This section describes new VDOM features added to FortiOS 5.6.1.
Create a virtual switch that allows multiple VDOMs to use the same physical interface or
This feature allows multiple VDOMs to access the same network or the Internet using the same physical interface rather than requiring each VDOM to have its own Internet-facing interface.
To create this configuration, consider a FortiGate with three VDOMs:
config vdom edit root
next edit vdom1
next edit vdom2
Create inter-VDOM links for vdom1 and vdom2. The inter-VDOM links should have their type set to ethernet.
config system vdom-link edit “vlnk1” set type ethernet
next edit “vlnk2” set type ethernet
These commands create the following four interfaces:
- vlnk1 creates the interfaces vlnk10 and vlnk11 l vlnk2 creates the interfaces vlnk20 and vlnk21
Then create a virtual switch, add it to the root VDOM, and add the first interface created for each inter-VDOM link to it along with the physical interface or VLAN that the VDOMs will use to connect to the external network. In this example, the VDOMs will all connect to the Internet through the wan1 interface.
config system switch-interface edit “vs1” set vdom “root”
set member “wan1” “vlnk10” “vlnk20”
Then distribute the interfaces in the virtual switch to the respective VDOMs and configure the required IP settings. In this example:
- wan1, vlnk10, and vlnk20 are added to the root VDOM l vlnk11 is added to vdom1 l vlnk21 is added to vdom2 l wan1, vlnk11 and vlnk21 are configured with IP addresses on the same subnet. The example uses internal IP addresses that may not be appropriate for your network.
config system interface edit “wan1”
set vdom “root”
set ip 10.1.1.101 255.255.255.0
next edit “vlnk10” set vdom “root” set type vdom-link
next edit “vlnk20” set vdom “root” set type vdom-link
next edit “vlnk11” set vdom “vdom1”
set ip 10.1.1.102 255.255.255.0 set type vdom-link
next edit “vlnk21” set vdom “vdom2”
set ip 10.1.1.103 255.255.255.0 set type vdom-link
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!