Yas · ‎11-20-2014

Hello emnoc,

Sorry i don't understand very well have you a exemple ? this is how the cluster fw are configured, it's cluster fortinet 1000 with vdom internet & vdom root,"internet-vdom" terminating the VPN On vdom internet : vip fw-cluster-1 / mgmt1 192.168.0.2 mgmt2 192.168.0.4 wan1 68.55.0.3 vip fw-cluster-1 / mgmt1 192.168.0.2 mgmt2 192.168.0.4 wan1 68.55.0.3 vip fw-cluster-2 / mgmt1 192.168.0.3 mgmt2 192.168.0.4 wan1 68.55.0.3 On vdom ROOT :

vip fw-cluster-1 / mgmt1 192.168.0.2

wan2 10.20.30.1 vip fw-cluster-1 / mgmt1 192.168.0.2 wan2 10.20.30.1 vip fw-cluster-2 / mgmt1 192.168.0.3 wan2 10.20.30.1

The vdom management by default are on vdom ROOT here 192.168.0.0/24, how i can reach and monitor equipment on vdom ROOT through vdom internet where we have the ipsecvpn mount on it.

Best regard's

Yas · ‎11-20-2014

sorry the ipsecvpn are mount on wan1 68.55.0.3