Using virtual domains
Configuring VDOMs and global settings
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
113
Adding interfaces to a VDOM
A VDOM must contain at least two interfaces to be useful. These can be physical or virtual
interfaces such as VLAN subinterfaces. By default, all physical interfaces are in the root
virtual domain.
VLAN subinterfaces often need to be in a different VDOM than their physical interface. To
do this, the super administrator must first create the VDOM, create the VLAN subinterface,
and then assign the VLAN to the correct VDOM.
VDOMs can only be added in global settings, and not within VDOMs. For information on
creating VLAN subinterfaces, see
“Adding VLAN subinterfaces” on page 153
Inter-VDOM links
An inter-VDOM link is a pair of interfaces that enable you to communicate between two
VDOMs internally without using a physical interface. Inter-VDOM links have the same
security as physical interfaces, but allow more flexible configurations that are not limited
by the number of physical interfaces on your FortiGate unit. As with all virtual interfaces,
the speed of the link depends on the CPU load, but generally it is faster than physical
interfaces. There are no MTU settings for inter-VDOM links. DHCP support includes inter-
VDOM links.
A packet can pass through an inter-VDOM link a maximum of three times. This is to
prevent a loop. When traffic is encrypted or decrypted, it changes the content of the
packets and this resets the inter-VDOM counter. However, using IPIP or GRE tunnels
does not reset the counter.
In HA mode, inter-VDOM links must have both ends of the link within the same virtual
cluster. DHCP over IPSec is supported for inter-VDOM links, however regular DHCP
services are not available.
To view inter-VDOM links, go to
System > Network > Interface
. When an inter-VDOM link
is created, it automatically creates a pair of virtual interfaces that correspond to the two
internal VDOMs. Each of the virtual interfaces is named using the inter-VDOM link name
with an added “0” or “1”. So if the inter-VDOM link is called “vlink” the interfaces are
“vlink0” and “vlink1”. Select the Expand Arrow beside the VDOM link to display the virtual
interfaces.
Figure 48: VDOM link interfaces
To create an inter-VDOM link
1
Log in as admin.
2
Go to
System > Network > Interface
.
Note:
Inter-VDOM links cannot refer to a domain that is in transparent mode.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...