Inter-Vdom Links - Fortinet FortiGate Series Administration Manual

Using virtual domains

Inter-VDOM links

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
An inter-VDOM link is a pair of interfaces that enable you to communicate between two
VDOMs internally without using a physical interface. Inter-VDOM links have the same
security as physical interfaces, but allow more flexible configurations that are not limited
by the number of physical interfaces on your FortiGate unit. As with all virtual interfaces,
the speed of the link depends on the CPU load, but generally it is faster than physical
interfaces. There are no MTU settings for inter-VDOM links. DHCP support includes inter-
VDOM links.
A packet can pass through an inter-VDOM link a maximum of three times. This is to
prevent a loop. When traffic is encrypted or decrypted, it changes the content of the
packets and this resets the inter-VDOM counter. However, using IPIP or GRE tunnels
does not reset the counter.
In HA mode, inter-VDOM links must have both ends of the link within the same virtual
cluster. DHCP over IPSec is supported for inter-VDOM links, however regular DHCP
services are not available.
To view inter-VDOM links, go to System > Network > Interface. When an inter-VDOM link
is created, it automatically creates a pair of virtual interfaces that correspond to the two
internal VDOMs. Each of the virtual interfaces is named using the inter-VDOM link name
with an added "0" or "1". So if the inter-VDOM link is called "vlink" the interfaces are
"vlink0" and "vlink1". Select the Expand Arrow beside the VDOM link to display the virtual
interfaces.
Note: Inter-VDOM links cannot refer to a domain that is in transparent mode.
Figure 63: VDOM link interfaces
To create an inter-VDOM link
1 Log in as admin.
2 Go to System > Network > Interface.
3 Select the arrow on the Create New button.
4 Select VDOM link.
You will see the New VDOM Link screen.
Configuring VDOMs and global settings
Up Down
Edit
169