Split-task VDOM mode
In split-task VDOM mode, the FortiGate has two VDOMs: the management VDOM (root) and the traffic VDOM (FG-traffic).
The management VDOM is used to manage the FortiGate, and cannot be used to process traffic.
The following GUI sections are available when in the management VDOM:
- The Status dashboard
- Security Fabric topology and settings (read-only, except for HTTP Service settings)
- Interface and static route configuration
- FortiClient configuration
- Replacement messages
- Certificates
- System events
- Log and email alert settings
- Threat weight definitions
The traffic VDOM provides separate security policies, and is used to process all network traffic.
The following GUI sections are available when in the traffic VDOM:
- The Status, Top Usage LAN/DMZ, and Security dashboards
- Security Fabric topology, settings (read-only, except for HTTP Service settings), and External Connectors (Endpoint/Identity connectors only)
- FortiView
- Interface configuration
- Packet capture
- SD-WAN, SD-WAN Rules, and Performance SLA
- Static and policy routes
- RIP, OSPF, BGP, and Multicast
- Replacement messages
- Feature visibility
- Tags
- Certificates
- Policies and objects
- Security profiles
- VPNs
- User and device authentication
- Wifi and switch controller
- Logging
- Monitoring
Split-task VDOM mode is not available on all FortiGate models. The Fortinet Security Fabric supports split-task VDOM mode.
Enable split-task VDOM mode
Split-task VDOM mode can be enabled in the GUI or CLI. Enabling it does not require a reboot, but does log you out of the FortiGate.
When split-task VDOM mode is enabled, all current management configuration is assigned to the root VDOM, and all non-management settings, such as firewall policies and security profiles, are deleted. |
On FortiGate 90 series models and lower, VDOMs can only be enabled using the CLI. |
To enable split-task VDOM mode in the GUI:
- On the FortiGate, go to System > Settings.
- In the System Operation Settings section, enable Virtual Domains.
- Select Split-Task VDOM for the VDOM mode.
- Select a Dedicated Management Interface from the Interface list. This interface is used to access the management VDOM, and cannot be used in firewall policies.
- Click OK.
To enable split-task VDOM mode with the CLI:
config system global set vdom-mode split-vdom end