VDOM

Posted 2020-09-29

1.什么是VDOM?

Virtual Domain

 

2.VDOM之间如何连接和通信?

Configuring VDOM links

 

Inter-VDOM routing

 

3.为什么需要VDOM links? VDOM link 起到什么作用? 

VDOM links are a way of connecting VDOMs (virtual firewalls) within a FortiGate without the need to use external physical ports. VDOM之间互联通信而不需要借助外部的物理端口

 

You can connect NAT/routed and Transparent VDOMs together or NAT/routed to NAT/routed VDOMs but not Transparent to Transparent VDOMs.  可以连接在NAT透明模式VDOM之间   NAT和NAT VDOM之间，但是不能透明之间

 

Inter-VDOM links can be created between VDOMs in NAT mode and VDOMs in Transparent mode,

可以在NAT和透明模式 VDOM之间 创建

 

An IP address must be assigned to the NAT VDOM’s interface, but no IP address should be assigned to the Transparent VDOM’s interface. NAT模式VDOM需要配置IP地址, 而透明模式VDOM不需要配置接口IP地址

 

4. VDOM之间如何进行访问控制?

 

 

5.VDOM link type 有哪些种类？

1.PPP

2.Ethernet

 

6.必须要有root VDOM吗? root VDOM起什么作用?

The root VDOM will be used to manage the FortiGate’s global settings.

 

NAT to Transparent VDOM links

but it must be done through the CLI, as the VDOM link type must be changed from the default PPP to Ethernet for the two VDOMs to communicate.

 

 

To configure a NAT to Transparent VDOM link - CLI

config global

config system vdom-link

edit vlink1

set type ethernet

end

config system interface

edit vlink10

set vdom (interface 1 name)

set ip (interface 1 ip)

next

edit vlink11

set vdom (interface 2 name)

end

Ethernet-type is not recommended for standard NAT to NAT inter-VDOM links, as the default PPP-type link does not require the VDOM links to have addresses, while Ethernet-type does. VDOM link addresses are explained in “IP addresses and inter-VDOM links”.

 

7.npu0-vlink0 /npu0-vlink1  是什么？ 起什么作用?

 hardware accelerated vlink (npu0) to a normal vlink (cpu bound)