How to configure Inter-VDOM links

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome to this short video when we're gonna speak about how you can configure enter vdom links on fortigate we have prepared a quick a small diagram uh showing that a test pc connected on fortigate which belongs to test vdam and internet connected to another device or the isp connected to root v dom between them there is a interview down link let's log into the fortigate uh we'll need access for that so let's grant the access on the unit uh i'm using a different interface to avoid this uh to avoid getting losing access on the unit so this is very important to make sure that you during those changes will never have to make any so basically lose the connection to the unit in order for this to work you need to enable vdom uh note that if you have multiple vdms by the fortigate by default you you need to have a license for more than 10 vms and if you commit the changes the unit will require a restart just like you've seen on my test so basically you need to run this during a maintenance window let's log in back to the unit and we can start creating the vdom uh test v dumb will be our one of those okay then on testvidum we need to create to map lan interface which basically is a 40 gate and by default they go to root vw i need to map it to the test vdom and then create the interview dom links just like i did i'm using a subnet here normally i don't have any configuration but you have to make sure that the subnet used must not been used or overlapped with any other networks just to avoid any confusion forting it will not allow you to do that but just so that you'll not have any uh devices on the same subnet let's put a name name could be random and define each on those on each v dumb i have enabled ping for both interfaces let me enable here okay then here this just the ip addresses so uh let's do a quick test from the fortigate if we are able to pick the interfaces normally for the gate will allow this type of traffic without any further changes okay let's uh ping the interface itself okay so now we have access okay let's go to the other video okay it should be root video okay and test video indeed so here is a second okay let's create the policies now so the policy should be on the perspective of the traffic so apparently traffic will be sent from a test machine which is physically located on underland lana interface is expected to come from lan interface uh so from this fortigate perspective this traffic will be uh originated from lan and then sent to the root vdom which is uh the new interface that we have created i'm not specifying here any destinations all all and any service let's confirm the policy and shall do this the same on the other vidum uh we'll create here a policy but in this case we expect the traffic to be uh retrieved from the interview link and um from there to be sent to the to the next top which would be the one interface okay also here i'm not specifying any sources and destination normally on it is recommended on your environment to have explicit as explicit as possible policies to avoid any particular traffic let's do a quick test on this test machine that i'm using so i'll be able to ping here is the gateway you see this is the interface lan on the fortigate which is designed to land to the test video so let me just perform a ping we should see that i have reachability from this unit to the interface itself now we need to test if we have access to the internet which we don't we reason is because we are missing something and indeed we are missing the route so vdom uh that vm test doesn't have a route so let's create a default route and we shall send this to the next hope which is the ip address of the interview dumb link on the other device so let's choose here define the correct ip address okay let's confirm everything okay now we are routing the traffic to the root video under what we done we need to have default route unless you already have it uh i need to determine the gateway that i have just to verify what we have apparently is not showing okay let's try to maybe is this one ip address fortigate will query automatically and see yeah this is not doesn't seem to be the correct route gateway just let's verify that from the actual device okay okay let's correct it this is the actual interface when i'm getting the internet yours might be different of course depends on the environment so now apparently everything every all part of the setup is completed you should be able to get yeah indeed you see that connectivity establishes so let's take a look into a test machine we are going to ping now and see if we have connectivity and yes we do have coverage of connectivity let's take a look at the policies so you see we have traffic which means the traffic hit is matching this particular policy and also i also like to enable hits on this policy it is very useful to see packets in terms of how many hits we have okay let's go back to the interfaces here is where the interfaces get listed and we'll do a test by disabling one of them and try to see if we'll be able to lose connection so we disabled one interface and you see connection got lost so let's enable it again and connection will be restored this reveals that traffic it is showing through it's a quick test to understand traffic it is flowing so the configuration is complete thank you for your time and thank you for watching this video and enjoy your 40 day

Info

Channel: Knowledge Base

Views: 18,278

Rating: undefined out of 5

Keywords:

Id: mfJSk9OSpMc

Channel Id: undefined

Length: 7min 24sec (444 seconds)

Published: Mon Nov 15 2021