Feature #14594
open
VDOM on pfsense
0%
Description
I do not see this feature in any of the open requests but having a similar functionality to VDOM (virtual domain) on Fortinet devices in pfsense would open many more use cases for it. For those who don't know what a VDOM is, it allows a single firewall to be split up virtually, including having separate webconfigs per each VDOM. I found this post from 9 years ago that had no replies but brought the idea that it could be done on pfsense: https://list.pfsense.narkive.com/VCNLiGjK/pfsense-something-like-fortigate-s-vdom-feature
If you want to learn more about VDOM as it works in Fortinet, visit their page describing it: https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/597696/vdom-overview
Updated by Kris Phillips 9 months ago
VDOM seems like a marketing rebrand for a VRF on Fortinet. TNSR currently has this, but pfSense Plus does not.
Updated by Conor Dang 9 months ago
Kris Phillips wrote in #note-1:
VDOM seems like a marketing rebrand for a VRF on Fortinet. TNSR currently has this, but pfSense Plus does not.
It is definietly more than a rebrand of VRF. VDOM essentially gives you different options for virtualizing your firewall, including a different web configuration for each virtual section. This is extremely useful for companies that rent out sections of their building to different smaller companies that each have their own networking requirments. You can have a root VDOM that shares internet access with all of the VDOMs under it, as well as setting some global network security rules that apply to all VDOMs. Then each company has their own VDOM where they can administer and alter its configuration to their business requirments. In my situation, we have my company, and a startup that we heavily invested in, under the same roof. Our policies and procedures do not change much so our networking does not change unless it is to improve performance, security, or reliability. The startup on the other hand needs to constantly change their environment around in order to test new products, diagnose issues, configure new lab enrionments for projects to mimic the production deployment, etc. With pfsense+ this means that we constantly have to alter the configuration of the whole firewall and it can open my company up to security concerns as well causing other issues that impact the network performance and even rarely bring it down. If the companies were under different VDOMs most of those issues would be mitigated, each company would have its separate firewall configuration, and there would be balance to the force.