Tag Archives: fortinet Chapter 27 – Virtual Domains

Chapter 27 – Virtual Domains

Chapter 27 – Virtual Domains

  • Virtual Domains in NAT/Route mode on page 2602detailed explanations and examples for configuring VDOM features for a FortiGate in NAT/Route mode.
  • Virtual Domains in Transparent mode on page 2621detailed explanations and examples for configuring VDOM features for a FortiGate in Transparent mode.
  • Inter-VDOM routing on page 2638: concepts and scenarios for inter-VDOM routing.
  • Troubleshooting Virtual Domains on page 2671diagnostic and troubleshooting information for some potential VDOM issues.

 

Before you begin using this guide, take a moment to note the following:

  • By default, most FortiGate units support 10 VDOMs. Many FortiGate models support purchasing a license key to increase the maximum number
  • This guide uses a FortiGate unit with interfaces named port1 through port4 for examples and procedures. The interface names on some models will vary. Where possible aliases for these ports are indicated to show their intended purpose and to help you determine which ports to use if your ports are labelled differently.
  • Administrators are assumed to be super_admin administrators unless otherwise specified. Some restrictions will apply to other administrators.

 

Virtual Domains Overview

Virtual domains (VDOMs) are a method of dividing a FortiGate unit into two or more virtual units that function as multiple independent units. VDOMs can provide separate firewall policies and, in NAT/Route mode, completely separate configurations for routing and VPN services for each connected network or organization.

This chapter will cover the basics of VDOMs, how they change your FortiGate unit, and how to work with VDOMs. VDOMs let you split your physical FortiGate unit into multiple virtual units. The resulting benefits range from limiting Transparent mode ports to simplified administration, to reduced space and power requirements.

When VDOMs are disabled on any FortiGate unit, there is still one VDOM active: the root VDOM. It is always there in the background. When VDOMs are disabled, the root VDOM is not visible but it is still there.

The root VDOM must be there because the FortiGate unit needs a management VDOM for management traffic among other things. It is also why when you enable VDOMs, all your configuration is preserved in the root VDOM- because that is where you originally configured it.

 

This section includes:

  • Benefits of Virtual Domains
  • Enabling and accessing Virtual Domains
  • Configuring Virtual Domains