Creating VDOM links
VDOM links connect VDOMs together to allow traffic to pass between VDOMs as per firewall policies. Inter-VDOM links are virtual interfaces that are very similar to VPN tunnel interfaces except inter-VDOM links do not require IP addresses. See
“IP addresses and inter-VDOM links”.
To create a VDOM link, you first create the point-to-point interface, and then bind the two interface objects associated with it to the virtual domains.
In creating the point-to-point interface, you also create two additional interface objects by default. They are called vlink10 and vlink11 - the interface name you chose with a 1 or a 0 to designate the two ends of the link.
Once the interface objects are bound, they are treated like normal FortiGate interfaces and need to be configured just like regular interfaces.
The assumptions for this example are as follows:
• You are using a super_admin account
To configure an inter-VDOM link - web-based manager
1. Go to Global > Network > Interfaces.
2. Select Create New > VDOM link, enter the following information, and select OK.
Name | vlink1 (The name can be up to 11 characters long. Valid characters are letters, numbers, “-”, and “_”. No spaces are allowed.) |
Interface #0 |
| Virtual Domain | customer1 |
IP/Netmask | 10.11.12.13/255.255.255.0 |
Administrative Access | HTTPS, SSL |
Interface #1 |
| Virtual Domain | customer2 |
IP/Netmask | 172.120.100.13/255.255.255.0 |
Administrative Access | HTTPS, SSL |
To configure an inter-VDOM link - CLI
config global
config system vdom-link
edit vlink1
end
config system interface
edit vlink10
set vdom customer1
next
edit vlink11
set vdom customer2
end
Once you have created and bound the interface ends to VDOMs, configure the appropriate firewall policies and other settings that you require. To confirm the inter-VDOM link was created, find the VDOM link pair and use the expand arrow to view the two VDOM link interfaces. You can select edit to change any information.