Product Pillars
Network Security
Network Security
NOC & SOC Management
Enterprise Networking
Business Communications
Zero Trust Access
ZTNA
SASE
Identity
Cloud Security
Hybrid Cloud Security
Cloud Native Protection
Web Application / API Protection
SAAS Security
Security Operations
SOC Platform
Advanced Threat Protection
Endpoint Security
Best Practices
Solution Hubs
Curated links by solution
Cloud
Popular Solutions
4-D Resources
Define, Design, Deploy, Demo
Hardware Guides
Product A-Z

Version:

7.2.1
7.0.6
7.0.5

Version:

6.4.9
6.4.8
6.4.6

Version:

6.2.9
6.2.7
6.2.6

Table of Contents

Hyperscale Firewall Guide

6.2.6
7.2.1
7.0.6
7.0.5
6.4.9
6.4.8
6.4.6
6.2.9
6.2.7
6.2.6
Download PDF
Copy Link

Creating hyperscale firewall VDOMs

New for FortiOS 6.2.6, VDOMs in which you will be enabling hyperscale firewall features must be created with a special VDOM name that also includes a VDOM ID number. The VDOM ID number is used by the kernel to create an ID for the VDOM that NP7 processors use to track hyperscale firewall sessions for that VDOM.

The following option, new to FortiOS 6.2.6, must be used to set the VDOM ID range:

config system global

set hyper-scale-vdom-num

end

By default this option is set to 250, allowing you to configure up to 250 hyperscale firewall VDOMs by setting the VDOM ID in the range of 1 to 250.

Use the following syntax to create a hyperscale firewall VDOM from the global CLI:

config vdom

edit <string>-hw<vdom-id>

Where:

<string> is a string that can contain any alphanumeric upper or lower case characters and the - and _ characters. The string cannot contain spaces and you should not use -hw in the name.

<vdom-id> a VDOM ID number in the range defined by the global hyper-scale-vdom-num setting. By default the range is from 1 to 250. Each VDOM must have a different <vdom-id>. When you add a VDOM name with a <vdom-id>, the kernel calculates an ID for this VDOM by adding 249 to the <vdom-id>.

If you include leading zeros in the <vdom-id>, the kernel removes them when creating the ID. So avoid using leading zeros in the <vdom-id> to keep from accidentally creating duplicate IDs.

The VDOM name, including the <string>, -hw, and <vdom-id> can be a up to a total of 11 characters long. For example, the VDOM name GCN-1-hw23 is valid but GCN-1234-hw23 is too long.

When you create a new VDOM, the CLI displays an output line that includes the VDOM name followed by the actual ID used for the VDOM in the kernel. For example:

config vdom

edit CGN-1-hw150

current vf=bdd-hw250:399

I this example, the ID created by the kernel for the VDOM is 399.

Another example:

config vdom

edit CGN-23-hw5

current vf=bdd-hw250:254

I this example, the ID created by the kernel for the VDOM is 254.

When you create a VDOM from the CLI, the new VDOM becomes the current VDOM and you can enable hyperscale firewall features and begin configuring the VDOM. The new VDOM will not appear in the VDOM list on the GUI until you log out of the GUI and then log back in.

Creating hyperscale firewall VDOMs

New for FortiOS 6.2.6, VDOMs in which you will be enabling hyperscale firewall features must be created with a special VDOM name that also includes a VDOM ID number. The VDOM ID number is used by the kernel to create an ID for the VDOM that NP7 processors use to track hyperscale firewall sessions for that VDOM.

The following option, new to FortiOS 6.2.6, must be used to set the VDOM ID range:

config system global

set hyper-scale-vdom-num

end

By default this option is set to 250, allowing you to configure up to 250 hyperscale firewall VDOMs by setting the VDOM ID in the range of 1 to 250.

Use the following syntax to create a hyperscale firewall VDOM from the global CLI:

config vdom

edit <string>-hw<vdom-id>

Where:

<string> is a string that can contain any alphanumeric upper or lower case characters and the - and _ characters. The string cannot contain spaces and you should not use -hw in the name.

<vdom-id> a VDOM ID number in the range defined by the global hyper-scale-vdom-num setting. By default the range is from 1 to 250. Each VDOM must have a different <vdom-id>. When you add a VDOM name with a <vdom-id>, the kernel calculates an ID for this VDOM by adding 249 to the <vdom-id>.

If you include leading zeros in the <vdom-id>, the kernel removes them when creating the ID. So avoid using leading zeros in the <vdom-id> to keep from accidentally creating duplicate IDs.

The VDOM name, including the <string>, -hw, and <vdom-id> can be a up to a total of 11 characters long. For example, the VDOM name GCN-1-hw23 is valid but GCN-1234-hw23 is too long.

When you create a new VDOM, the CLI displays an output line that includes the VDOM name followed by the actual ID used for the VDOM in the kernel. For example:

config vdom

edit CGN-1-hw150

current vf=bdd-hw250:399

I this example, the ID created by the kernel for the VDOM is 399.

Another example:

config vdom

edit CGN-23-hw5

current vf=bdd-hw250:254

I this example, the ID created by the kernel for the VDOM is 254.

When you create a VDOM from the CLI, the new VDOM becomes the current VDOM and you can enable hyperscale firewall features and begin configuring the VDOM. The new VDOM will not appear in the VDOM list on the GUI until you log out of the GUI and then log back in.