Virtual Domains (VDOMS) – FortiOS 5.2 Best Practices
Virtual Domains (VDOMs)
VDOMs can provide separate firewall policies and, in NAT/Route mode, completely separate configurations for routing and VPN services for each connected network or organization. This section provides a list of best practices for configuring VDOMs.
Per-VDOM resource settings
While Global resources apply to resources shared by the whole FortiGate unit, per-VDOM resources are specific to only one Virtual Domain.
By default all the per-VDOM resource settings are set to no limits. This means that any single VDOM can use up all the resources of the entire FortiGate unit if it needs to do so. This would starve the other VDOMs for resources to the point where they would be unable to function. For this reason, it is recommended that you set some maximums on resources that are most vital to your customers.
Virtual domains in NAT/Route mode
Once you have enabled virtual domains and created one or more VDOMs, you need to configure them. It is recommended that you perform the following tasks in the order given (while you may not require all for your network topology):
1. Change the management virtual domain.
2. Configure FortiGate interfaces in a NAT/Route VDOM.
3. Configure VDOM routing.
4. Configure security policies for NAT/Route VDOMs.
5. Configure UTM profiles for NAT/Route VDOMs.
6. Test the configuration.
If you decide to disable override for clurstering, as a result of persistent renegotiating, you should disable it for both cluster units.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
Leave a Reply