Fortinet black logo

CLI Reference

system vdom-exception

system vdom-exception

In a Session-aware Load Balancing Cluster (SLBC), select configuration objects that are not synchronized between the FortiGates (workers) in the SLBC cluster. Currently this feature is supported for FortiAnalyzer, allowing you to configure a different FortiAnalyzer for each worker in your SLBC cluster.

You can also use this command to configure different VDOMs on each SLBC worker to use different FortiAnalyzers.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config system vdom-exception

New config command.

Set configuration objects that are not synchronized between SLBC workers or between VDOMs.
config system vdom-exception
    edit {id}
    # Global configuration objects that can be configured independently for all VDOMs or for the defined VDOM scope.
        set id {integer}   Index <1-4096>. range[0-4294967295]
        set object {option}   Name of the configuration object that can be configured independently for all VDOMs.
                log.fortianalyzer.setting            log.fortianalyzer.setting
                log.fortianalyzer.override-setting   log.fortianalyzer.override-setting
                log.fortianalyzer2.setting           log.fortianalyzer2.setting
                log.fortianalyzer2.override-setting  log.fortianalyzer2.override-setting
                log.fortianalyzer3.setting           log.fortianalyzer3.setting
                log.fortianalyzer3.override-setting  log.fortianalyzer3.override-setting
                system.central-management            system.central-management
                system.csf                           system.csf
                user.radius                          user.radius
        set oid {integer}   Object ID. range[0-65535]
        set scope {all | inclusive | exclusive}   Determine whether the configuration object can be configured separately for all VDOMs or if some VDOMs share the same configuration.
                all        Object configuration independent for all VDOMs.
                inclusive  Object configuration independent for the listed VDOMs. Other VDOMs use the global configuration.
                exclusive  Use the global object configuration for the listed VDOMs. Other VDOMs can be configured independently.
        config vdom
            edit {name}
            # Names of the VDOMs.
                set name {string}   VDOM name. size[64] - datasource(s): system.vdom.name
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

Different FortiAnalyzer settings for each SLBC worker

Use the following configuration to set different global FortiAnalyzer settings for each SLBC worker. To do this you only have to enter the following command on each worker:

config system vdom-exception

edit 1

set object log.fortianalyzer.setting

end

Then on each worker use global settings to configure the FortiAnalyzer that the worker sends log messages to. Each worker sends log messages to a different FortiAnalyzer and all VDOMs on each worker send log messages to the globally set FortiAnalyzer.

Different FortiAnalyzer settings for each worker and for the root VDOM of each worker

Use the following configuration to set different global FortiAnalyzer settings for each worker and to also allow the root VDOM of each worker to use a different FortiAnalyzer than the global FortiAnalyzer:

config system vdom-exception

edit 1

set object log.fortianalyzer.setting

next

edit 2

set object log.fortianalyzer.override-setting

set scope inclusive

set vdom root

end

Then on each worker use global settings to configure the FortiAnalyzer that the worker sends log messages to. Also on each worker, edit the root VDOM and configure the FortiAnalyzer that the root VDOM on this worker sends log messages to.

Each worker sends log messages to a different FortiAnalyzer and the root VDOM on each worker sends log messages to a different FortiAnalyzer than the global setting.

system vdom-exception

In a Session-aware Load Balancing Cluster (SLBC), select configuration objects that are not synchronized between the FortiGates (workers) in the SLBC cluster. Currently this feature is supported for FortiAnalyzer, allowing you to configure a different FortiAnalyzer for each worker in your SLBC cluster.

You can also use this command to configure different VDOMs on each SLBC worker to use different FortiAnalyzers.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config system vdom-exception

New config command.

Set configuration objects that are not synchronized between SLBC workers or between VDOMs.
config system vdom-exception
    edit {id}
    # Global configuration objects that can be configured independently for all VDOMs or for the defined VDOM scope.
        set id {integer}   Index <1-4096>. range[0-4294967295]
        set object {option}   Name of the configuration object that can be configured independently for all VDOMs.
                log.fortianalyzer.setting            log.fortianalyzer.setting
                log.fortianalyzer.override-setting   log.fortianalyzer.override-setting
                log.fortianalyzer2.setting           log.fortianalyzer2.setting
                log.fortianalyzer2.override-setting  log.fortianalyzer2.override-setting
                log.fortianalyzer3.setting           log.fortianalyzer3.setting
                log.fortianalyzer3.override-setting  log.fortianalyzer3.override-setting
                system.central-management            system.central-management
                system.csf                           system.csf
                user.radius                          user.radius
        set oid {integer}   Object ID. range[0-65535]
        set scope {all | inclusive | exclusive}   Determine whether the configuration object can be configured separately for all VDOMs or if some VDOMs share the same configuration.
                all        Object configuration independent for all VDOMs.
                inclusive  Object configuration independent for the listed VDOMs. Other VDOMs use the global configuration.
                exclusive  Use the global object configuration for the listed VDOMs. Other VDOMs can be configured independently.
        config vdom
            edit {name}
            # Names of the VDOMs.
                set name {string}   VDOM name. size[64] - datasource(s): system.vdom.name
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

Different FortiAnalyzer settings for each SLBC worker

Use the following configuration to set different global FortiAnalyzer settings for each SLBC worker. To do this you only have to enter the following command on each worker:

config system vdom-exception

edit 1

set object log.fortianalyzer.setting

end

Then on each worker use global settings to configure the FortiAnalyzer that the worker sends log messages to. Each worker sends log messages to a different FortiAnalyzer and all VDOMs on each worker send log messages to the globally set FortiAnalyzer.

Different FortiAnalyzer settings for each worker and for the root VDOM of each worker

Use the following configuration to set different global FortiAnalyzer settings for each worker and to also allow the root VDOM of each worker to use a different FortiAnalyzer than the global FortiAnalyzer:

config system vdom-exception

edit 1

set object log.fortianalyzer.setting

next

edit 2

set object log.fortianalyzer.override-setting

set scope inclusive

set vdom root

end

Then on each worker use global settings to configure the FortiAnalyzer that the worker sends log messages to. Also on each worker, edit the root VDOM and configure the FortiAnalyzer that the root VDOM on this worker sends log messages to.

Each worker sends log messages to a different FortiAnalyzer and the root VDOM on each worker sends log messages to a different FortiAnalyzer than the global setting.