Fawsitt Corp ltd.

Harrys VDOM

// project ? the joke that became infrastructure

Harry’s VDOM

It was meant to be funny. The certificates renewed anyway.

A brief history of the bit

For weeks now, friends have been saying “Harry’s VDOM” the way other people say “the cloud” or “artisan sourdough” ? slightly knowing, slightly mocking, definitely overused. Fair. It started as a serious bit of network engineering and a stupid label, and the label outlived the seriousness.

So. Now there’s a webpage. The bit has documentation. The bit is professional now. The bit will be on the CV.

What it actually is

A FortiGate Virtual Domain. In plain English: a segment of one physical firewall, ring-fenced from everything else on the box. Its own routing table. Its own policies. Its own tiny administrative empire.

It carries a structured engineering environment ? work zones, an admin zone, an internet-facing zone ? kept apart on purpose so that one mistake in one place does not become a mistake in every place. Strict between segments. Strict to the outside. Boring on purpose. Boring is the whole point.

Authentication

Logging in to the firewall requires a certificate issued by an internal authority, not a password and a vibe. This sounds clever. In practice it is mostly me sighing at a renewal email twice a year and remembering, eventually, where I put the private key.

DNS

All DNS in the environment funnels through a single resolver that filters known nuisance domains: trackers, spyware, malware, the bits of the internet that exist only to siphon data from people who didn’t ask. The upstream is encrypted. The blocklists are curated. Apple is allow-listed because Apple software does not cope when you tell it no.

What it taught me

  • Routing, filtering and identity are three different jobs that need three different places. Conflating them feels efficient until something breaks and you cannot tell which thing broke it.
  • “It works” is not the bar. “It still works in 90 days when the certificate expires” is the bar.
  • If you cannot explain a piece of your own infrastructure to a confused friend in a pub, you have not finished it. You have built a mystery.
  • Have you tried turning it off and on again. I have. Several times. It is fine now.

There is no front door. There is no demo. If you have been linked here, congratulations on caring.