Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Where to put firewall policies when using VDOMs

In general when using VDOMs in a Fortigate device, where do you put the firewall policy. If using a management VDOM configuration as in the Fortigate VLAN' s and VDOM' s guide. It looks like the firewall policy could go in the root VDOM , local VDOM or in the inter-VDOM link. In addition, if you wanted to utilize multiple local VDOM' s as in the diagram it appears that you would want to allow the root VDOM to allow pretty much anything since it will need to allow traffic for all local VDOM' s. Does anyone have any ideas on this ? Thanks,
Not applicable

Hello Jon, As each VDOM will have it' s own interfaces and could be seen as an " individual" firewall, the firewall policies can be configured in each VDOM/Interafce depending on your traffic flow requirement. They can be applied to any interface (physical, VLAN, inter-VDOM links...). The VDOMs can be completely independent, or have traffic between each other, depending on the network design. One requirement in VDOM mode is that there must be one management VDOM (but not necessarily the root VDOM) that needs a link/route to the internet for accessing the FortiGuard services (if applicable), Fortigate' s DNS requests, syslog.... Hope this will help. -J.

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors