Split-task VDOM mode simplifies deployments that require only one management VDOM and one traffic VDOM. The management VDOM is used to manage the FortiGate, and cannot be used to process traffic. The traffic VDOM provides separate security policies, and is used to process all network traffic.
Split-task VDOM mode is not available on all FortiGate models. The Fortinet Security Fabric supports split-task VDOM mode.
Split-task VDOM mode can be enabled in the GUI or CLI. Enabling it does not require a reboot, but does log you out of the FortiGate.
When split-task VDOM mode is enabled, all current management configuration is assigned to the root VDOM, and all non-management settings, such as firewall policies and security profiles, are deleted.
config system global
set vdom-mode split-vdom
- On the FortiGate, go to System > Settings.
- In the System Operation Settings section, enable Virtual Domains.
- Select Split-Task VDOM for the VDOM mode.
- Select a Dedicated Management Interface from the Interface list. This interface is used to access the management VDOM, and cannot be used in firewall policies.
- Click OK.