Hi i am trying to learn fortiOS.i am familiar with many firewalls but trying to understand fortigate now and i hope you fortigate experts help me during my trip to learn fortiOS .
so let me explain you what i m trying to do ;
i created 3 vdom on fortigate ,
vdom fortiswitch-->port 15-16-17-18 in transparent mode.
i created this one for uplinking my lab site to my office network.
vdom fortiwlan-->port 20 , route mode
vdom root-->other ports , route mode
first i successfully accessed my 10.1.2.0/24 network to internet from palo alto to fortinet .
than i configured the ipsec vpn and saw that the tunnel is up.and i tried to make my lab pc behind the palo alto use tunnel for all it is internet access but i could not figured out how to make source nat on fortigate which must be the source interface ?
and the next issue was about wireless network,i conencted to ssid and get the ip address from 172.16.3.0/24 network but can not access to internet,i ask my self how to route wireless network to another vdom and find out that there is something named vlink and i configured it but still there is no internet for wireless network.i used the debug flow command and if am not wrong there is also the same issue for wireless network i can not make source nat on fortigate using 192.168.21.21 ip address.
if you forget about ipsec and wireless network and just use one vdom there is no problem the user behind palo alto send the packet to fortigate and fortigate nat it to 192.168.21.21 and see the google.
so what is my mistake ? can i divide fortigate multi vdoms and use it as an explicit proxy,wireless controller , routed firewall , tap device and also a small switch , not all this feature at the same time but at least 3 of them :) how can i do this?
any help will be appreciated .
thanks.
by the way if it is important , i connected port 1(vdom-root ) to port 16(vdom-switch)
thougt that this make no harm , becouse different vdoms and different modes.
