Welcome to Scribd!

Inter Vdom New PDF

Uploaded by

0% found this document useful (0 votes)

51 views8 pages

This technical note describes how to configure inter-VDOM routing between a ROOT VDOM and ERP_Users VDOM on a Fortigate firewall to allow communication between their networks. It involves creating a VDOM link interface, configuring the linked interfaces and routes on each VDOM, and creating firewall policies between the VDOM link interfaces to allow traffic between the VDOMs. The configuration is tested using ICMP ping traffic which is seen traversing the VDOM link interfaces in both directions.

Original Description:

Original Title

inter_vdom_new.pdf

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

51 views8 pages

Inter Vdom New PDF

Uploaded by

Kishore Kumar

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 8

Search inside document

Technical Note: Inter-VDOM routing

Product: Fortigate 5.0 Onwards

Requirement:

Traffic routing between 2 VDOMs

ROOT and ERP_Users VDOM network design is as below

WAN1 > 172.31.16.196 -- root vdom

WAN2 > 10.128.0.196/23 -- root VDOM internal interface

Port5 > 10.129.0.196/23 -- ERP_Users VDOM internal interface

User should be able to communicate from ERP_Users Port5 to WAN2 subnet and vice-verse

On Global Settings:

Creating VDOM Link under System > Network > Interface >
After creating the vdom-interlink need to pair the correct VDOMs

ROOT VDOM settings:

VDOM Interface on 'root' vdom

Configuring route to ERP_Users port5 subnet

Need to select the correct vlink interface (which is paired)

Configuring firewall policies

Need to configure policy from vlink10 to wan2 and vice-verse

Configuration on ERP_Users VDOM

Interfaces on ERP_Users VDOM

Configuring route for 10.128.0.0/23 (for root vdom) via vlink11 interface
Configuring Firewall policies

Policies from vlink11 to port5 and vice-verse

Configuration on CLI

config global
config system vdom-link
edit "vlink1"
set type ppp
next
end

config vdom

edit root
config system interface
edit "wan2"
set vdom "root"
set ip 10.128.0.196 255.255.252.0
set allowaccess ping https ssh http telnet fgfm
set type physical
set explicit-web-proxy enable
set snmp-index 6
next
edit "vlink10"
set vdom "root"
set type vdom-link
set snmp-index 32
next
edit "vlink11"
set vdom "ERP_Users"
set type vdom-link
set snmp-index 33
next
end

config router static

edit 3
set device "vlink10"
set dst 10.129.0.0 255.255.254.0
next
end

config firewall policy

edit 1
set srcintf "vlink10"
set dstintf "wan2"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
next
edit 2
set srcintf "wan2"
set dstintf "vlink10"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
next
end
On ERP_Users VDOM

config vdom

edit ERP_Users
config system interface
edit "vlink11"
set vdom "ERP_Users"
set type vdom-link
set snmp-index 33
next
edit "port5"
set vdom "ERP_Users"
set ip 10.129.0.196 255.255.252.0
set allowaccess ping https ssh http telnet fgfm
set type physical
set snmp-index 10
next
end

config router static

edit 1
set device "vlink11"
set dst 10.128.0.0 255.255.254.0
next
end

config firewall policy

edit 1
set srcintf "port5"
set dstintf "vlink11"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
next
edit 2
set srcintf "vlink11"
set dstintf "port5"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
next
end

Test Result:

Debug flow:

id=13 trace_id=60 func=print_pkt_detail line=4307 msg="vd-ERP_Users received a

packet(proto=1, 10.129.0.67:1->10.128.0.196:8) from port5. code=8, type=0, id=1, seq=68."

id=13 trace_id=60 func=init_ip_session_common line=4463 msg="allocate a new session-

000b88fc"

id=13 trace_id=60 func=vf_ip4_route_input line=1605 msg="find a route: flags=00000000 gw-

10.128.0.196 via vlink11"

id=13 trace_id=60 func=__iprope_tree_check line=534 msg="use addr/intf hash, len=2"

id=13 trace_id=60 func=fw_forward_handler line=667 msg="Allowed by Policy-1:"

Sniffer output

diagnose sniffer packet any 'host 10.128.0.196 and icmp ' 4

interfaces=[any]

filters=[host 10.128.0.196 and icmp ]

5.659014 port5 in 10.129.0.67 -> 10.128.0.196: icmp: echo request

5.659078 vlink11 out 10.129.0.67 -> 10.128.0.196: icmp: echo request
5.659078 vlink10 in 10.129.0.67 -> 10.128.0.196: icmp: echo request
5.659138 vlink10 out 10.128.0.196 -> 10.129.0.67: icmp: echo reply
5.659138 vlink11 in 10.128.0.196 -> 10.129.0.67: icmp: echo reply
5.659169 port5 out 10.128.0.196 -> 10.129.0.67: icmp: echo reply

FortiGate - Windows 10 Native/Always-on VPN
Document16 pages
FortiGate - Windows 10 Native/Always-on VPN
shapeshiftr
100% (1)
Network Security All-in-one: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security
From Everand
Network Security All-in-one: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security
Redouane MEDDANE
No ratings yet
Marvel Demo
Document11 pages
Marvel Demo
gomathisankar.v1978
100% (1)
EX300 Redhat Exam Prep Cheat Sheet
Document13 pages
EX300 Redhat Exam Prep Cheat Sheet
btkk zztb
No ratings yet
Add Certificates To Cisco Sd-Wan Lab (Version 18.4.4) : 1) Vmanage
Document21 pages
Add Certificates To Cisco Sd-Wan Lab (Version 18.4.4) : 1) Vmanage
Narender Garg
No ratings yet
DRBD Pacemaker Corosync Mysql Cluster Centos7 PDF
Document16 pages
DRBD Pacemaker Corosync Mysql Cluster Centos7 PDF
Klaus Bertok
No ratings yet
FortiGate Tesis
Document70 pages
FortiGate Tesis
Elias Tajob Mella Madrid
No ratings yet
Branch 1
Document4 pages
Branch 1
aripang
No ratings yet
Hub 1
Document7 pages
Hub 1
aripang
No ratings yet
DC1
Document4 pages
DC1
aripang
No ratings yet
Branch 1
Document5 pages
Branch 1
aripang
No ratings yet
IPSec VPN in HA Environment
Document6 pages
IPSec VPN in HA Environment
Ayan Nas
No ratings yet
Fail Over IPSec Site-to-Site VPN With Redundant Link On FortiGate Firewall
Document17 pages
Fail Over IPSec Site-to-Site VPN With Redundant Link On FortiGate Firewall
SoufianeSaiDar
No ratings yet
Cli Console
Document190 pages
Cli Console
luislatinlflg
No ratings yet
Pim Sparse Mode With Snat Potential Bug
Document261 pages
Pim Sparse Mode With Snat Potential Bug
zeeipv7
No ratings yet
Configure Remote SSL VPN in FortiGate With CLI
Document5 pages
Configure Remote SSL VPN in FortiGate With CLI
Ayna
No ratings yet
Network Security Memo - Basic Fortinet Firewall Fortigate CLI Commands (Tips and Tricks)
Document12 pages
Network Security Memo - Basic Fortinet Firewall Fortigate CLI Commands (Tips and Tricks)
Hasib
No ratings yet
Basic Firewall Configuration - Fortigate To Mikrotik Ipsec VPN
Document5 pages
Basic Firewall Configuration - Fortigate To Mikrotik Ipsec VPN
Leocadio Fazolari
No ratings yet
Juniper RPM and Event Policy
Document7 pages
Juniper RPM and Event Policy
Alex Machado
No ratings yet
Config Vlan Fortigate-2
Document8 pages
Config Vlan Fortigate-2
Toure Ounzolo Brichard
No ratings yet
Configuration Example of Regular DHCP Relay Through A Fortigate To Fortigate VPN
Document2 pages
Configuration Example of Regular DHCP Relay Through A Fortigate To Fortigate VPN
regabri
No ratings yet
SD-WAN Control Plane Configuration-Final
Document18 pages
SD-WAN Control Plane Configuration-Final
Armando Benjamin NZO AYANG
No ratings yet
Call of Duty 4 Dedicated Linux Server Setup Guide
Document5 pages
Call of Duty 4 Dedicated Linux Server Setup Guide
jano11botka
No ratings yet
Sd-Wan Control and Data Plane: Document Information: Lab Objective
Document19 pages
Sd-Wan Control and Data Plane: Document Information: Lab Objective
Alejandro Osorio
No ratings yet
KN-2011 Stable 4.00.C.7.0-0 Router Startup-Config
Document6 pages
KN-2011 Stable 4.00.C.7.0-0 Router Startup-Config
felallen
No ratings yet
Politicas Firewall B
Document22 pages
Politicas Firewall B
GERMIN
No ratings yet
Learning Fortigate
Document11 pages
Learning Fortigate
RajArya
No ratings yet
CENTOS
Document32 pages
CENTOS
ntuta
No ratings yet
Capacitacion Juniper Pymes PDF
Document9 pages
Capacitacion Juniper Pymes PDF
Carlos Alberto Perdomo Polania
No ratings yet
Fortigate VM
Document143 pages
Fortigate VM
DavidReyGM
No ratings yet
Preview Lab Huawei USG600V Firewall eNSP NAT Policies
Document22 pages
Preview Lab Huawei USG600V Firewall eNSP NAT Policies
Santiago Miguel Tapia Guajardo
No ratings yet
ASA Firewal Backup
Document20 pages
ASA Firewal Backup
Prathvi R Singh
No ratings yet
Cisco Viptela SDWAN: OSPF and BGP (Part 2) : Document Information: Lab Objective
Document21 pages
Cisco Viptela SDWAN: OSPF and BGP (Part 2) : Document Information: Lab Objective
Cuong Ha
No ratings yet
Student 2 FGT Surabaya - 20170430 - 1628
Document69 pages
Student 2 FGT Surabaya - 20170430 - 1628
aripang
No ratings yet
CCNA Security Packet Tracer Skill Based Assessment Practice
Document9 pages
CCNA Security Packet Tracer Skill Based Assessment Practice
Frija011
No ratings yet
Check Point Gateway
Document8 pages
Check Point Gateway
adriangrin
No ratings yet
Configuration: L2Tp Over Ipsec VPN
Document3 pages
Configuration: L2Tp Over Ipsec VPN
masterlinh2008
No ratings yet
Lab 10: IDPS - Snort & Cisco IDPS Sensors: 9.1 Details
Document24 pages
Lab 10: IDPS - Snort & Cisco IDPS Sensors: 9.1 Details
ew
No ratings yet
Fortigate Troubleshooting Tips: Windows Ad Sso
Document8 pages
Fortigate Troubleshooting Tips: Windows Ad Sso
m0nsys
No ratings yet
CAPsMAN MikroTik
Document3 pages
CAPsMAN MikroTik
bozapub
100% (1)
Selinux e Firewall Linux
Document9 pages
Selinux e Firewall Linux
mvfe.sfs
No ratings yet
Fortigate 80C
Document66 pages
Fortigate 80C
Lev Tera
No ratings yet
Packet Tracer Skills Based Assessment
Document15 pages
Packet Tracer Skills Based Assessment
Brave GS Splendeur
No ratings yet
LDOMs (OVM For SPARC) Command Line Reference (Cheat Sheet)
Document3 pages
LDOMs (OVM For SPARC) Command Line Reference (Cheat Sheet)
cloudzenx
100% (2)
Simple Network Management Protocol-DD-WRT
Document8 pages
Simple Network Management Protocol-DD-WRT
Marialis Vasquez Jimenez
No ratings yet
RHCE 7 Exam Point of View Question and Answer - RHCE 7 Dums
Document33 pages
RHCE 7 Exam Point of View Question and Answer - RHCE 7 Dums
sivachandran kaliappan
No ratings yet
Easy OpenVPN 1.2 2 With Login Password
Document11 pages
Easy OpenVPN 1.2 2 With Login Password
world1capital
No ratings yet
Linux Command
Document5 pages
Linux Command
Raghunath Kurup
No ratings yet
SD-WAN Controller Initialization
Document9 pages
SD-WAN Controller Initialization
Yusuf Mahmoud
No ratings yet
Cisco Easy VPN Server
Document33 pages
Cisco Easy VPN Server
Itachi Kanade Eucliwood
No ratings yet
Esxcfg-Firewall Esxcfg-Nics Esxcfg-Vswitch Esxcfg-Vswif Esxcfg-Route Esxcfg-Vmknic
Document6 pages
Esxcfg-Firewall Esxcfg-Nics Esxcfg-Vswitch Esxcfg-Vswif Esxcfg-Route Esxcfg-Vmknic
Rogerio Cataldi Rodrigues
No ratings yet
CP R80.30 LoggingAndMonitoring AdminGuide
Document159 pages
CP R80.30 LoggingAndMonitoring AdminGuide
Rodolfo Aviles
No ratings yet
Create Ldom
Document1 page
Create Ldom
Mbonk Wae Lah
No ratings yet
Telnet Commands
Document28 pages
Telnet Commands
librosarcanos
No ratings yet
Summary of IOS Features and Commands
Document3 pages
Summary of IOS Features and Commands
sybell8
No ratings yet
VPNC
Document22 pages
VPNC
tesjalapa 23
No ratings yet
Aix Various Notes
Document18 pages
Aix Various Notes
azkarashare
No ratings yet
Configuring Edgerouter KPN
Document18 pages
Configuring Edgerouter KPN
erikdehair
No ratings yet
CCNA Security Packet Tracer Practice SBA
Document11 pages
CCNA Security Packet Tracer Practice SBA
Arshid Javeed
No ratings yet
Cisco Nsoc
Document21 pages
Cisco Nsoc
Cesar Miguel
No ratings yet