Fortinet black logo

Administration Guide

Configuring VDOMs

Configuring VDOMs

Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. For more information see the FortiOS Handbook available in the Fortinet Document Library.

VDOMs have their own dashboard and toolbar. You can configure the VDOM in the same way that you can configure a device.

Delete

Select to remove this virtual domain. This function applies to all virtual domains except the root.

Create New

Select to create a new virtual domain.

Management Virtual Domain

Select the management VDOM and select Apply.

Name

The name of the virtual domain and if it is the management VDOM.

Virtual Domain

Virtual domain type.

IP/Netmask

The IP address and mask. Normally used only for Transparent mode.

Type

Either VDOM Link or Physical.

Access

HTTP, HTTPS, SSH, PING, SNMP, and/or TELNET.

Resource Limit

Select to configure the resource limit profile for this VDOM.

Creating and editing virtual domains

Creating and editing virtual domains in the FortiManagersystem is very similar to creating and editing VDOMs using the FortiGate GUI.

You need to enable virtual domains before you can create one.

To enable virtual domains:
  1. Go to Device Manager > Device & Groups.
  2. In the tree menu, select a device group.
  3. In the lower tree menu, select a device. The device dashboard displays.
  4. In the System Information widget, select the Enable link in the VDOM field.
To create a virtual domain:
  1. In the Device Manager tab, display the device dashboard for the unit you want to configure.
  2. From the System menu, select Virtual Domain.
  3. Click Create New to create a new VDOM.

    The Virtual Domain tab may not be visible in the content pane tab bar. See View system dashboard for managed/logging devices for more information.

    After the first VDOM is created you can create additional VDOMs by right-clicking on the existing VDOM and selecting Add VDOM from the right-click menu.

  4. Complete the options, and clickOK to create the new VDOM.

Configuring inter-VDOM routing

By default, for two virtual domains to communicate it must be through externally connected physical interfaces. Inter-VDOM routing creates a link with two ends that act as virtual interfaces, internally connecting the two virtual domains.

Before configuring inter-VDOM routing:

  • You must have at least two virtual domains configured.
  • The virtual domains must all be in NAT mode.
  • Each virtual domain to be linked must have at least one interface or subinterface assigned to it.
To create a VDOM link:
  1. In the Device Manager pane, display the device dashboard for the device.
  2. From the System menu, select Interface.
  3. Click Create New > VDOM Link. The New VDOM Link pane opens.

  4. Enter the following information:

    Name

    Name of the VDOM link.

    Interface #x

    The interface number, either 1 or 0.

    VDOM

    Select the VDOM

    IP/Netmask

    Type the IP address and netmask for the VDOM.

    Administrative Access

    Select the allowed administrative service protocols: HTTPS, PING, FMG-Access, CAPWAP, SSH, and SNMP.

    Note: HTTP traffic will be automatically redirected to HTTPS.

    Description

    Optionally, type a description for the link.

  5. Click OK to save your settings.

Deleting a virtual domain

Prior to deleting a VDOM, all policies must be removed from the VDOM. To do this, apply and install a blank, or empty, policy package to the VDOM (see Create new policy packages). All objects related to the VDOM must also be removed, such as routes, VPNs, and admin accounts.

To delete a VDOM:
  1. In the Device Manager tab, display the device dashboard for the unit you want to configure.
  2. From the System menu, select Virtual Domain.
  3. Right-click on the VDOM and select Delete.
  4. Click OK in the confirmation dialog box to delete the VDOM.

Configuring VDOMs

Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. For more information see the FortiOS Handbook available in the Fortinet Document Library.

VDOMs have their own dashboard and toolbar. You can configure the VDOM in the same way that you can configure a device.

Delete

Select to remove this virtual domain. This function applies to all virtual domains except the root.

Create New

Select to create a new virtual domain.

Management Virtual Domain

Select the management VDOM and select Apply.

Name

The name of the virtual domain and if it is the management VDOM.

Virtual Domain

Virtual domain type.

IP/Netmask

The IP address and mask. Normally used only for Transparent mode.

Type

Either VDOM Link or Physical.

Access

HTTP, HTTPS, SSH, PING, SNMP, and/or TELNET.

Resource Limit

Select to configure the resource limit profile for this VDOM.

Creating and editing virtual domains

Creating and editing virtual domains in the FortiManagersystem is very similar to creating and editing VDOMs using the FortiGate GUI.

You need to enable virtual domains before you can create one.

To enable virtual domains:
  1. Go to Device Manager > Device & Groups.
  2. In the tree menu, select a device group.
  3. In the lower tree menu, select a device. The device dashboard displays.
  4. In the System Information widget, select the Enable link in the VDOM field.
To create a virtual domain:
  1. In the Device Manager tab, display the device dashboard for the unit you want to configure.
  2. From the System menu, select Virtual Domain.
  3. Click Create New to create a new VDOM.

    The Virtual Domain tab may not be visible in the content pane tab bar. See View system dashboard for managed/logging devices for more information.

    After the first VDOM is created you can create additional VDOMs by right-clicking on the existing VDOM and selecting Add VDOM from the right-click menu.

  4. Complete the options, and clickOK to create the new VDOM.

Configuring inter-VDOM routing

By default, for two virtual domains to communicate it must be through externally connected physical interfaces. Inter-VDOM routing creates a link with two ends that act as virtual interfaces, internally connecting the two virtual domains.

Before configuring inter-VDOM routing:

  • You must have at least two virtual domains configured.
  • The virtual domains must all be in NAT mode.
  • Each virtual domain to be linked must have at least one interface or subinterface assigned to it.
To create a VDOM link:
  1. In the Device Manager pane, display the device dashboard for the device.
  2. From the System menu, select Interface.
  3. Click Create New > VDOM Link. The New VDOM Link pane opens.

  4. Enter the following information:

    Name

    Name of the VDOM link.

    Interface #x

    The interface number, either 1 or 0.

    VDOM

    Select the VDOM

    IP/Netmask

    Type the IP address and netmask for the VDOM.

    Administrative Access

    Select the allowed administrative service protocols: HTTPS, PING, FMG-Access, CAPWAP, SSH, and SNMP.

    Note: HTTP traffic will be automatically redirected to HTTPS.

    Description

    Optionally, type a description for the link.

  5. Click OK to save your settings.

Deleting a virtual domain

Prior to deleting a VDOM, all policies must be removed from the VDOM. To do this, apply and install a blank, or empty, policy package to the VDOM (see Create new policy packages). All objects related to the VDOM must also be removed, such as routes, VPNs, and admin accounts.

To delete a VDOM:
  1. In the Device Manager tab, display the device dashboard for the unit you want to configure.
  2. From the System menu, select Virtual Domain.
  3. Right-click on the VDOM and select Delete.
  4. Click OK in the confirmation dialog box to delete the VDOM.