Table of Contents
Advertisement
Using virtual domains
Using virtual domains
Virtual domains
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102
This section describes how to use virtual domains to operate your FortiGate unit
as multiple virtual units, providing separate firewall and routing services to multiple
networks.
The following topics are included in this section:
•
Virtual domains
•
Enabling VDOMs
•
Configuring VDOMs and global settings
Virtual domains (VDOMs) enable a FortiGate unit to function as multiple
independent units. A single FortiGate unit is then flexible enough to serve multiple
departments of an organization, separate organizations or be the basis for a
service provider's managed security service.
VDOMs provide separate security domains that allow separate zones, user
authentication, firewall policies, routing, and VPN configurations. Using VDOMs
can also simplify administration of complex configurations because you do not
have to manage as many routes or firewall policies at one time. See
configuration settings" on page
To configure and use VDOMs, you must enable virtual domain configuration. See
"Enabling VDOMs" on page
When you create and configure a VDOM, you must assign interfaces or VLAN
subinterfaces to it. Optionally, you can assign an administrator account that can
log in only to that VDOM. If the VDOM is created to serve an organization, this
enables the organization to manage its configuration independently.The operating
mode, NAT/Route or Transparent, is independently selectable for each VDOM.
When a packet enters a VDOM, it is confined to that VDOM. In a VDOM, you can
create firewall policies for connections between VLAN subinterfaces or zones in
the VDOM. Packets do not cross the virtual domain border internally. To travel
between VDOMs a packet must pass through a firewall on a physical interface.
The packet then arrives at another VDOM on a different interface where it must
pass through another firewall before entering. Both VDOMs are on the same
FortiGate unit.The one exception is if you configure inter-VDOM routing using CLI
commands.
The remainder of FortiGate functionality is global. It applies to all VDOMs. This
means that there is one intrusion prevention configuration, one antivirus
configuration, one web filter configuration, one protection profile configuration,
and so on. As well, VDOMs share firmware versions, antivirus and attack
databases. For a complete list of shared configuration settings, see
configuration settings" on page
62.
64.
63.
Virtual domains
"VDOM
"Global
61
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
