Fortinet black logo

CLI Reference

ADOMs overview

ADOMs overview

FortiManager can manage a large number of Fortinet devices. ADOMs enable administrators to manage only those devices that are specific to their geographic location or business division. This also includes FortiGate units with multiple configured VDOMs.

If ADOMs are enabled, each administrator account is tied to an administrative domain. When a particular administrator logs in, they see only those devices or VDOMs that have been enabled for their account. The one exception is the admin administrator account which can see and maintain all administrative domains and the devices within those domains.

Administrative domains are not enabled by default, and enabling and configuring the domains can only be performed by the admin administrator. For more information, see Configuring ADOMs.

The default and maximum number of administrative domains you can add depends on the FortiManager system model. The table below outlines these limits.

FortiManager Model

Administrative Domain / Network Devices

FMG-100C

30 / 30

FMG-200D

30 / 30

FMG-300D

300 / 300

FMG-400C

300 / 300

FMG-1000C

800 / 800

FMG-1000D

1000 / 1000

FMG-3000C

5000 / 5000

FMG-3900E

5000 / 5000

FMG-4000D

4000 / 4000

FMG-4000E

4000 / 4000

FMG-VM-Base

10 / 10

FMG-VM-10-UG

+10 / +10

FMG-VM-100-UG

+100 / +100

FMG-VM-1000-UG

+1000 / +1000

FMG-VM-5000-UG

+5000 / +5000

FMG-VM-U-UG

+10000 / +10000

ADOMs overview

ADOMs overview

FortiManager can manage a large number of Fortinet devices. ADOMs enable administrators to manage only those devices that are specific to their geographic location or business division. This also includes FortiGate units with multiple configured VDOMs.

If ADOMs are enabled, each administrator account is tied to an administrative domain. When a particular administrator logs in, they see only those devices or VDOMs that have been enabled for their account. The one exception is the admin administrator account which can see and maintain all administrative domains and the devices within those domains.

Administrative domains are not enabled by default, and enabling and configuring the domains can only be performed by the admin administrator. For more information, see Configuring ADOMs.

The default and maximum number of administrative domains you can add depends on the FortiManager system model. The table below outlines these limits.

FortiManager Model

Administrative Domain / Network Devices

FMG-100C

30 / 30

FMG-200D

30 / 30

FMG-300D

300 / 300

FMG-400C

300 / 300

FMG-1000C

800 / 800

FMG-1000D

1000 / 1000

FMG-3000C

5000 / 5000

FMG-3900E

5000 / 5000

FMG-4000D

4000 / 4000

FMG-4000E

4000 / 4000

FMG-VM-Base

10 / 10

FMG-VM-10-UG

+10 / +10

FMG-VM-100-UG

+100 / +100

FMG-VM-1000-UG

+1000 / +1000

FMG-VM-5000-UG

+5000 / +5000

FMG-VM-U-UG

+10000 / +10000