Fortinet black logo

Handbook

Multiple VDOMs solution

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:358972
Download PDF

Multiple VDOMs solution

By default, physical interfaces are in the root domain. If you don't configure any of your VLANs in the root VDOM, it won't matter how many interfaces are in the root VDOM.

The multiple VDOMs solution is to configure multiple VDOMs on the FortiGate, one for each VLAN. In this solution, you configure one inbound and one outbound VLAN interface in each VDOM. ARP packets aren't forwarded between VDOMs. This configuration limits the VLANs in a VDOM and correspondingly reduces the administration needed per VDOM.

As a result of this configuration, the switches don't receive multiple ARP packets with duplicate MACs. Instead, the switches receive ARP packets with different VLAN IDs and different MACs. Your switches are stable.

However, you shouldn't use the multiple VDOMs solution under any of the following conditions:

  • You have more VLANs than licensed VDOMs
  • You don't have enough physical interfaces

Instead, use one of two possible solutions, both supported in transparent mode only:

  • Use the vlanforward CLI command.
  • Use the forward-domain CLI command. But you still need to be careful in some rare configurations.

Multiple VDOMs solution

By default, physical interfaces are in the root domain. If you don't configure any of your VLANs in the root VDOM, it won't matter how many interfaces are in the root VDOM.

The multiple VDOMs solution is to configure multiple VDOMs on the FortiGate, one for each VLAN. In this solution, you configure one inbound and one outbound VLAN interface in each VDOM. ARP packets aren't forwarded between VDOMs. This configuration limits the VLANs in a VDOM and correspondingly reduces the administration needed per VDOM.

As a result of this configuration, the switches don't receive multiple ARP packets with duplicate MACs. Instead, the switches receive ARP packets with different VLAN IDs and different MACs. Your switches are stable.

However, you shouldn't use the multiple VDOMs solution under any of the following conditions:

  • You have more VLANs than licensed VDOMs
  • You don't have enough physical interfaces

Instead, use one of two possible solutions, both supported in transparent mode only:

  • Use the vlanforward CLI command.
  • Use the forward-domain CLI command. But you still need to be careful in some rare configurations.