Chapter 19 Virtual Domains : Inter-VDOM routing : Example of inter-VDOM routing : Configuring the physical interfaces
  
Configuring the physical interfaces
Next, the physical interfaces must be configured. This example uses three interfaces on the FortiGate unit - port2 (internal), port3(dmz), and port1(external). port2 and port3 interfaces each have a department’s network connected. port1 is for all traffic to or from the Internet and will use DHCP to configure its IP address, which is common with many ISPs.
To configure the physical interfaces - web-based manager
1. Go to Global > Network > Interfaces.
2. Select Edit for the port2 interface, enter the following information, and select OK.
Alias
AccountingLocal
Virtual Domain
Accounting
Addressing mode
Manual
IP/Netmask
172.100.1.1/255.255.0.0
Administrative Access
HTTPS, PING, SSH
Description
This is the accounting department internal interface.
3. Select Edit for the port3 interface, enter the following information, and select OK.
Alias
SalesLocal
Virtual Domain
Sales
Addressing mode
Manual
IP/Netmask
192.168.1.1/255.255.0.0
Administrative Access
HTTPS, PING, SSH
Description
This is the sales department internal interface.
4. Select Edit for the port1 interface, enter the following information, and select OK.
Alias
ManagementExternal
Virtual Domain
root
Addressing Mode
DHCP
Distance
5
Retrieve default gateway from server
Enable
Override internal DNS
Enable
Administrative Access
HTTPS, SSH, SNMP
Description
This is the accounting department internal interface.
 
When the mode is set to DHCP or PPoE on an interface you can set the distance field. This is the administrative distance for any routes learned through the gateway for this interface. The gateway is added to the static route table with these values. A lower distance indicates a preferred route.
To configure the physical interfaces - CLI
config global
config system interface
edit port2
set alias AccountingLocal
set vdom Accounting
set mode static
set ip 172.100.1.1 255.255.0.0
set allowaccess https ping ssh
set description "The accounting dept internal interface"
next
edit port3
set alias SalesLocal
set vdom Sales
set mode static
set ip 192.168.1.1 255.255.0.0
set allowaccess https ping ssh
set description "The sales dept. internal interface"
next
edit port1
set alias ManagementExternal
set vdom root
set mode DHCP
set distance 5
set gwdetect enable
set dns-server-override enable
set allowaccess https ssh snmp
set description “The systemwide management interface.”
end