FortiOS Cookbook - Virtual Domains - Fortinet

  • View
    224

  • Download
    1

Embed Size (px)

Text of FortiOS Cookbook - Virtual Domains - Fortinet

  • FortiOS Handbook Virtual Domains for FortiOS 5.0

  • FortiOS Handbook - Virtual Domains for FortiOS 5.0

    August 15, 2013

    01-504-188666-20130815

    Copyright 2012 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and FortiGuard, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

    Technical Documentation docs.fortinet.com

    Knowledge Base kb.fortinet.com

    Customer Service & Support support.fortinet.com

    Training Services training.fortinet.com

    FortiGuard fortiguard.com

    Document Feedback techdocs@fortinet.com

    http://docs.fortinet.comhttp://kb.fortinet.comhttps://support.fortinet.comhttp://training.fortinet.comhttp://www.fortiguard.com/mailto:techdocs@fortinet.com?Subject=Technical%20Documentation%20Feedback

  • ContentsChange Log....................................................................................................... 6

    Introduction....................................................................................................... 7Before you begin...................................................................................................... 7

    How this guide is organized..................................................................................... 7

    Virtual Domains ................................................................................................ 8Benefits of Virtual Domains...................................................................................... 8

    Improving Transparent mode configuration....................................................... 8Easier administration.......................................................................................... 8Continued security ............................................................................................. 9Savings in physical space and power................................................................ 9More flexible MSSP configurations.................................................................. 10

    Enabling and accessing Virtual Domains............................................................... 10Enabling Virtual Domains ................................................................................. 10Viewing the VDOM list ..................................................................................... 13Global and per-VDOM settings........................................................................ 14Resource settings ............................................................................................ 23Virtual Domain Licensing ................................................................................. 27Logging in to VDOMs....................................................................................... 28

    Configuring Virtual Domains .................................................................................. 30Creating a Virtual Domain ................................................................................ 30Disabling a Virtual Domain ............................................................................... 31Deleting a VDOM ............................................................................................. 32Removing references to a VDOM .................................................................... 32Administrators in Virtual Domains.................................................................... 33

    Virtual Domains in NAT/Route mode............................................................ 37Virtual domains in NAT/Route mode ..................................................................... 37

    Changing the management virtual domain ...................................................... 37Configuring interfaces in a NAT/Route VDOM................................................. 38Configuring VDOM routing............................................................................... 41Configuring security policies for NAT/Route VDOMs ...................................... 43Configuring UTM profiles for NAT/Route VDOMs ........................................... 44Configuring VPNs for a VDOM......................................................................... 44Page 3

  • Example NAT/Route VDOM configuration............................................................. 44Network topology and assumptions ................................................................ 45General configuration steps............................................................................. 46Creating the VDOMs ........................................................................................ 46Configuring the FortiGate interfaces................................................................ 47Configuring the vdomA VDOM ........................................................................ 49Configuring the vdomB VDOM ........................................................................ 52Testing the configuration ................................................................................. 55

    Virtual Domains in Transparent mode.......................................................... 56Transparent operation mode ................................................................................. 56

    Broadcast domains.......................................................................................... 56Forwarding domains ........................................................................................ 56Spanning Tree Protocol ................................................................................... 57Differences between NAT/Route and Transparent mode................................ 58

    Operation mode differences in VDOMs................................................................. 58

    Configuring VDOMs in Transparent mode............................................................. 59Switching to Transparent mode....................................................................... 59Adding VLAN subinterfaces ............................................................................. 60Creating security policies................................................................................. 60

    Example of VDOMs in Transparent mode ............................................................. 60Network topology and assumptions ................................................................ 61General configuration steps............................................................................. 62Configuring common items.............................................................................. 62Creating virtual domains .................................................................................. 63Configuring the Company_A VDOM ................................................................ 63Configuring the Company_B VDOM ................................................................ 68Configuring the VLAN switch and router ......................................................... 73Testing the configuration ................................................................................. 75

    Inter-VDOM routing........................................................................................ 76Benefits of inter-VDOM routing ............................................................................. 76

    Freed-up physical interfaces ........................................................................... 76More speed than physical interfaces ............................................................... 77Continued support for secure firewall policies ................................................ 77Configuration flexibility..................................................................................... 77

    Getting started with VDOM links ........................................................................... 77Viewing VDOM links......................................................................................... 78Creating VDOM links........................................................................................ 79Deleting VDOM links ........................................................................................ 81NAT to Transparent VDOM links...................................................................... 81

    Inter-VDOM configurations .................................................................................... 82Standalone VDOM configuration ..................................................................... 83Independent VDOMs configuration ................................................................. 84Management VDOM configuration .........................................