Inter-VDOM links and virtual clustering
In a virtual domain configuration you can use inter-VDOM links to route traffic between two virtual domains operating in a single FortiGate without using physical interfaces. Adding an inter-VDOM link has the affect of adding two interfaces to the FortiGate and routing traffic between the virtual domains using the inter-VDOM link interfaces.
In a virtual clustering configuration inter-VDOM links can only be made between virtual domains that are in the same virtual cluster. So, if you are planning on configuring inter-VDOM links in a virtual clustering configuration, you should make sure the virtual domains that you want to link are in the same virtual cluster.
For example, the following tables show an example virtual clustering configuration where each virtual cluster contains four virtual domains. In this configuration you can configure inter-VDOM links between root and vdom_1 and between vdom_2 and vdom_3. But, you cannot configure inter-VDOM links between root and vdom_2 or between vdom_1 and vdom_3 (and so on).
Virtual Domains | Hostname | |
FortiGate_A | FortiGate_B | |
root |
Priority
200 |
Priority
100 |
vdom_1 | Role
Primary |
Role
Subordinate |
Virtual Domains | Hostname | |
FortiGate_A | FortiGate_B | |
vdom_2 |
Priority
100 |
Priority
200 |
vdom_3 | Role
Subordinate |
Role
Primary |
Configuring inter-VDOM links in a virtual clustering configuration
Configuring inter-VDOM links in a virtual clustering configuration is very similar to configuring inter-VDOM links for a standalone FortiGate. The main difference the config system vdom-link
command includes the vcluster
keyword. The default setting for vcluster
is vcluster1
. So you only have to use the vcluster
keyword if you are added an inter-VDOM link to virtual cluster 2.
To add an inter-VDOM link to virtual cluster 1
This procedure describes how to create an inter-VDOM link to virtual cluster 1 that results in a link between the root and vdom_1 virtual domains.
Inter-VDOM links are also called internal point-to-point interfaces. |
-
Add an inter-VDOM link called
vc1link
.config global
config system vdom-link
edit vc1link
end
Adding the inter-VDOM link also adds two interfaces. In this example, these interfaces are called
vc1link0
andvc1link1
. These interfaces appear in all CLI and GUI interface lists. These interfaces can only be added to virtual domains in virtual cluster 1. -
Bind the
vc1link0
interface to the root virtual domain and bind thevc1link1
interface to the vdom_1 virtual domain.config system interface
edit vc1link0
set vdom root
next
edit vc1link1
set vdom vdom_1
end
To add an inter-VDOM link to virtual cluster 2
This procedure describes how to create an inter-VDOM link to virtual cluster 2 that results in a link between the vdom_2 and vdom_3 virtual domains.
-
Add an inter-VDOM link called
vc2link
.config global
config system vdom-link
edit vc2link
set vcluster vcluster2
end
Adding the inter-VDOM link also adds two interfaces. In this example, these interfaces are called
vc2link0
andvc2link1
. These interfaces appear in all CLI and GUI interface lists. These interfaces can only be added to virtual domains in virtual cluster 2. -
Bind the
vc2link0
interface to the vdom_2 virtual domain and bind thevc2link1
interface to the vdom_3 virtual domain.config system interface
edit vc2link0
set vdom vdom_2
next
edit vc2link1
set vdom vdom_3
end