VDOM configuration

来源 https://cookbook.fortinet.com/vdom-configuration/

 

This example illustrates how to use VDOMs to host two FortiOS instances on a single FortiGate unit.

Virtual Domains (VDOMs) can be used to divide a single FortiGate unit into two or more virtual instances of FortiOS that function as independent FortiGate units. This example simulates an ISP that provides Company A and Company B with distinct Internet services. Each company has its own VDOMIP address, and internal network.

 Watch the video

Find this recipe for other FortiOS versions:
5.2 | 5.4 | 6.0

1. Switching to VDOM mode and creating two VDOMs

Go to System > Dashboard > Status.

In the System Information widget, find Virtual Domain and select Enable.

You will be required to re-login after enabling Virtual Domain due to the GUI menu options changing.

Certain FortiGate models will not show the Virtual Domain option in the System Information widget. In order to enable Virtual Domains for these models, the following CLIcommand is required:

config system global

 set vdom-admin enable

 end

Enter y when you are asked if you want to continue. You will be required to re-login after enabling Virtual Domain due to the GUI menu options changing.

  

Go to Global > VDOM > VDOM.

Create two VDOMS: VDOM-A and VDOM-B. Leave both VDOMs as Enabled, with Operation Mode set to NAT.

Note: In version 5.2.3, no choice to enable the VDOMS will be available, as they will be automatically enabled.

2. Assigning interfaces to each VDOM

Go to Global > Network > Interfaces.

Edit internal1 and add it to VDOM-A. Set Addressing Mode to Manualand assign an IP/Network Mask to the interface (in the example, 192.168.91.1/255.255.255.0).

  
Edit internal2 and add it to VDOM-A. Set Addressing Mode to Manual, assign an IP/Network Mask to the interface (in the example, 192.168.92.1/255.255.255.0), and set Administrative Access to HTTPSPING, and SSH. Enable DHCP Server.  
Edit internal3 and add it to VDOM-B. Set Addressing Mode to Manualand assign an IP/Network Mask to the interface (in the example, 192.168.93.1/255.255.255.0).  
Edit internal4 and add it to VDOM-B. Set Addressing Mode to Manual, assign an IP/Network Mask to the interface (in the example, 192.168.94.1/255.255.255.0), and set Administrative Access to HTTPS, PING, and SSH. Enable DHCP Server.  

3. Creating administrators for each VDOM

Go to Global > Admin > Administrators.

Create an administrator for VDOM-A, called a-admin. Set Type to Regular, enter and confirm a password, set Administrator Profile to prof_admin, and set Virtual Domain to VDOM-A.

Make sure to remove the root VDOM from the Virtual Domainlist.

  

Create an administrator for VDOM-B, called b-admin. Set Type to Regular, enter and confirm a password, set Administrator Profile to prof_admin, and set Virtual Domain to VDOM-B.

Make sure to remove the root VDOM from the Virtual Domainlist.

4. Creating a basic configuration for VDOM-A

Go to Virtual Domains > VDOM-A > System > Network > Routing, to access Static Routes options. (Note: In FortiOS 5.2.4 and up the path is Virtual Domains > VDOM-A > Router > Static > Static Routes.)

Click Create New to create a default route for the VDOM. Set Destination IP/Mask to 0.0.0.0/0.0.0.0, set Device to internal1, and set Gateway to the IP of the gateway router.

  

Connect a PC to port 2. Using HTTPS protocol, browse to the IP set for internal2 and log into VDOM-A using the a-admin account (in the example, https://192.168.92.1).

Go to Policy & Objects > Policy > IPv4.

Create a policy to allow Internet access. Set Incoming Interface to internal2 and Outgoing Interfaceto internal1. Ensure NAT is turned ON.

Set Source Address to all, Destination Address to all, and Service to ALL.

5. Creating a basic configuration for VDOM-B

Go to Virtual Domains > VDOM-B > System > Network > Routing, to access Static Routes options.(Note: In FortiOS 5.2.4 and up the path is Virtual Domains > VDOM-B > Router > Static > Static Routes.)

Click Create New to create a default route for the VDOM. Set Destination IP/Mask to 0.0.0.0/0.0.0.0, set Device to internal3, and set Gateway to the IP of the gateway router.

  

Connect a PC to port 4. Using HTTPS protocol, browse to the IP set for internal4 and log into VDOM-B using the b-admin account (in the example, https://192.168.94.1).

Go to Policy & Objects > Policy > IPv4.

Create a policy to allow Internet access. Set Incoming Interface to internal4 and Outgoing Interfaceto internal3. Ensure NAT is turned ON.

Set Source Address to all, Destination Address to all, and Service to ALL.

6. Connecting the gateway router
Connect port 1 and port 3 of the FortiGate unit to the gateway router to allow Internet traffic to flow.  

7. Results

Connect to the Internet from the Company A and Company B networks and then log into the FortiGate unit.

Go to Virtual Domains and select VDOM-A.

Go to Policy & Objects > Monitor > Policy Monitor to view the sessions being processed on VDOM-A.

  

Go to Virtual Domains and select VDOM-B.

Go to Policy & Objects > Monitor > Policy Monitor to view the sessions being processed on VDOM-B.

[download-attachments]

For further reading, check out Virtual Domainsin the FortiOS 5.2 Handbook.

==================== End

VDOM configuration的更多相关文章

  1. PhpStorm和WAMP配置调试参数,问题描述Error. Interpreter is not specified or invalid. Press “Fix” to edit your project configuration.

    PhpStorm和WAMP配置调试参数 问题描述: Error. Interpreter is not specified or invalid. Press “Fix” to edit your p ...

  2. Apache2.4:AH01630 client denied by server configuration

    问题说明:Apache服务总共有4个,是为了防止单点故障和负载均衡,负载均衡控制由局方的F5提供. 访问的内容在NAS存储上,现象是直接访问每个apache的服务内容都是没有问题,但是从负载地址过来的 ...

  3. Fedora 22中的Locale and Keyboard Configuration

    Introduction The system locale specifies the language settings of system services and user interface ...

  4. ABP源码分析四:Configuration

    核心模块的配置 Configuration是ABP中设计比较巧妙的地方.其通过AbpStartupConfiguration,Castle的依赖注入,Dictionary对象和扩展方法很巧妙的实现了配 ...

  5. External Configuration Store Pattern 外部配置存储模式

    Move configuration information out of the application deployment package to a centralized location. ...

  6. SCVMM中Clone虚拟机失败显示Unsupported Cluster Configuration状态

    在SCVMM进行虚拟机的Clone,虽然失败了,但是Clone出虚拟机却显示在SCVMM控制台的虚拟机的列表中,并且状态是Unsupported Cluster Configuration.无法修复, ...

  7. commons configuration管理项目的配置文件

    Commons Confifutation commons configuration可以很方便的访问配置文件和xml文件中的的内容.Commons Configuration 是为了提供对属性文件. ...

  8. Elasticsearch Configuration 中文版

    ##################### Elasticsearch Configuration Example ##################### # This file contains ...

  9. Spark 官方文档(4)——Configuration配置

    Spark可以通过三种方式配置系统: 通过SparkConf对象, 或者Java系统属性配置Spark的应用参数 通过每个节点上的conf/spark-env.sh脚本为每台机器配置环境变量 通过lo ...

随机推荐

  1. mysql面试常见题目2

    Sutdent表的定义 字段名 字段描述 数据类型 主键 外键 非空 唯一 自增 Id 学号 INT(10) 是 否 是 是 是 sName 姓名 VARCHAR(20) 否 否 是 否 否 Sex ...

  2. 高级PHP工程师所应该具备的专业素养

    初次接触PHP,就为他的美所折服,于是一发不可收拾. 很多面试,很多人员能力要求都有“PHP高级工程师的字眼”,如果您真心喜欢PHP,并且您刚起步,那么我简单说说一个PHP高级工程师所应该具备的,希望 ...

  3. Python实现学生系统

    # 4. 修改之前的学生信息管理程序,实现添加菜单和选择菜单操作功能: # 菜单: # +-----------------------------+ # | 1) 添加学生信息 | # | 2) 查 ...

  4. 15 Puzzle (4乘4谜题) IDA*(DFS策略与曼哈顿距离启发) 的C语言实现

    大家好!这是我的第一篇博客,由于之前没有撰写博客的经验,并且也是初入计算机和人工智能领域,可能有些表述或者理解不当,还请大家多多指教. 一.撰写目的 由于这个学期在上算法与数据结构课程的时候,其中一个 ...

  5. 剑指 Offer——连续子数组的最大和

    1. 题目 2. 解答 初始化 sum=0,然后遍历数组进行累加.如果 sum 变为负数,也就说再继续累加的话贡献为负,我们需要更新 sum=0,重新开始累加. 初始化 max_sum 为数组的第一个 ...

  6. fetch上传文件

    通过简单的配置,实现form表单文件上传 var formData = new FormData(); var fileField = document.querySelector("inp ...

  7. JAVA第一次实验 ——实验楼

    北京电子科技学院(BESTI) 实     验    报     告 课程:Java程序设计 班级:1352  姓名:潘俊洋  学号:20135230 成绩:             指导教师:娄嘉鹏 ...

  8. 2017-2018-1 Java演绎法 第九、十周 作业

    团队成员 [20162315 马军] [20162316 刘诚昊] [20162317 袁逸灏(组长)] [20162319 莫礼钟] [20162320 刘先润] [20162330 刘伟康] 项目 ...

  9. android随机运算器开发小结1

    想到第一天自己写了一个简单的四则运算程序的情景:我便想起了引起我们不断迭代开发的程序背景是:二柱子接受老师安排的给孩子出题的任务,每次需要给孩子设置出题任务,生成相应的小学运算题目,所以我们面对的需求 ...

  10. CS小分队第二阶段冲刺站立会议(6月2日)

    昨日成果:攻克了按钮移动的问题: 遇到问题:一开始按钮移动时候,非常慢,因为是根绝相对位移差来移动,延时很严重,后来改用用鼠标的位置作为按钮的移动位置,效果明显. 按钮的mousedown事件和mou ...