Chapter 19 Virtual Domains : Inter-VDOM routing : Example of inter-VDOM routing : Network topology and assumptions
  
Network topology and assumptions
Two departments of a company, Accounting and Sales, are connected to one FortiGate‑800 unit. To do its work, the Sales department receives a lot of email from advertising companies that would appear to be spam if the Accounting department received it. For this reason, each department has its own VDOM to keep firewall policies and other configurations separate. A management VDOM makes sense to ensure company policies are followed for traffic content.
The traffic between Accounting and Sales will be email and HTTPS only. It could use a VDOM link for a meshed configuration, but we will keep from getting too complex. With the configuration, inter-VDOM traffic will have a slightly longer path to follow than normal—from one department VDOM, through the management VDOM, and back to the other department VDOM. Since inter-VDOM links are faster than physical interfaces, this longer path should not be noticed.
Firewall policies will be in place. For added security, firewall policies will allow only valid office services such as email, web browsing, and FTP between either department and the Internet. Any additional services that are required can be added in the future.
The company uses a single ISP to connect to the Internet. The ISP uses DHCP to provide an IP address to the FortiGate unit. Both departments use the same ISP to reach the Internet.
Other assumptions for this example are as follows:
Your FortiGate unit has interfaces labelled port1 through port4 and VDOMs are not enabled.
You are using the super_admin account.
You have the FortiClient application installed.
You are familiar with configuring interfaces, firewalls, and other common features on your FortiGate unit.
Figure 343: Management VDOM for two departments