Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • SD-WAN Deployment for MSSPs

    Home FortiGate / FortiOS 6.4.0 SD-WAN Deployment for MSSPs
    6.4.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0

    Multitenancy

    Multitenancy

    Each component of our solution offers flexible multitenancy options. FortiGate devices (FGT) can be shared between multiple tenants using Virtual Domains (VDOMs). FortiManager (FMG) and FortiAnalyzer (FAZ) use Administrative Domains (ADOMs).

    When our solution is offered as a Managed Service, the following deployment options are typically considered by the Service Providers (MSSPs):

    • Edge FGTs are deployed on end-customer premises, and they are dedicated to those end-customers (no multitenancy).
    • Hub FGTs:
      • Option 1: Deployed on MSSP premises, multitenant, VDOM per end-customer
      • Option 2: Deployed on MSSP premises, dedicated to end-customer, no multitenancy (usually virtual)
      • Option 3: Deployed on end-customer premises (Enterprise design), no multitenancy
    • FMG/FAZ:
      • Option 1: Deployed on MSSP premises, multitenant, ADOM per end-customer
      • Option 2: Deployed on MSSP premises or in public cloud, dedicated to end-customer, no multitenancy (virtual)

    When MSSP offers a fully managed service, end-customers might not even require access to the devices. But quite often a certain level of access is provided. The following options are worth considering:

    • If end-customers must have a certain level of access to FGT devices (often read-only), a dedicated customer VDOM can be created. The management (“root”) VDOM will be accessible by the MSSP only.
    • Central Management and Monitoring:
      • End-customer may be granted direct FMG/FAZ access, to their respective ADOM only (or to the entire instance, when it is dedicated to end-customer).
      • Alternative option is to add FortiPortal to the solution. FortiPortal is a comprehensive self-service portal designed for the end-customers.
      • Yet another option is to use a custom MSSP Portal developed in-house. This portal can communicate to FMG/FAZ by using REST API, thanks to the comprehensive automation support.

    The choice of multitenancy model has minimal impact on the rest of this document. It is only important to make sure that the configuration is done in the right ADOM.

    Previous
    Next

    Multitenancy

    Multitenancy

    Each component of our solution offers flexible multitenancy options. FortiGate devices (FGT) can be shared between multiple tenants using Virtual Domains (VDOMs). FortiManager (FMG) and FortiAnalyzer (FAZ) use Administrative Domains (ADOMs).

    When our solution is offered as a Managed Service, the following deployment options are typically considered by the Service Providers (MSSPs):

    • Edge FGTs are deployed on end-customer premises, and they are dedicated to those end-customers (no multitenancy).
    • Hub FGTs:
      • Option 1: Deployed on MSSP premises, multitenant, VDOM per end-customer
      • Option 2: Deployed on MSSP premises, dedicated to end-customer, no multitenancy (usually virtual)
      • Option 3: Deployed on end-customer premises (Enterprise design), no multitenancy
    • FMG/FAZ:
      • Option 1: Deployed on MSSP premises, multitenant, ADOM per end-customer
      • Option 2: Deployed on MSSP premises or in public cloud, dedicated to end-customer, no multitenancy (virtual)

    When MSSP offers a fully managed service, end-customers might not even require access to the devices. But quite often a certain level of access is provided. The following options are worth considering:

    • If end-customers must have a certain level of access to FGT devices (often read-only), a dedicated customer VDOM can be created. The management (“root”) VDOM will be accessible by the MSSP only.
    • Central Management and Monitoring:
      • End-customer may be granted direct FMG/FAZ access, to their respective ADOM only (or to the entire instance, when it is dedicated to end-customer).
      • Alternative option is to add FortiPortal to the solution. FortiPortal is a comprehensive self-service portal designed for the end-customers.
      • Yet another option is to use a custom MSSP Portal developed in-house. This portal can communicate to FMG/FAZ by using REST API, thanks to the comprehensive automation support.

    The choice of multitenancy model has minimal impact on the rest of this document. It is only important to make sure that the configuration is done in the right ADOM.

    Previous
    Next