Virtual Domains (VDOMs) are used to divide a FortiGate into two or more virtual units that function independently. VDOMs can provide separate security policies and, in NAT mode, completely separate configurations for routing and VPN services for each connected network.
There are two VDOM modes:
- Split-task VDOM mode: One VDOM is used only for management, and the other is used to manage traffic. See Split-task VDOM mode.
- Multi VDOM mode: Multiple VDOMs can be created and managed as independent units. See Multi VDOM mode.
By default, most FortiGate units support 10 VDOMs, and many FortiGate models support purchasing a license key to increase the maximum number.
Global settings are configured outside of a VDOM. They effect the entire FortiGate, and include settings such as interfaces, firmware, DNS, some logging and sandboxing options, and others. Global settings should only be changed by top level administrators.
Switching VDOM modes
Current VDOM mode
New VDOM mode
|No VDOM||Split-task VDOM||Allowed|
|Split-task VDOM||No VDOM||Allowed|
|No VDOM||Multi VDOM||Allowed only if CSF is disabled|
|Multi VDOM||No VDOM||Allowed|
|Split-task VDOM||Multi VDOM||Allowed only if CSF is disabled|
|Multi VDOM||Split-task VDOM||Not Allowed. User must first switch to No VDOM|