At Zindagi, our focus is to create value for our customers by applying our deep industry experience, technical expertise, and business intelligence.

Our Clients

Contacts

Zindagi Technologies Pvt. ltd. 301-302, 3rd Floor 40-41 Bakshi House Nehru Place, New Delhi 110019

[email protected]

+91-9773973971

Twitter Facebook-f Linkedin Youtube

What Is The Process Of Virtual Clustering In The FortiGate Firewall?

Technology
_ _ Zindagi Technologies

Understanding the VDOMS?

Virtual domains (VDOMS) are a way to divide physical FortiGate devices into multiple Logical devices with different configurations. Each logical device can have completely different configurations, routes, NAT, and users.

By default, every FortiGate device is in default VDOM “root”. All the configuration of the FortiGate device is saved in “root” VDOM.

Default licenses of FortiGate device support 10 VDOMS.

Benefits of VDOMS

  • VDOMS makes easy administration of different security zones.
  • Different interfaces can be configured in different VDOMS.
  • Every VDOM can have its different physical interfaces, modem, VLAN subinterfaces, zones, firewall policies, routing settings, and VPN settings.
  • To access a VDOM the user should login from the interface assigned to that VDOM.
  • Users can be restricted to a specific VDOM for management.
  • VDOMS doesn’t require extra licenses for security updates compared to physical units.
  • VDOM can be used for the management of traffic which enables easier management of the FortiGate unit global settings.
  • By configuring VDOMS you can configure your device in multiple modes instead of one. For eg:- you can put one VDOM in transparent mode and rest NAT/route mode.

Steps to enable Multi-VDOM mode in Fortigate

To configure different VDOMS in FortiGate first of all VDOMS settings should be enabled. Only admin ids with superuser access can enable VDOM settings and can access Global VDOM.

To enable VDOM configuration – GUI:

  • Log in with a super_admin account.
  • Go to System > Settings.
  • Under Operations Settings, enable Virtual Domains.
  • Select Multi-vdom option
  • Click Ok

Now the system will log out and you need to login into the system you need to login with an admin user with super admin access.

Creating new VDOMS in FortiGate

To create a VDOM you need to login with Super admin. Then follow the steps

  • Log in with a super_admin account.
  • Select Global > System > VDOM.
  • Select Create New.
  • Enter the name for your new VDOM e.g., – DC1. 
  • Select OK.

How To assign an interface to VDOM

To assign the interface to a different VDOM:

  • Go to Global > Network > Interfaces.
  • Select the interface that you want to assign to VDOM and click edit.
  • Provide IP address to the interface
  • Select the VDOM named DC1.
  • Select OK

HA virtual clusters

FortiGate High Availability virtual cluster is made by configuring two or more FortiGate units to operate as an HA cluster.

HA cluster appears to function as a single FortiGate unit, processing network traffic and providing normal security services such as firewall, VPN, IPS, virus scanning, web filtering, and spam filtering.

Virtual clustering extends HA features to provide failover protection and load balancing for a FortiGate unit operating with virtual domains.

Virtual clustering is an extension of the FGCP for FortiGate units operating with multiple VDOMS enabled. Virtual clustering can be configured in active-passive mode or active-active mode to provide failover protection between two instances of a VDOM operating on two different cluster units or for load-balancing the traffic.

Configuring HA virtual clusters

To set up a virtual cluster follow the steps mentioned below: –

  • Log into FortiGate firewall
    • Go to System > HA
    • Select Mode as active-passive or active-active according to the requirement
    • Set the device priority more than 128
    • Provide the Cluster name eg:- cluster-1
    • Click OK

The FortiGate negotiates to establish an HA cluster. Connectivity with the FortiGate may be temporarily lost as the HA cluster negotiates and the FGCP changes the MAC addresses of the FortiGate’s interfaces.

Now Factory reset the other FortiGate device, configure GUI access and repeat the same steps just leave the device priority blank.

  • Now login both the FortiGate devices one by one.
  • Go to System > Settings and enable Virtual Domains.
  • Click Apply.

Now you will be logged out of the FortiGate. Log in back and make sure you are in global VDOM.

  • Go to System > VDOM.
  • Create two new VDOMs on the first FortiGate unit, such as DC1 and DC2.

Now you need to add new VDOMs to Virtual cluster 2.

  • Go to System > HA.
  • Add the Heartbeat interfaces.
  • Enable VDOM Partitioning.
  • Keep the rest settings as default and click OK.

In this blog, we learned about VDOMS, Virtual clustering, and HA using VDOMS. Also, we learned here how to partition VDOMS and load balance the traffic in HA. Zindagi Technologies has expertise in NetworkingNetwork SecurityData Centre networks, Enterprise networks, Collaboration, Virtualization, etc. We are happy to help you to provide better service for your home and corporate/Enterprise network. You can contact us or give us a call at +91-9773973971.

Author
Anshul Sapra
Network Security Consultant

Post Views: 2,312

Leave a comment

Delhi NCR

Bangalore

Chennai

About Us

Zindagi Technologies is a leading IT consulting and Managed Services Provider serving commercial enterprises across the globe. 

Twitter Facebook-f Linkedin Youtube

Quick Links

Contact Us

Copyright © 2023 Zindagi Technologies. All Rights Reserved.

Contact the Sales Team now

Subscribe to our latest updates!