Fortinet black logo

Handbook

Enabling the Virtual Domain feature and selecting the Virtual Domain Mode

Enabling the Virtual Domain feature and selecting the Virtual Domain Mode

By default, the Virtual Domain feature must be enabled for the Virtual Domain configuration to be visible in the GUI. Once you enable Virtual Domain, you can select the Virtual Domain Mode to determine the VDOM networking options.

There are two virtual domain modes:

  • Independent Network — each VDOM functions independently within its own network, unaffected by activity from other VDOMs on the system.
  • Share Network — VDOMs function as administrative domains (ADOMs), sharing the same network interface and routing between all ADOMs.

Once configured, switching between the virtual domain modes is not recommended. If you need to switch virtual domain modes, the Virtual Domain feature must first be disabled. For details, see Disabling a virtual domain.

Before you begin:
  • You must have super admin (admin administrator) or global admin permission to enable the Virtual Domain feature.
To enable the Virtual Domain and select the Virtual Domain Mode:
  1. Go to System > Settings.
    The configuration page displays the Basic tab.
  2. Enable Virtual Domain.
    The Virtual Domain Mode field appears.
  3. In the Virtual Domain Mode field, select either Independent Network or Share Network.
  4. Click Save.

Super admin login with virtual domain shows the landing page after the super admin logs into the system when the Virtual Domain feature is enabled. From here, the super admin can create virtual domains, assign network interfaces to virtual domains, create admin users for virtual domains, and navigate to the system and feature configuration pages for the virtual domains, including the root (default) domain.

When a non-admin user with a delegated administrator account logs in, the landing page is the standard landing page. Such users cannot perform the tasks related to virtual domain administration that the super admin performs.

Super admin login with virtual domain

Enabling the Virtual Domain feature and selecting the Virtual Domain Mode

By default, the Virtual Domain feature must be enabled for the Virtual Domain configuration to be visible in the GUI. Once you enable Virtual Domain, you can select the Virtual Domain Mode to determine the VDOM networking options.

There are two virtual domain modes:

  • Independent Network — each VDOM functions independently within its own network, unaffected by activity from other VDOMs on the system.
  • Share Network — VDOMs function as administrative domains (ADOMs), sharing the same network interface and routing between all ADOMs.

Once configured, switching between the virtual domain modes is not recommended. If you need to switch virtual domain modes, the Virtual Domain feature must first be disabled. For details, see Disabling a virtual domain.

Before you begin:
  • You must have super admin (admin administrator) or global admin permission to enable the Virtual Domain feature.
To enable the Virtual Domain and select the Virtual Domain Mode:
  1. Go to System > Settings.
    The configuration page displays the Basic tab.
  2. Enable Virtual Domain.
    The Virtual Domain Mode field appears.
  3. In the Virtual Domain Mode field, select either Independent Network or Share Network.
  4. Click Save.

Super admin login with virtual domain shows the landing page after the super admin logs into the system when the Virtual Domain feature is enabled. From here, the super admin can create virtual domains, assign network interfaces to virtual domains, create admin users for virtual domains, and navigate to the system and feature configuration pages for the virtual domains, including the root (default) domain.

When a non-admin user with a delegated administrator account logs in, the landing page is the standard landing page. Such users cannot perform the tasks related to virtual domain administration that the super admin performs.

Super admin login with virtual domain