system vdom-exception
In a Session-aware Load Balancing Cluster (SLBC), select configuration objects that are not synchronized between the FortiGates (workers) in the SLBC cluster. Currently this feature is supported for FortiAnalyzer, allowing you to configure a different FortiAnalyzer for each worker in your SLBC cluster.
You can also use this command to configure different VDOMs on each SLBC worker to use different FortiAnalyzers.
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
Command | Description |
---|---|
config system vdom-exception |
New config command.Set configuration objects that are not synchronized between SLBC workers or between VDOMs. |
config system vdom-exception edit {id} # Global configuration objects that can be configured independently for all VDOMs or for the defined VDOM scope. set id {integer} Index <1-4096>. range[0-4294967295] set object {option} Name of the configuration object that can be configured independently for all VDOMs. log.fortianalyzer.setting log.fortianalyzer.setting log.fortianalyzer.override-setting log.fortianalyzer.override-setting log.fortianalyzer2.setting log.fortianalyzer2.setting log.fortianalyzer2.override-setting log.fortianalyzer2.override-setting log.fortianalyzer3.setting log.fortianalyzer3.setting log.fortianalyzer3.override-setting log.fortianalyzer3.override-setting system.central-management system.central-management system.csf system.csf user.radius user.radius set oid {integer} Object ID. range[0-65535] set scope {all | inclusive | exclusive} Determine whether the configuration object can be configured separately for all VDOMs or if some VDOMs share the same configuration. all Object configuration independent for all VDOMs. inclusive Object configuration independent for the listed VDOMs. Other VDOMs use the global configuration. exclusive Use the global object configuration for the listed VDOMs. Other VDOMs can be configured independently. config vdom edit {name} # Names of the VDOMs. set name {string} VDOM name. size[64] - datasource(s): system.vdom.name next next end
Additional information
The following section is for those options that require additional explanation.
Different FortiAnalyzer settings for each SLBC worker
Use the following configuration to set different global FortiAnalyzer settings for each SLBC worker. To do this you only have to enter the following command on each worker:
config system vdom-exception
edit 1
set object log.fortianalyzer.setting
end
Then on each worker use global settings to configure the FortiAnalyzer that the worker sends log messages to. Each worker sends log messages to a different FortiAnalyzer and all VDOMs on each worker send log messages to the globally set FortiAnalyzer.
Different FortiAnalyzer settings for each worker and for the root VDOM of each worker
Use the following configuration to set different global FortiAnalyzer settings for each worker and to also allow the root VDOM of each worker to use a different FortiAnalyzer than the global FortiAnalyzer:
config system vdom-exception
edit 1
set object log.fortianalyzer.setting
next
edit 2
set object log.fortianalyzer.override-setting
set scope inclusive
set vdom root
end
Then on each worker use global settings to configure the FortiAnalyzer that the worker sends log messages to. Also on each worker, edit the root VDOM and configure the FortiAnalyzer that the root VDOM on this worker sends log messages to.
Each worker sends log messages to a different FortiAnalyzer and the root VDOM on each worker sends log messages to a different FortiAnalyzer than the global setting.