Creating hyperscale firewall VDOMs
VDOMs in which you will be enabling hyperscale firewall features must be created with a special VDOM name that also includes a VDOM ID. The VDOM ID is used by FortiOS to create a kernel VDOM_ID for the VDOM that NP7 processors use to track hyperscale firewall sessions for that VDOM.
The number of hyperscale firewall VDOMs that you can create depends on your hyperscale firewall license and is controlled by the following configuration option: config system global set hyper-scale-vdom-num <vdom-id-num> end By default |
Use the following syntax to create a hyperscale firewall VDOM:
config vdom
edit <name>-hw<vdom-id>
end
Where:
<name>
is a string that can contain any alphanumeric upper or lower case characters and the -
and _
characters. The name cannot contain spaces and you should not use -hw
in the name.
<vdom-id>
a VDOM ID number in the range from 1 to <vdom-id-num>
. For example, if your FortiGate is licensed for 250 hyperscale firewall VDOMs, if you haven't used the hyper-scale-vdom-num
option to change the number of hyperscale firewall VDOMs, <vdom-id>
can be from 1 to 250. Each hyperscale firewall VDOM must have a different <vdom-id>
.
If you don't use the format The CLI blocks you from creating a VDOM with a If you create a VDOM using the |
When you add a new hyperscale firewall VDOM with a <vdom-id>
, FortiOS calculates the kernel VDOM_ID using the following formula:
kernel VDOM_ID = 501 - <vdom-id>
If you include leading zeros in the <vdom-id>
, the kernel removes them when creating the ID. So avoid using leading zeros in the <vdom-id>
to keep from accidentally creating duplicate IDs.
The VDOM name, including the <string>
, -hw
, and <vdom-id>
can include up to 11 characters. For example, the VDOM name CGN-1-hw23
is valid but CGN-1234-hw23
is too long.
When you create a new hyperscale firewall VDOM, the CLI displays an output line that includes the VDOM name followed by the kernel VDOM_ID. For example:
config vdom
edit Test-hw150
current vf=Test-hw150:351
In this example, the kernel VDOM_ID is 351.
Another example:
config vdom
edit Test02-hw2
current vf=Test02-hw2:499
In this example, the kernel VDOM_ID is 499.
When you create a VDOM from the CLI, the new hyperscale VDOM becomes the current VDOM. The new hyperscale firewall VDOM may not appear in the VDOM list on the GUI until you log out of the GUI and then log back in.