Fortinet Document Library

Version:

7.0.1
7.0.0
6.4.7

Version:

6.4.6
6.4.5
6.4.4

Version:

6.4.3
6.4.2
6.4.1

Version:

6.4.0

Table of Contents

Administration Guide

7.0.1
7.0.1
7.0.0
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
Download PDF
Copy Link

Split-task VDOM mode

In split-task VDOM mode, the FortiGate has two VDOMs: the management VDOM (root) and the traffic VDOM (FG-traffic).

The management VDOM is used to manage the FortiGate, and cannot be used to process traffic.

The following GUI sections are available when in the management VDOM:

  • The Status dashboard
  • Security Fabric topology and settings (read-only, except for HTTP Service settings)
  • Interface and static route configuration
  • FortiClient configuration
  • Replacement messages
  • Certificates
  • System events
  • Log and email alert settings
  • Threat weight definitions

The traffic VDOM provides separate security policies, and is used to process all network traffic.

The following GUI sections are available when in the traffic VDOM:

  • The Status, Top Usage LAN/DMZ, and Security dashboards
  • Security Fabric topology, settings (read-only, except for HTTP Service settings), and External Connectors (Endpoint/Identity connectors only)
  • FortiView
  • Interface configuration
  • Packet capture
  • SD-WAN, SD-WAN Rules, and Performance SLA
  • Static and policy routes
  • RIP, OSPF, BGP, and Multicast
  • Replacement messages
  • Feature visibility
  • Tags
  • Certificates
  • Policies and objects
  • Security profiles
  • VPNs
  • User and device authentication
  • Wifi and switch controller
  • Logging
  • Monitoring

Split-task VDOM mode is not available on all FortiGate models. The Fortinet Security Fabric supports split-task VDOM mode.

Enable split-task VDOM mode

Split-task VDOM mode can be enabled in the GUI or CLI. Enabling it does not require a reboot, but does log you out of the FortiGate.

Caution

When split-task VDOM mode is enabled, all current management configuration is assigned to the root VDOM, and all non-management settings, such as firewall policies and security profiles, are deleted.
Note

On VMs and FortiGate 60 series models and lower, VDOMs can only be enabled using the CLI.
To enable split-task VDOM mode in the GUI:
  1. On the FortiGate, go to System > Settings.
  2. In the System Operation Settings section, enable Virtual Domains.

  3. Select Split-Task VDOM for the VDOM mode.
  4. Select a Dedicated Management Interface from the Interface list. This interface is used to access the management VDOM, and cannot be used in firewall policies.
  5. Click OK.
To enable split-task VDOM mode with the CLI:
config system global
    set vdom-mode split-vdom
end

Split-task VDOM mode

In split-task VDOM mode, the FortiGate has two VDOMs: the management VDOM (root) and the traffic VDOM (FG-traffic).

The management VDOM is used to manage the FortiGate, and cannot be used to process traffic.

The following GUI sections are available when in the management VDOM:

  • The Status dashboard
  • Security Fabric topology and settings (read-only, except for HTTP Service settings)
  • Interface and static route configuration
  • FortiClient configuration
  • Replacement messages
  • Certificates
  • System events
  • Log and email alert settings
  • Threat weight definitions

The traffic VDOM provides separate security policies, and is used to process all network traffic.

The following GUI sections are available when in the traffic VDOM:

  • The Status, Top Usage LAN/DMZ, and Security dashboards
  • Security Fabric topology, settings (read-only, except for HTTP Service settings), and External Connectors (Endpoint/Identity connectors only)
  • FortiView
  • Interface configuration
  • Packet capture
  • SD-WAN, SD-WAN Rules, and Performance SLA
  • Static and policy routes
  • RIP, OSPF, BGP, and Multicast
  • Replacement messages
  • Feature visibility
  • Tags
  • Certificates
  • Policies and objects
  • Security profiles
  • VPNs
  • User and device authentication
  • Wifi and switch controller
  • Logging
  • Monitoring

Split-task VDOM mode is not available on all FortiGate models. The Fortinet Security Fabric supports split-task VDOM mode.

Enable split-task VDOM mode

Split-task VDOM mode can be enabled in the GUI or CLI. Enabling it does not require a reboot, but does log you out of the FortiGate.

Caution

When split-task VDOM mode is enabled, all current management configuration is assigned to the root VDOM, and all non-management settings, such as firewall policies and security profiles, are deleted.
Note

On VMs and FortiGate 60 series models and lower, VDOMs can only be enabled using the CLI.
To enable split-task VDOM mode in the GUI:
  1. On the FortiGate, go to System > Settings.
  2. In the System Operation Settings section, enable Virtual Domains.

  3. Select Split-Task VDOM for the VDOM mode.
  4. Select a Dedicated Management Interface from the Interface list. This interface is used to access the management VDOM, and cannot be used in firewall policies.
  5. Click OK.
To enable split-task VDOM mode with the CLI:
config system global
    set vdom-mode split-vdom
end