Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Networking. Module Objectives By the end of this module participants will be able to: Understand the use of virtual LANs Create VLAN subinterfaces.

Published byBlaze Clarke Modified over 8 years ago

Similar presentations

Presentation on theme: "Virtual Networking. Module Objectives By the end of this module participants will be able to: Understand the use of virtual LANs Create VLAN subinterfaces."— Presentation transcript:

1 Virtual Networking

2 Module Objectives By the end of this module participants will be able to: Understand the use of virtual LANs Create VLAN subinterfaces on the FortiGate unit Understand the use of virtual domains Create virtual domains Create administrators specific to virtual domains Create inter-VDOM links

3 Virtual Local Area Networks (VLAN) Click here to read more about virtual LANs VLANs Physical interfaces

4 Virtual Local Area Networks (VLAN) Click here to read more about virtual LANs VLANs Physical interfaces VLANs increase the number of network interfaces beyond the physical connections on the FortiGate unit VLANs can be used to logically distribute devices on a LAN into smaller broadcast domains Uses VLAN tags

5 VLAN tags Destination MAC Source MAC TypeDataCRC 32 Ethernet frame 6 bytes 2 bytes46-1500 bytes4 bytes Destination MAC Source MAC TypeDataCRC 32 Ethernet frame using VLAN tags Type 8100 Tag Control Info 2 bytes User Priority Field Canonical Format Indicator VLAN Identifier Click here to read more about VLAN tags

6 VLAN tags Destination MAC Source MAC TypeDataCRC 32 Ethernet frame 6 bytes 2 bytes46-1500 bytes4 bytes Destination MAC Source MAC TypeDataCRC 32 Ethernet frame using VLAN tags Type 8100 Tag Control Info 2 bytes User Priority Field Canonical Format Indicator VLAN Identifier A four-byte extension to the Ethernet frame is used to define VLANs Applied by switches and routers to every packet sent and received by the devices Workstations and desktop computers are not an active part of the VLAN process VLAN tagging and removal is done after the packet has left the computer Click here to read more about VLAN tags

7 VLAN Scenario Headquarters Branch office Retail office Accounting computer

8 VLAN Scenario Headquarters Branch office Retail office Accounting computer In this scenario, computers located in different buildings need to communicate with each other frequently with high security VLANs allow data to be sent between specific computers in different locations as if they were on the same physical subnet

9 VLANs on a FortiGate Unit Destination MAC Source MAC TypeDataCRC 32 Type 8100 Tag Control Info VLAN A VLAN B

10 VLANs on a FortiGate Unit Destination MAC Source MAC TypeDataCRC 32 Type 8100 Tag Control Info VLAN A VLAN B The FortiGate unit acts as a layer-3 device when in default NAT/Route mode Can add, read, remove or modify VLAN tags Device can change the VLAN tag if appropriate and send the data frame out on a different VLAN

11 VLANs on a FortiGate Unit VLAN 100 Branch office VLAN 200 Headquarters VLAN 300 Tag: VLAN 100 Tag: VLAN 300 Router A Router B Subnet 1 Subnet 2

12 Virtual Domains Click here to read more about FortiGate virtual domains Domain ADomain BDomain C One physical FortiGate deviceMultiple virtual FortiGate devices

13 Virtual Domains Acme Co.ABC Inc.XYZ Ltd. Own network interfaces Own routing requirements Own firewall policies Own protection rules Packets confined to this VDOM

14 Virtual Domains Acme Co.ABC Inc.XYZ Ltd. Own network interfaces Own routing requirements Own firewall policies Own protection rules Packets confined to this VDOM Logically, virtual domains behave like separate FortiGate units By default, a FortiGate unit can support a maximum of 10 virtual domains Certain models allow the purchase of additional VDOM licenses to increase number

15 VDOM Settings Domain A Global settings Settings affect all configured domains: Hostname DNS settings System time Firmware versions …

16 VDOM Settings Domain A Global settings VDOM settings Settings affect specific VDOM only: Operating mode Router settings Firewall settings UTM settings …

17 Enabling Virtual Domains

18 When VDOMs enabled: Global and per-VDOM configurations are separated Only the admin account can view or configure global options Only the admin account can access all VDOM configurations Regular administrators can only configure the VDOM to which they are assigned

19 Switching Between Virtual Domains

20 Admin can switch between VDOMs configured on the FortiGate unit in addition to accessing the Global Configuration Regular administrators are confined to their own VDOMs

21 VDOM Resource Limits Accounting Global resource limits VDOM resource limits

22 VDOM Resource Limits Accounting VDOM resource limits Global resources limits affect resources available to the FortiGate device VDOM resource limits affect resources available for each VDOM Resource limits vary by device model

23 Per-VDOM Configurations Accounting Full Config VDOM Config

24 Per-VDOM Configurations Accounting Full Config VDOM Config Administrators can back up and restore the entire device configuration or VDOM-specific configurations VDOM configurations are stored as separate configuration files VDOM configurations can be synched between HA devices

25 Virtual Domains Administrators Domain ADomain BDomain C

26 Virtual Domains Administrators Domain ADomain BDomain C super_admin profile

27 Virtual Domains Administrators Domain ADomain BDomain C super_admin profile Virtual domains can be managed using either one common administrator or multiple separate administrators for each VDOM Administrators assigned the super_admin profile can manage all VDOMs on the FortiGate device Can also create other administrator accounts and assign them to VDOMs

28 Inter-VDOM Links Domain ADomain BDomain C Click here to read more about inter-VDOM links

29 Inter-VDOM Links Domain ADomain BDomain C Click here to read more about inter-VDOM links Inter-VDOM links allow VDOMs to communicate internally without using additional physical interfaces Communication no longer has to leave on a physical interface and re-enter the FortiGate device on another physical interface Firewall policies need to be in place for traffic to be allowed to pass through any interface Whether it be physical or virtual

30 Inter-VDOM Links

31 Management VDOM Management traffic leaves through management VDOM DNS Logging to FortiAnalyzer or syslog FortiGuard Alerts emails NTP SNMP traps Quarantine Management VDOM must have access to Internet Default management VDOM is root

32 Independent VDOM Configuration Internet VDOM 1VDOM 2VDOM 3 Network 1Network 2 Network 3 Internet

33 Independent VDOM Configuration Internet VDOM 1VDOM 2VDOM 3 Network 1Network 2 Network 3 An Independent VDOM configuration uses multiple VDOMs that are completely separate from each other No communication between VDOMs Each VDOM can administer the VDOM- dependent settings of their own VDOM only Internet

34 Management VDOM Configuration Network 1Network 2 Network 3 Management VDOM Internet VDOM 1VDOM 2VDOM 3

35 Management VDOM Configuration Network 1Network 2 Network 3 Management VDOM Internet VDOM 1VDOM 2VDOM 3 The root VDOM is the management VDOM and the other VDOMs are connected to it with inter-VDOM links Only the management VDOM is connected to the Internet All external traffic is routed through the management VDOM

36 Meshed VDOM Configuration Network 1Network 2 Management VDOM Internet VDOM 1VDOM 2

37 Meshed VDOM Configuration Network 1Network 2 Management VDOM Internet VDOM 1VDOM 2 The Meshed VDOM configuration has VDOMs inter-connected with other VDOMs These configurations can become complex very quickly

38 Classroom Lab Topology

39 Lab - Initial Setup Initial configuration Accessing Web Config Click here for step-by-step instructions on completing this lab Lab - Virtual Domains Creating a new VDOM Creating an administrative account Creating inter-VDOM links Creating firewall policies Accessing the services VDOM Click here for step-by-step instructions on completing this lab Click here for instructions on accessing the virtual lab environment Labs

40 Student Resources Click hereClick here to view the list of resources used in this module

Download ppt "Virtual Networking. Module Objectives By the end of this module participants will be able to: Understand the use of virtual LANs Create VLAN subinterfaces."

Similar presentations

LAN Segmentation Virtual LAN (VLAN).

LAN Segmentation Virtual LAN (VLAN).
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
Application Guide For Mesh AP – MAP-3120

Application Guide For Mesh AP – MAP-3120
RIP V1 W.lilakiatsakun.

RIP V1 W.lilakiatsakun.
Virtual LANs.

Virtual LANs.
VLAN KRISHNAKUMAR RAJENDRAN NIKITA PATEL TEJENDRA PATEL Guided by Prof, Edmund Gean.

VLAN KRISHNAKUMAR RAJENDRAN NIKITA PATEL TEJENDRA PATEL Guided by Prof, Edmund Gean.
Switching Topic 4 Inter-VLAN routing. Agenda Routing process Routing VLANs – Traditional model – Router-on-a-stick – Multilayer switches EtherChannel.

Switching Topic 4 Inter-VLAN routing. Agenda Routing process Routing VLANs – Traditional model – Router-on-a-stick – Multilayer switches EtherChannel.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.

Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
VLANs Virtual LANs CIS 278.

VLANs Virtual LANs CIS 278.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Ethernet and switches selected topics 1. Agenda Scaling ethernet infrastructure VLANs 2.

Ethernet and switches selected topics 1. Agenda Scaling ethernet infrastructure VLANs 2.
Introduction to Fortinet Unified Threat Management

Introduction to Fortinet Unified Threat Management
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.

Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Course 301 – Secured Network Deployment and IPSec VPN

Course 301 – Secured Network Deployment and IPSec VPN
Fortinet Single Sign On

Fortinet Single Sign On
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
CCENT Study Guide Chapter 11 VLANs and Inter-VLAN Routing.

CCENT Study Guide Chapter 11 VLANs and Inter-VLAN Routing.

Similar presentations

Ads by Google