Usando Dominios Virtuales
Páginas: 7 (1705 palabras)
Publicado: 16 de noviembre de 2012
Using virtual domains
This section describes virtual domains along with some of their benefits, and how
to use them to operate your FortiGate unit as multiple virtual units.
If you enable virtual domains (VDOMs) on the FortiGate unit, you configure virtual
domains globally for the FortiGate unit.
To get started working with virtual domains, see “Enabling VDOMs” on page 100.
This sectiondescribes:
•
•
•
Virtual domains
Enabling VDOMs
Configuring VDOMs and global settings
Virtual domains
Virtual domains (VDOMs) are a method of dividing a FortiGate unit into two or
more virtual units that function as multiple independent units. A single FortiGate
unit is then flexible enough to serve multiple departments of an organization,
separate organizations, or be the basis for aservice provider’s managed security
service.
Some benefits of VDOMs are:
•
•
•
Easier administration
Maintain Security
Easy to increase or decrease number of VDOMs
Easier administration
VDOMs provide separate security domains that allow separate zones, user
authentication, firewall policies, routing, and VPN configurations. Using VDOMs
can also simplify administration of complexconfigurations because you do not
have to manage as many routes or firewall policies at one time. See “VDOM
configuration settings” on page 97.
By default, each FortiGate unit has a VDOM named root. This VDOM includes all
of the FortiGate physical interfaces, modem, VLAN subinterfaces, zones, firewall
policies, routing settings, and VPN settings.
Also you can optionally assign an administrator accountrestricted to that VDOM.
If the VDOM is created to serve an organization, this feature enables the
organization to manage its own configuration.
Management systems such as SNMP, logging, alert email, FDN-based updates
and NTP-based time setting use addresses and routing in the management
VDOM to communicate with the network. They can connect only to network
resources that communicate withthe management virtual domain. The
management VDOM is set to root by default, but can be changed. For more
information see “Changing the Management VDOM” on page 106.
FortiGate Version 3.0 MR7 Administration Guide
01-30007-0203-20090112
95
Virtual domains
Using virtual domains
Maintain Security
When a packet enters a VDOM, it is confined to that VDOM. In a VDOM, you can
create firewallpolicies for connections between VLAN subinterfaces or zones in
the VDOM. Packets do not cross the virtual domain border internally. To travel
between VDOMs a packet must pass through a firewall on a physical interface.
The packet then arrives at another VDOM on a different interface where it must
pass through another firewall before entering. Both VDOMs are on the same
FortiGate unit.Inter-VDOMs change this in that they are internal interfaces,
however their packets go through all the same security measures as on physical
interfaces.
Without VDOMs, administrators can easily access settings across the FortiGate.
This can lead to security issues or far-reaching configuration errors. However,
administrator permissions are specific to one VDOM. An admin on one VDOM
can't changeinformation on another VDOM. Any configuration changes, and
potential errors, will apply only to that VDOM and limit any potential down time.
The remainder of FortiGate functionality is global - it applies to all VDOMs. This
means there is one intrusion prevention configuration, one antivirus configuration,
one web filter configuration, one protection profile configuration, and so on. As
well,VDOMs share firmware versions, antivirus and attack databases. The
operating mode, NAT/Route or Transparent, is independently selectable for each
VDOM. For a complete list of shared configuration settings, see “Global
configuration settings” on page 98.
Easy to increase or decrease number of VDOMs
To increase the number of physical units, you need to deal with shipping issues,
you need...
This section describes virtual domains along with some of their benefits, and how
to use them to operate your FortiGate unit as multiple virtual units.
If you enable virtual domains (VDOMs) on the FortiGate unit, you configure virtual
domains globally for the FortiGate unit.
To get started working with virtual domains, see “Enabling VDOMs” on page 100.
This sectiondescribes:
•
•
•
Virtual domains
Enabling VDOMs
Configuring VDOMs and global settings
Virtual domains
Virtual domains (VDOMs) are a method of dividing a FortiGate unit into two or
more virtual units that function as multiple independent units. A single FortiGate
unit is then flexible enough to serve multiple departments of an organization,
separate organizations, or be the basis for aservice provider’s managed security
service.
Some benefits of VDOMs are:
•
•
•
Easier administration
Maintain Security
Easy to increase or decrease number of VDOMs
Easier administration
VDOMs provide separate security domains that allow separate zones, user
authentication, firewall policies, routing, and VPN configurations. Using VDOMs
can also simplify administration of complexconfigurations because you do not
have to manage as many routes or firewall policies at one time. See “VDOM
configuration settings” on page 97.
By default, each FortiGate unit has a VDOM named root. This VDOM includes all
of the FortiGate physical interfaces, modem, VLAN subinterfaces, zones, firewall
policies, routing settings, and VPN settings.
Also you can optionally assign an administrator accountrestricted to that VDOM.
If the VDOM is created to serve an organization, this feature enables the
organization to manage its own configuration.
Management systems such as SNMP, logging, alert email, FDN-based updates
and NTP-based time setting use addresses and routing in the management
VDOM to communicate with the network. They can connect only to network
resources that communicate withthe management virtual domain. The
management VDOM is set to root by default, but can be changed. For more
information see “Changing the Management VDOM” on page 106.
FortiGate Version 3.0 MR7 Administration Guide
01-30007-0203-20090112
95
Virtual domains
Using virtual domains
Maintain Security
When a packet enters a VDOM, it is confined to that VDOM. In a VDOM, you can
create firewallpolicies for connections between VLAN subinterfaces or zones in
the VDOM. Packets do not cross the virtual domain border internally. To travel
between VDOMs a packet must pass through a firewall on a physical interface.
The packet then arrives at another VDOM on a different interface where it must
pass through another firewall before entering. Both VDOMs are on the same
FortiGate unit.Inter-VDOMs change this in that they are internal interfaces,
however their packets go through all the same security measures as on physical
interfaces.
Without VDOMs, administrators can easily access settings across the FortiGate.
This can lead to security issues or far-reaching configuration errors. However,
administrator permissions are specific to one VDOM. An admin on one VDOM
can't changeinformation on another VDOM. Any configuration changes, and
potential errors, will apply only to that VDOM and limit any potential down time.
The remainder of FortiGate functionality is global - it applies to all VDOMs. This
means there is one intrusion prevention configuration, one antivirus configuration,
one web filter configuration, one protection profile configuration, and so on. As
well,VDOMs share firmware versions, antivirus and attack databases. The
operating mode, NAT/Route or Transparent, is independently selectable for each
VDOM. For a complete list of shared configuration settings, see “Global
configuration settings” on page 98.
Easy to increase or decrease number of VDOMs
To increase the number of physical units, you need to deal with shipping issues,
you need...
Leer documento completo
Regístrate para leer el documento completo.