VDOMs (5.6.1)

VDOMs (5.6.1)

This section describes new VDOM features added to FortiOS 5.6.1.

Create a virtual switch that allows multiple VDOMs to use the same physical interface or

VLAN (436206)

This feature allows multiple VDOMs to access the same network or the Internet using the same physical interface rather than requiring each VDOM to have its own Internet-facing interface.

To create this configuration, consider a FortiGate with three VDOMs:

config vdom edit root

next edit vdom1

next edit vdom2

end

Create inter-VDOM links for vdom1 and vdom2. The inter-VDOM links should have their type set to ethernet.

config system vdom-link edit “vlnk1” set type ethernet

next edit “vlnk2” set type ethernet

end

These commands create the following four interfaces:

  • vlnk1 creates the interfaces vlnk10 and vlnk11 l vlnk2 creates the interfaces vlnk20 and vlnk21

Then create a virtual switch, add it to the root VDOM, and add the first interface created for each inter-VDOM link to it along with the physical interface or VLAN that the VDOMs will use to connect to the external network. In this example, the VDOMs will all connect to the Internet through the wan1 interface.

config system switch-interface edit “vs1” set vdom “root”

set member “wan1” “vlnk10” “vlnk20”

end

Then distribute the interfaces in the virtual switch to the respective VDOMs and configure the required IP settings. In this example:

  • wan1, vlnk10, and vlnk20 are added to the root VDOM l vlnk11 is added to vdom1 l vlnk21 is added to vdom2 l wan1, vlnk11 and vlnk21 are configured with IP addresses on the same subnet. The example uses internal IP addresses that may not be appropriate for your network.

config system interface edit “wan1”

VoIP/SIP

set vdom “root”

set ip 10.1.1.101 255.255.255.0

next edit “vlnk10” set vdom “root” set type vdom-link

next edit “vlnk20” set vdom “root” set type vdom-link

next edit “vlnk11” set vdom “vdom1”

set ip 10.1.1.102 255.255.255.0 set type vdom-link

next edit “vlnk21” set vdom “vdom2”

set ip 10.1.1.103 255.255.255.0 set type vdom-link

end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

3 thoughts on “VDOMs (5.6.1)

  1. On my FG100D, the CLI doesn’t show my wan1 (which is unpurposed and is in the root vdom) as an available interface to add to the software switch.

    • So it is completely unused and has no references anywhere in the Gate already? (policies, address objects, zones, etc)

      • AFAICT, yes, but there might have been something I missed. I did get my wan2 to show up after clearing out some configs it had on it from the factory default settings.
        However, I completely backed out of using this configuration as it won’t work within the context of a virtual cluster. I have 4 vdoms and am balancing 2 on each member of the HA-pair. When getting to the last part of the config, you can’t assign the right side of a vdom-link to a vdom that is not primarily assigned to that particular HA-member.

Leave a Reply

Name *
Email *
Website