Hot!1-ISP , multiple VDOMs on vlans

Author
redy
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/02/13 16:14:53
  • Status: offline
2020/02/13 16:45:48 (permalink)
0

1-ISP , multiple VDOMs on vlans

Hi All,
I have a problem to configure setup like in the topic. I have 1 ISP with pool of 64 IPs connected to port 1 (WAN), port 2 (LAN) is connected to trunk port on internal network switch
How to configure vdom to have access to internet and where to setup VIP to redirect to internal vdom lan?  I\m confused where to setup what ? I have setup  internal interfaces for VDOMS in Global vdom -->interfaces but how to add access to port 1 (WAN) to vdom_x, vdom_y, vdom_z? where to setup main external ip for each vdom? Cookbook have wired examples  2 ISP 2 Vdoms and uses 4 ports, I want to use only 2 ports for that because I will have 8 vdoms and there is not enough physical ports on FG300D but they say I can use VLANs for VDOMs and I agree with that it's reasonable :-) but how to share 1 ISP port?
thanks 
Marek 

Attached Image(s)

#1
jklapas
Silver Member
  • Total Posts : 75
  • Scores: 10
  • Reward points: 0
  • Joined: 2017/06/20 05:05:23
  • Status: offline
Re: 1-ISP , multiple VDOMs on vlans 2020/02/13 23:04:48 (permalink)
0
To my understanding you have wan interface on root VDOM and some other VDOMS.
In order to dispatch internet traffic to other VDOMs the best way is to create VDOM links interfaces between
Root and VDOMx
Root and VDOMy
.....
also static routes between vdoms (Root and VDOMx, Root and VDOMy , .....)
AND then appropriate policy rules.
Concerning VIP: you create VIP on root VDOM and the real IP points the one you wish to redirect to. 
 
 
#2
romanr
Platinum Member
  • Total Posts : 922
  • Scores: 32
  • Reward points: 0
  • Joined: 2004/06/08 08:29:56
  • Location: Vienna/Austria
  • Status: offline
Re: 1-ISP , multiple VDOMs on vlans 2020/02/13 23:53:52 (permalink)
0
redy
Hi All,
I have a problem to configure setup like in the topic. I have 1 ISP with pool of 64 IPs connected to port 1 (WAN), port 2 (LAN) is connected to trunk port on internal network switch
How to configure vdom to have access to internet and where to setup VIP to redirect to internal vdom lan?  I\m confused where to setup what ? I have setup  internal interfaces for VDOMS in Global vdom -->interfaces but how to add access to port 1 (WAN) to vdom_x, vdom_y, vdom_z? where to setup main external ip for each vdom? Cookbook have wired examples  2 ISP 2 Vdoms and uses 4 ports, I want to use only 2 ports for that because I will have 8 vdoms and there is not enough physical ports on FG300D but they say I can use VLANs for VDOMs and I agree with that it's reasonable :-) but how to share 1 ISP port?
thanks 
Marek 




EMAC Interfaces is what you are going to need
 
https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-networking/Interfaces/Enhanced%20MAC%20VLANs.htm
 
Br,
Roman
#3
redy
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/02/13 16:14:53
  • Status: offline
Re: 1-ISP , multiple VDOMs on vlans 2020/02/14 02:27:21 (permalink)
0
This looks reasonable, but question where to create link and where add policy? Now it looks like all interfaces and rules should be in created in Global or ROOT vdom so what is the point to have vidoms ?
#4
emnoc
Expert Member
  • Total Posts : 5508
  • Scores: 355
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: 1-ISP , multiple VDOMs on vlans 2020/02/14 07:35:47 (permalink)
0
agreed, this is what cisco ASA has had for decades nows and shaed-media access.
 
Ken Felix

PCNSE 
NSE 
StrongSwan  
#5
romanr
Platinum Member
  • Total Posts : 922
  • Scores: 32
  • Reward points: 0
  • Joined: 2004/06/08 08:29:56
  • Location: Vienna/Austria
  • Status: offline
Re: 1-ISP , multiple VDOMs on vlans 2020/02/14 08:34:42 (permalink)
0
redy
This looks reasonable, but question where to create link and where add policy? Now it looks like all interfaces and rules should be in created in Global or ROOT vdom so what is the point to have vidoms ?




To be honest - I don't know why you would need VDOMS - The initial posting was a question how to set it up with VDOMS. VDOMs might only be necessary if you need like a multi-tenant setup or something comparable.
 
What are you actual requirements?
 
Br,
Roman
 
#6
redy
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/02/13 16:14:53
  • Status: offline
Re: 1-ISP , multiple VDOMs on vlans 2020/02/15 12:34:55 (permalink)
0
I have a redundant ISP on one side and 8 customers on other side of firewall i want to replace 8 firewalls with one is it correct thinking?
post edited by redy - 2020/02/15 13:22:07
#7
Jump to:
© 2020 APG vNext Commercial Version 5.5