Administrative domains (ADOMs) enable administrators to manage only those devices that they are specifically assigned, based on the ADOMs to which they have access. When the ADOM mode is advanced, FortiGate devices with multiple VDOMs can be divided among multiple ADOMs.
Administrator accounts can be tied to one or more ADOMs, or denied access to specific ADOMs. When a particular administrator logs in, they see only those devices or VDOMs that have been enabled for their account. Super user administrator accounts, such as the
admin account, can see and maintain all ADOMs and the devices within them.
Each ADOM specifies how long to store and how much disk space to use for its logs. You can monitor disk utilization for each ADOM and adjust storage settings for logs as needed.
The maximum number of ADOMs you can add depends on the FortiAnalyzer system model. Please refer to the FortiAnalyzer data sheet for more information.
When the maximum number of ADOMs has been reached, you will be unable to create a new ADOM.
When upgrading to FortiAnalyzer 6.2.1 or later, you will continue to have access to any ADOMs exceeding the limit, however, no additional ADOMs can be created, and an alert will be issued in the Alert Message Console in System Settings > Dashboard.
By default, ADOMs are disabled. Enabling and configuring ADOMs can only be done by administrators with the Super_User profile. See Administrators.
The root ADOM and Security Fabric ADOMs are available for visibility into all Fabric devices. See Creating a Security Fabric ADOM.
Non-FortiGate devices are automatically located in specific ADOMs for their device type. They cannot be moved to other ADOMs.
ADOMs must be enabled to support the logging and reporting of non-FortiGate devices.