VDOM configuration

来源 https://cookbook.fortinet.com/vdom-configuration/

 

This example illustrates how to use VDOMs to host two FortiOS instances on a single FortiGate unit.

Virtual Domains (VDOMs) can be used to divide a single FortiGate unit into two or more virtual instances of FortiOS that function as independent FortiGate units. This example simulates an ISP that provides Company A and Company B with distinct Internet services. Each company has its own VDOMIP address, and internal network.

 Watch the video

Find this recipe for other FortiOS versions:
5.2 | 5.4 | 6.0

1. Switching to VDOM mode and creating two VDOMs

Go to System > Dashboard > Status.

In the System Information widget, find Virtual Domain and select Enable.

You will be required to re-login after enabling Virtual Domain due to the GUI menu options changing.

Certain FortiGate models will not show the Virtual Domain option in the System Information widget. In order to enable Virtual Domains for these models, the following CLIcommand is required:

config system global

 set vdom-admin enable

 end

Enter y when you are asked if you want to continue. You will be required to re-login after enabling Virtual Domain due to the GUI menu options changing.

  

Go to Global > VDOM > VDOM.

Create two VDOMS: VDOM-A and VDOM-B. Leave both VDOMs as Enabled, with Operation Mode set to NAT.

Note: In version 5.2.3, no choice to enable the VDOMS will be available, as they will be automatically enabled.

2. Assigning interfaces to each VDOM

Go to Global > Network > Interfaces.

Edit internal1 and add it to VDOM-A. Set Addressing Mode to Manualand assign an IP/Network Mask to the interface (in the example, 192.168.91.1/255.255.255.0).

  
Edit internal2 and add it to VDOM-A. Set Addressing Mode to Manual, assign an IP/Network Mask to the interface (in the example, 192.168.92.1/255.255.255.0), and set Administrative Access to HTTPSPING, and SSH. Enable DHCP Server.  
Edit internal3 and add it to VDOM-B. Set Addressing Mode to Manualand assign an IP/Network Mask to the interface (in the example, 192.168.93.1/255.255.255.0).  
Edit internal4 and add it to VDOM-B. Set Addressing Mode to Manual, assign an IP/Network Mask to the interface (in the example, 192.168.94.1/255.255.255.0), and set Administrative Access to HTTPS, PING, and SSH. Enable DHCP Server.  

3. Creating administrators for each VDOM

Go to Global > Admin > Administrators.

Create an administrator for VDOM-A, called a-admin. Set Type to Regular, enter and confirm a password, set Administrator Profile to prof_admin, and set Virtual Domain to VDOM-A.

Make sure to remove the root VDOM from the Virtual Domainlist.

  

Create an administrator for VDOM-B, called b-admin. Set Type to Regular, enter and confirm a password, set Administrator Profile to prof_admin, and set Virtual Domain to VDOM-B.

Make sure to remove the root VDOM from the Virtual Domainlist.

4. Creating a basic configuration for VDOM-A

Go to Virtual Domains > VDOM-A > System > Network > Routing, to access Static Routes options. (Note: In FortiOS 5.2.4 and up the path is Virtual Domains > VDOM-A > Router > Static > Static Routes.)

Click Create New to create a default route for the VDOM. Set Destination IP/Mask to 0.0.0.0/0.0.0.0, set Device to internal1, and set Gateway to the IP of the gateway router.

  

Connect a PC to port 2. Using HTTPS protocol, browse to the IP set for internal2 and log into VDOM-A using the a-admin account (in the example, https://192.168.92.1).

Go to Policy & Objects > Policy > IPv4.

Create a policy to allow Internet access. Set Incoming Interface to internal2 and Outgoing Interfaceto internal1. Ensure NAT is turned ON.

Set Source Address to all, Destination Address to all, and Service to ALL.

5. Creating a basic configuration for VDOM-B

Go to Virtual Domains > VDOM-B > System > Network > Routing, to access Static Routes options.(Note: In FortiOS 5.2.4 and up the path is Virtual Domains > VDOM-B > Router > Static > Static Routes.)

Click Create New to create a default route for the VDOM. Set Destination IP/Mask to 0.0.0.0/0.0.0.0, set Device to internal3, and set Gateway to the IP of the gateway router.

  

Connect a PC to port 4. Using HTTPS protocol, browse to the IP set for internal4 and log into VDOM-B using the b-admin account (in the example, https://192.168.94.1).

Go to Policy & Objects > Policy > IPv4.

Create a policy to allow Internet access. Set Incoming Interface to internal4 and Outgoing Interfaceto internal3. Ensure NAT is turned ON.

Set Source Address to all, Destination Address to all, and Service to ALL.

6. Connecting the gateway router
Connect port 1 and port 3 of the FortiGate unit to the gateway router to allow Internet traffic to flow.  

7. Results

Connect to the Internet from the Company A and Company B networks and then log into the FortiGate unit.

Go to Virtual Domains and select VDOM-A.

Go to Policy & Objects > Monitor > Policy Monitor to view the sessions being processed on VDOM-A.

  

Go to Virtual Domains and select VDOM-B.

Go to Policy & Objects > Monitor > Policy Monitor to view the sessions being processed on VDOM-B.

[download-attachments]

For further reading, check out Virtual Domainsin the FortiOS 5.2 Handbook.

==================== End

VDOM configuration的更多相关文章

  1. PhpStorm和WAMP配置调试参数,问题描述Error. Interpreter is not specified or invalid. Press “Fix” to edit your project configuration.

    PhpStorm和WAMP配置调试参数 问题描述: Error. Interpreter is not specified or invalid. Press “Fix” to edit your p ...

  2. Apache2.4:AH01630 client denied by server configuration

    问题说明:Apache服务总共有4个,是为了防止单点故障和负载均衡,负载均衡控制由局方的F5提供. 访问的内容在NAS存储上,现象是直接访问每个apache的服务内容都是没有问题,但是从负载地址过来的 ...

  3. Fedora 22中的Locale and Keyboard Configuration

    Introduction The system locale specifies the language settings of system services and user interface ...

  4. ABP源码分析四:Configuration

    核心模块的配置 Configuration是ABP中设计比较巧妙的地方.其通过AbpStartupConfiguration,Castle的依赖注入,Dictionary对象和扩展方法很巧妙的实现了配 ...

  5. External Configuration Store Pattern 外部配置存储模式

    Move configuration information out of the application deployment package to a centralized location. ...

  6. SCVMM中Clone虚拟机失败显示Unsupported Cluster Configuration状态

    在SCVMM进行虚拟机的Clone,虽然失败了,但是Clone出虚拟机却显示在SCVMM控制台的虚拟机的列表中,并且状态是Unsupported Cluster Configuration.无法修复, ...

  7. commons configuration管理项目的配置文件

    Commons Confifutation commons configuration可以很方便的访问配置文件和xml文件中的的内容.Commons Configuration 是为了提供对属性文件. ...

  8. Elasticsearch Configuration 中文版

    ##################### Elasticsearch Configuration Example ##################### # This file contains ...

  9. Spark 官方文档(4)——Configuration配置

    Spark可以通过三种方式配置系统: 通过SparkConf对象, 或者Java系统属性配置Spark的应用参数 通过每个节点上的conf/spark-env.sh脚本为每台机器配置环境变量 通过lo ...

随机推荐

  1. 关于dbw 与dbm 的计算

    一分贝(dB)表示单元信号强度的相对差异.其比率的基础对数为10,,如dB = 10 x Log10 (P1/P2). 基础10对数规则: Log10 (AxB) = Log10(A) + Log10 ...

  2. python的类和对象2(self参数)

    python的类和对象2(self参数) 1.python里面对象的方法都会有self参数,它就相当于C++里面的this指针:绑定方法,据说有了这个参数,Python 再也不会傻傻分不清是哪个对象在 ...

  3. oracle数据库数据字典应用

    oracle数据字典 数据字典是由oracle服务器创建和维护的一组只读的系统表.数据字典分为两类:一是基表,二是数据字典视图. 数据字典视图包括用户名.用户权限.对象名.约束和审计等信息,是通过运行 ...

  4. 009--EXPLAIN用法和结果分析

    在日常工作中,我们会有时会开慢查询去记录一些执行时间比较久的SQL语句,找出这些SQL语句并不意味着完事了,些时我们常常用到explain这个命令来查看一个这些SQL语句的执行计划,查看该SQL语句有 ...

  5. 32bit GM命令

    GM 命令[32位服务端GM命令] //announce message this basicly tells a announcement on the whole server.. you can ...

  6. Netty源码分析第8章(高性能工具类FastThreadLocal和Recycler)---->第6节: 异线程回收对象

    Netty源码分析第八章: 高性能工具类FastThreadLocal和Recycler 第六节: 异线程回收对象 异线程回收对象, 就是创建对象和回收对象不在同一条线程的情况下, 对象回收的逻辑 我 ...

  7. kubernetes高可用设计-master节点和kubectl

    部署master 节点 上一遍是CA证书和etcd的部署,这一篇继续搭建k8s,废话不多说.开始部署. kubernetes master 节点包含的组件有: kube-apiserver kube- ...

  8. VMware vCenter Converter迁移Linux系统虚拟机

    (一)简介VMware vCenter Converter Standalone,是一种用于将虚拟机和物理机转换为 VMware 虚拟机的可扩展解决方案.此外,还可以在 vCenter Server ...

  9. chattr和lsattr命令详解

    基础命令学习目录首页 原文链接:http://www.ha97.com/5172.html PS:有时候你发现用root权限都不能修改某个文件,大部分原因是曾经用chattr命令锁定该文件了.chat ...

  10. python正则表达式,以及应用[下载图片]

    regular expresion由一系列特定字符及其组合成的字符串,用来对目标字符串进行过滤操作.. re相关知识点 python正则表达式库为re,用import re导入,在然后用re.comp ...