VDOM configuration

来源 https://cookbook.fortinet.com/vdom-configuration/

 

This example illustrates how to use VDOMs to host two FortiOS instances on a single FortiGate unit.

Virtual Domains (VDOMs) can be used to divide a single FortiGate unit into two or more virtual instances of FortiOS that function as independent FortiGate units. This example simulates an ISP that provides Company A and Company B with distinct Internet services. Each company has its own VDOMIP address, and internal network.

 Watch the video

Find this recipe for other FortiOS versions:
5.2 | 5.4 | 6.0

1. Switching to VDOM mode and creating two VDOMs

Go to System > Dashboard > Status.

In the System Information widget, find Virtual Domain and select Enable.

You will be required to re-login after enabling Virtual Domain due to the GUI menu options changing.

Certain FortiGate models will not show the Virtual Domain option in the System Information widget. In order to enable Virtual Domains for these models, the following CLIcommand is required:

config system global

 set vdom-admin enable

 end

Enter y when you are asked if you want to continue. You will be required to re-login after enabling Virtual Domain due to the GUI menu options changing.

  

Go to Global > VDOM > VDOM.

Create two VDOMS: VDOM-A and VDOM-B. Leave both VDOMs as Enabled, with Operation Mode set to NAT.

Note: In version 5.2.3, no choice to enable the VDOMS will be available, as they will be automatically enabled.

2. Assigning interfaces to each VDOM

Go to Global > Network > Interfaces.

Edit internal1 and add it to VDOM-A. Set Addressing Mode to Manualand assign an IP/Network Mask to the interface (in the example, 192.168.91.1/255.255.255.0).

  
Edit internal2 and add it to VDOM-A. Set Addressing Mode to Manual, assign an IP/Network Mask to the interface (in the example, 192.168.92.1/255.255.255.0), and set Administrative Access to HTTPSPING, and SSH. Enable DHCP Server.  
Edit internal3 and add it to VDOM-B. Set Addressing Mode to Manualand assign an IP/Network Mask to the interface (in the example, 192.168.93.1/255.255.255.0).  
Edit internal4 and add it to VDOM-B. Set Addressing Mode to Manual, assign an IP/Network Mask to the interface (in the example, 192.168.94.1/255.255.255.0), and set Administrative Access to HTTPS, PING, and SSH. Enable DHCP Server.  

3. Creating administrators for each VDOM

Go to Global > Admin > Administrators.

Create an administrator for VDOM-A, called a-admin. Set Type to Regular, enter and confirm a password, set Administrator Profile to prof_admin, and set Virtual Domain to VDOM-A.

Make sure to remove the root VDOM from the Virtual Domainlist.

  

Create an administrator for VDOM-B, called b-admin. Set Type to Regular, enter and confirm a password, set Administrator Profile to prof_admin, and set Virtual Domain to VDOM-B.

Make sure to remove the root VDOM from the Virtual Domainlist.

4. Creating a basic configuration for VDOM-A

Go to Virtual Domains > VDOM-A > System > Network > Routing, to access Static Routes options. (Note: In FortiOS 5.2.4 and up the path is Virtual Domains > VDOM-A > Router > Static > Static Routes.)

Click Create New to create a default route for the VDOM. Set Destination IP/Mask to 0.0.0.0/0.0.0.0, set Device to internal1, and set Gateway to the IP of the gateway router.

  

Connect a PC to port 2. Using HTTPS protocol, browse to the IP set for internal2 and log into VDOM-A using the a-admin account (in the example, https://192.168.92.1).

Go to Policy & Objects > Policy > IPv4.

Create a policy to allow Internet access. Set Incoming Interface to internal2 and Outgoing Interfaceto internal1. Ensure NAT is turned ON.

Set Source Address to all, Destination Address to all, and Service to ALL.

5. Creating a basic configuration for VDOM-B

Go to Virtual Domains > VDOM-B > System > Network > Routing, to access Static Routes options.(Note: In FortiOS 5.2.4 and up the path is Virtual Domains > VDOM-B > Router > Static > Static Routes.)

Click Create New to create a default route for the VDOM. Set Destination IP/Mask to 0.0.0.0/0.0.0.0, set Device to internal3, and set Gateway to the IP of the gateway router.

  

Connect a PC to port 4. Using HTTPS protocol, browse to the IP set for internal4 and log into VDOM-B using the b-admin account (in the example, https://192.168.94.1).

Go to Policy & Objects > Policy > IPv4.

Create a policy to allow Internet access. Set Incoming Interface to internal4 and Outgoing Interfaceto internal3. Ensure NAT is turned ON.

Set Source Address to all, Destination Address to all, and Service to ALL.

6. Connecting the gateway router
Connect port 1 and port 3 of the FortiGate unit to the gateway router to allow Internet traffic to flow.  

7. Results

Connect to the Internet from the Company A and Company B networks and then log into the FortiGate unit.

Go to Virtual Domains and select VDOM-A.

Go to Policy & Objects > Monitor > Policy Monitor to view the sessions being processed on VDOM-A.

  

Go to Virtual Domains and select VDOM-B.

Go to Policy & Objects > Monitor > Policy Monitor to view the sessions being processed on VDOM-B.

[download-attachments]

For further reading, check out Virtual Domainsin the FortiOS 5.2 Handbook.

==================== End

VDOM configuration的更多相关文章

  1. PhpStorm和WAMP配置调试参数,问题描述Error. Interpreter is not specified or invalid. Press “Fix” to edit your project configuration.

    PhpStorm和WAMP配置调试参数 问题描述: Error. Interpreter is not specified or invalid. Press “Fix” to edit your p ...

  2. Apache2.4:AH01630 client denied by server configuration

    问题说明:Apache服务总共有4个,是为了防止单点故障和负载均衡,负载均衡控制由局方的F5提供. 访问的内容在NAS存储上,现象是直接访问每个apache的服务内容都是没有问题,但是从负载地址过来的 ...

  3. Fedora 22中的Locale and Keyboard Configuration

    Introduction The system locale specifies the language settings of system services and user interface ...

  4. ABP源码分析四:Configuration

    核心模块的配置 Configuration是ABP中设计比较巧妙的地方.其通过AbpStartupConfiguration,Castle的依赖注入,Dictionary对象和扩展方法很巧妙的实现了配 ...

  5. External Configuration Store Pattern 外部配置存储模式

    Move configuration information out of the application deployment package to a centralized location. ...

  6. SCVMM中Clone虚拟机失败显示Unsupported Cluster Configuration状态

    在SCVMM进行虚拟机的Clone,虽然失败了,但是Clone出虚拟机却显示在SCVMM控制台的虚拟机的列表中,并且状态是Unsupported Cluster Configuration.无法修复, ...

  7. commons configuration管理项目的配置文件

    Commons Confifutation commons configuration可以很方便的访问配置文件和xml文件中的的内容.Commons Configuration 是为了提供对属性文件. ...

  8. Elasticsearch Configuration 中文版

    ##################### Elasticsearch Configuration Example ##################### # This file contains ...

  9. Spark 官方文档(4)——Configuration配置

    Spark可以通过三种方式配置系统: 通过SparkConf对象, 或者Java系统属性配置Spark的应用参数 通过每个节点上的conf/spark-env.sh脚本为每台机器配置环境变量 通过lo ...

随机推荐

  1. angularjs中audio/video 路径赋值问题

    之前解决这个问题都是通过js的attr赋值解决的,但是也一直不明白为什么audio直接在HTML中赋值报错.解决方法就是通过添加$sce过滤效果 app.filter("trustUrl&q ...

  2. Java中的Union Types和Intersection Types

    前言 Union Type和Intersection Type都是将多个类型结合起来的一个等价的"类型",它们并非是实际存在的类型. Union Type Union type(联 ...

  3. 【UGUI】 (三)------- 背包系统(上)之简易单页背包系统及检索功能的实现

    背包系统,无论是游戏还是应用,都是常常见到的功能,其作用及重要性不用我多说,玩过游戏的朋友都应该明白. 在Unity中实现一个简易的背包系统其实并不是太过复杂的事.本文要实现的是一个带检索功能的背包系 ...

  4. [Unity Shader] 坐标变换与法线变换及Unity5新增加的内置函数

    学习第六章Unity内置函数时,由于之前使用mul矩阵乘法时的顺序与书中不一致,导致使用内置函数时出现光照效果不一样,因此引出以下两个问题: 1 什么时候使用3x3矩阵,什么时候使用4x4矩阵? 2 ...

  5. 如何获取c:forEach里面点击时候的值

    1.c:forEach遍历输出 <c:forEach items="${data}" var="item" > <a onclick=&quo ...

  6. "Hello World!"团队负责人领跑衫感言

    时间:2017年12月7日 团队名称:“Hello World!” 团队项目:空天猎 团队成员:陈建宇(项目负责人).刘淑霞.黄泽宇.方铭.贾男男.刘耀泽.刘成志 感言正文: 记<软件工程> ...

  7. bootstrap中的data-toggle模态框相关

    一,点击即打开1,点击按钮 <a href="javascript:void(0)" class="btn btn-primary" data-toggl ...

  8. OO第一阶段作业总结

    对于OO这门课,学长学姐偶尔提起,大家都略有耳闻,但是并没有将其和计组相提并论.因此,在刚开始接触的时候,并不认为其会比计组难到哪里去,然而事实证明,还是不要想当然去判断,以及不提前学好JAVA对于O ...

  9. 信息安全系统设计基础_exp1

    北京电子科技学院(BESTI) 实     验    报     告 课程:信息安全系统设计基础 班级:1353 姓名:吴子怡.郑伟 学号:20135313.20135322 指导教师: 娄嘉鹏 实验 ...

  10. YQCB冲刺第二周第一天

    今天的任务为实现查看消费明细的功能. 遇到的问题是按类别显示. 站立会议为: 任务面板为: