VDOM configuration

来源 https://cookbook.fortinet.com/vdom-configuration/

 

This example illustrates how to use VDOMs to host two FortiOS instances on a single FortiGate unit.

Virtual Domains (VDOMs) can be used to divide a single FortiGate unit into two or more virtual instances of FortiOS that function as independent FortiGate units. This example simulates an ISP that provides Company A and Company B with distinct Internet services. Each company has its own VDOMIP address, and internal network.

 Watch the video

Find this recipe for other FortiOS versions:
5.2 | 5.4 | 6.0

1. Switching to VDOM mode and creating two VDOMs

Go to System > Dashboard > Status.

In the System Information widget, find Virtual Domain and select Enable.

You will be required to re-login after enabling Virtual Domain due to the GUI menu options changing.

Certain FortiGate models will not show the Virtual Domain option in the System Information widget. In order to enable Virtual Domains for these models, the following CLIcommand is required:

config system global

 set vdom-admin enable

 end

Enter y when you are asked if you want to continue. You will be required to re-login after enabling Virtual Domain due to the GUI menu options changing.

  

Go to Global > VDOM > VDOM.

Create two VDOMS: VDOM-A and VDOM-B. Leave both VDOMs as Enabled, with Operation Mode set to NAT.

Note: In version 5.2.3, no choice to enable the VDOMS will be available, as they will be automatically enabled.

2. Assigning interfaces to each VDOM

Go to Global > Network > Interfaces.

Edit internal1 and add it to VDOM-A. Set Addressing Mode to Manualand assign an IP/Network Mask to the interface (in the example, 192.168.91.1/255.255.255.0).

  
Edit internal2 and add it to VDOM-A. Set Addressing Mode to Manual, assign an IP/Network Mask to the interface (in the example, 192.168.92.1/255.255.255.0), and set Administrative Access to HTTPSPING, and SSH. Enable DHCP Server.  
Edit internal3 and add it to VDOM-B. Set Addressing Mode to Manualand assign an IP/Network Mask to the interface (in the example, 192.168.93.1/255.255.255.0).  
Edit internal4 and add it to VDOM-B. Set Addressing Mode to Manual, assign an IP/Network Mask to the interface (in the example, 192.168.94.1/255.255.255.0), and set Administrative Access to HTTPS, PING, and SSH. Enable DHCP Server.  

3. Creating administrators for each VDOM

Go to Global > Admin > Administrators.

Create an administrator for VDOM-A, called a-admin. Set Type to Regular, enter and confirm a password, set Administrator Profile to prof_admin, and set Virtual Domain to VDOM-A.

Make sure to remove the root VDOM from the Virtual Domainlist.

  

Create an administrator for VDOM-B, called b-admin. Set Type to Regular, enter and confirm a password, set Administrator Profile to prof_admin, and set Virtual Domain to VDOM-B.

Make sure to remove the root VDOM from the Virtual Domainlist.

4. Creating a basic configuration for VDOM-A

Go to Virtual Domains > VDOM-A > System > Network > Routing, to access Static Routes options. (Note: In FortiOS 5.2.4 and up the path is Virtual Domains > VDOM-A > Router > Static > Static Routes.)

Click Create New to create a default route for the VDOM. Set Destination IP/Mask to 0.0.0.0/0.0.0.0, set Device to internal1, and set Gateway to the IP of the gateway router.

  

Connect a PC to port 2. Using HTTPS protocol, browse to the IP set for internal2 and log into VDOM-A using the a-admin account (in the example, https://192.168.92.1).

Go to Policy & Objects > Policy > IPv4.

Create a policy to allow Internet access. Set Incoming Interface to internal2 and Outgoing Interfaceto internal1. Ensure NAT is turned ON.

Set Source Address to all, Destination Address to all, and Service to ALL.

5. Creating a basic configuration for VDOM-B

Go to Virtual Domains > VDOM-B > System > Network > Routing, to access Static Routes options.(Note: In FortiOS 5.2.4 and up the path is Virtual Domains > VDOM-B > Router > Static > Static Routes.)

Click Create New to create a default route for the VDOM. Set Destination IP/Mask to 0.0.0.0/0.0.0.0, set Device to internal3, and set Gateway to the IP of the gateway router.

  

Connect a PC to port 4. Using HTTPS protocol, browse to the IP set for internal4 and log into VDOM-B using the b-admin account (in the example, https://192.168.94.1).

Go to Policy & Objects > Policy > IPv4.

Create a policy to allow Internet access. Set Incoming Interface to internal4 and Outgoing Interfaceto internal3. Ensure NAT is turned ON.

Set Source Address to all, Destination Address to all, and Service to ALL.

6. Connecting the gateway router
Connect port 1 and port 3 of the FortiGate unit to the gateway router to allow Internet traffic to flow.  

7. Results

Connect to the Internet from the Company A and Company B networks and then log into the FortiGate unit.

Go to Virtual Domains and select VDOM-A.

Go to Policy & Objects > Monitor > Policy Monitor to view the sessions being processed on VDOM-A.

  

Go to Virtual Domains and select VDOM-B.

Go to Policy & Objects > Monitor > Policy Monitor to view the sessions being processed on VDOM-B.

[download-attachments]

For further reading, check out Virtual Domainsin the FortiOS 5.2 Handbook.

==================== End

VDOM configuration的更多相关文章

  1. PhpStorm和WAMP配置调试参数,问题描述Error. Interpreter is not specified or invalid. Press “Fix” to edit your project configuration.

    PhpStorm和WAMP配置调试参数 问题描述: Error. Interpreter is not specified or invalid. Press “Fix” to edit your p ...

  2. Apache2.4:AH01630 client denied by server configuration

    问题说明:Apache服务总共有4个,是为了防止单点故障和负载均衡,负载均衡控制由局方的F5提供. 访问的内容在NAS存储上,现象是直接访问每个apache的服务内容都是没有问题,但是从负载地址过来的 ...

  3. Fedora 22中的Locale and Keyboard Configuration

    Introduction The system locale specifies the language settings of system services and user interface ...

  4. ABP源码分析四:Configuration

    核心模块的配置 Configuration是ABP中设计比较巧妙的地方.其通过AbpStartupConfiguration,Castle的依赖注入,Dictionary对象和扩展方法很巧妙的实现了配 ...

  5. External Configuration Store Pattern 外部配置存储模式

    Move configuration information out of the application deployment package to a centralized location. ...

  6. SCVMM中Clone虚拟机失败显示Unsupported Cluster Configuration状态

    在SCVMM进行虚拟机的Clone,虽然失败了,但是Clone出虚拟机却显示在SCVMM控制台的虚拟机的列表中,并且状态是Unsupported Cluster Configuration.无法修复, ...

  7. commons configuration管理项目的配置文件

    Commons Confifutation commons configuration可以很方便的访问配置文件和xml文件中的的内容.Commons Configuration 是为了提供对属性文件. ...

  8. Elasticsearch Configuration 中文版

    ##################### Elasticsearch Configuration Example ##################### # This file contains ...

  9. Spark 官方文档(4)——Configuration配置

    Spark可以通过三种方式配置系统: 通过SparkConf对象, 或者Java系统属性配置Spark的应用参数 通过每个节点上的conf/spark-env.sh脚本为每台机器配置环境变量 通过lo ...

随机推荐

  1. shell 本地接口自动化

    一.基于http/https的接口 一般情况下,当前大多公司在做接口自动化的时候都会使用一些工具:比如:postman/jmeter/python自研开发接口平台... 以上的情况,都是在源码与测试使 ...

  2. Unity优化方向——优化Unity游戏中的图形渲染(译)

    CPU bound:CPU性能边界,是指CPU计算时一直处于占用率很高的情况. GPU bound:GPU性能边界,同样的是指GPU计算时一直处于占用率很高的情况. 原文:https://unity3 ...

  3. CF 675E Trains and Statistic

    草稿和一些题解而已 因为指针太恶心了 所以query决定还是要试试自己yy一下 #include<cstdio> #include<cstring> #include<i ...

  4. 服务端模版注入漏洞检测payload整理

    服务端模版注入漏洞产生的根源是将用户输入的数据被模版引擎解析渲染可能导致代码执行漏洞 下表涵盖了java,php,python,javascript语言中可能使用到的模版引擎,如果网站存在服务端模版注 ...

  5. shutil模块详解

    python常用模块目录 注意:shutil经常遇到路径需要转义一下才能执行,在字符串前面加 r转义  r" " 1.shutil常用方法 import shutil# 删除目录 ...

  6. sqlplus远程连接oracle

    格式: sqlplus 用户名/密码@192.168.19.189:1521/MYTEST MYTEST 数据库名称

  7. 使用Spring boot 嵌入的tomcat不能启动: Unregistering JMX-exposed beans on shutdown

    新建一个spring boot的web项目,运行之后控制台输出“Unregistering JMX-exposed beans on shutdown”,tomcat也没有运行.寻找原因,看了下pom ...

  8. [BUAA软工]第0次个人作业

    [BUAA软工]第0次个人作业 本次作业所属课程 : 2019BUAA软件工程 本次作业要求: 第0次个人作业 我在本课程的目标: 熟悉软件工程流程,规范开发习惯 本次作业的帮助: 熟悉课程流程 Pa ...

  9. Linux第一二章笔记

    第一章 Linux内核简介 1. Unix内核的特点 简洁:仅提供系统调用并有一个非常明确的设计目的 抽象:几乎所有东西都被当做文件 可移植性:使用C语言编写,使得其在各种硬件体系架构面前都具备令人惊 ...

  10. 20172319 《Java程序设计教程》 第9周学习总结

    20172319 2018.05.06-05.14 <Java程序设计教程>第9周学习总结 目录 教材学习内容总结 教材学习中的问题和解决过程 代码调试中的问题和解决过程 代码托管 上周考 ...