Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
redy
New Contributor

1-ISP , multiple VDOMs on vlans

Hi All,

I have a problem to configure setup like in the topic. I have 1 ISP with pool of 64 IPs connected to port 1 (WAN), port 2 (LAN) is connected to trunk port on internal network switch

How to configure vdom to have access to internet and where to setup VIP to redirect to internal vdom lan?  I\m confused where to setup what ? I have setup  internal interfaces for VDOMS in Global vdom -->interfaces but how to add access to port 1 (WAN) to vdom_x, vdom_y, vdom_z? where to setup main external ip for each vdom? Cookbook have wired examples  2 ISP 2 Vdoms and uses 4 ports, I want to use only 2 ports for that because I will have 8 vdoms and there is not enough physical ports on FG300D but they say I can use VLANs for VDOMs and I agree with that it's reasonable :) but how to share 1 ISP port?

thanks 

Marek 

6 REPLIES 6
Alexis_G
Contributor II

To my understanding you have wan interface on root VDOM and some other VDOMS.

In order to dispatch internet traffic to other VDOMs the best way is to create VDOM links interfaces between

Root and VDOMx

Root and VDOMy

.....

also static routes between vdoms (Root and VDOMx, Root and VDOMy , .....)

AND then appropriate policy rules.

Concerning VIP: you create VIP on root VDOM and the real IP points the one you wish to redirect to. 

 

 

--------------------------------------------

If all else fails, use the force !

redy
New Contributor

This looks reasonable, but question where to create link and where add policy? Now it looks like all interfaces and rules should be in created in Global or ROOT vdom so what is the point to have vidoms ?

emnoc
Esteemed Contributor III

agreed, this is what cisco ASA has had for decades nows and shaed-media access.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

romanr
Valued Contributor

redy wrote:

This looks reasonable, but question where to create link and where add policy? Now it looks like all interfaces and rules should be in created in Global or ROOT vdom so what is the point to have vidoms ?

To be honest - I don't know why you would need VDOMS - The initial posting was a question how to set it up with VDOMS. VDOMs might only be necessary if you need like a multi-tenant setup or something comparable.

 

What are you actual requirements?

 

Br,

Roman

 

redy
New Contributor

I have a redundant ISP on one side and 8 customers on other side of firewall i want to replace 8 firewalls with one is it correct thinking?

romanr
Valued Contributor

redy wrote:

Hi All,

I have a problem to configure setup like in the topic. I have 1 ISP with pool of 64 IPs connected to port 1 (WAN), port 2 (LAN) is connected to trunk port on internal network switch

How to configure vdom to have access to internet and where to setup VIP to redirect to internal vdom lan?  I\m confused where to setup what ? I have setup  internal interfaces for VDOMS in Global vdom -->interfaces but how to add access to port 1 (WAN) to vdom_x, vdom_y, vdom_z? where to setup main external ip for each vdom? Cookbook have wired examples  2 ISP 2 Vdoms and uses 4 ports, I want to use only 2 ports for that because I will have 8 vdoms and there is not enough physical ports on FG300D but they say I can use VLANs for VDOMs and I agree with that it's reasonable :) but how to share 1 ISP port?

thanks 

Marek 

EMAC Interfaces is what you are going to need

 

https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-networking/Interfaces/Enhanced%20MAC...

 

Br,

Roman