Virtual domain properties, Configuring a virtual domain – Fortinet FortiGate 4000 User Manual

154

Fortinet Inc.

Virtual domains in Transparent mode

Network configuration

Figure 44: FortiGate unit with two virtual domains

Virtual domain properties

A virtual domain has the following exclusive properties:

• VLAN name,
• VLAN ID,
• VLAN interface assignment,
• VLAN zone assignment (optional),
• Firewall policy.

Virtual domains share the following global properties with other processes on the
FortiGate unit:

• System settings,
• Firewall policy objects (addresses, services, schedule, content profiles, and so on),
• User information,
• NIDS settings,
• Antivirus, Web filter, Mail filter settings,
• Log & report settings.

In addition to the global properties, virtual domains share a common administrative
model. Administrators have access to all of the virtual domains on the FortiGate unit.
Only their administrative access level varies.

Configuring a virtual domain

Configure a virtual domain by adding the virtual domain to the FortiGate configuration.
Then add matching pairs of VLAN subinterfaces to the virtual domain.

•

Adding a virtual domain

•

Adding VLAN subinterfaces to a virtual domain

•

Adding zones to virtual domains

VLAN1

VLAN1

VLAN2

VLAN2

VLAN3

VLAN3

Virtual Domain 1

Virtual Domain 2

content filtering

antivirus

NIDS

content filtering

antivirus

NIDS

Internal

External

VLAN1

VLAN3

VLAN2

VLAN Switch

or router

VLAN Switch or router

VLAN trunk

VLAN1

VLAN2

VLAN3

VLAN trunk

FortiGate unit

VLAN1

VLAN3

VLAN2

Internet