03-09-2022 04:54 PM
Hello!
I have been investigating into using service graphs in our environment where multiple tenants exist. In our case we have a test , preprod and prod environment which are completely isolated.
Our Fortigates use VDOMs for each environment. What I'd like to do is use service graphs for each tenant and PBR certain traffic and allow the rest to be line rate and ignore firewalls! But what I can't wrap my head around or easily test right now is if it would be supported with multiple tenants on the one interface arm to the firewall.
We are not using VMM integration and intend to use unmanaged service graph device configuration. We want to ideally use the same physical interface and use vlan encapsulation for each tenant/VDOM to direct traffic with service graph/PBR to the right place.
Am I overthinking this? I could not find many multi tenant examples like this.
Thanks in advance,
KT