Configuring VDOMs
Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. For more information see the FortiOS Handbook available in the Fortinet Document Library.
VDOMs have their own dashboard and toolbar. You can configure the VDOM in the same way that you can configure a device. |
Delete |
Select to remove this virtual domain. This function applies to all virtual domains except the root. |
Create New |
Select to create a new virtual domain. |
Management Virtual Domain |
Select the management VDOM and select Apply. |
Name |
The name of the virtual domain and if it is the management VDOM. |
Virtual Domain |
Virtual domain type. |
IP/Netmask |
The IP address and mask. Normally used only for Transparent mode. |
Type |
Either VDOM Link or Physical. |
Access |
HTTP, HTTPS, SSH, PING, SNMP, and/or TELNET. |
Resource Limit |
Select to configure the resource limit profile for this VDOM. |
Creating and editing virtual domains
Creating and editing virtual domains in the FortiManagersystem is very similar to creating and editing VDOMs using the FortiGate GUI.
You need to enable virtual domains before you can create one.
To enable virtual domains:
- Go to Device Manager > Device & Groups.
- In the tree menu, select a device group.
- In the lower tree menu, select a device. The device dashboard displays.
- In the System Information widget, select the Enable link in the VDOM field.
To create a virtual domain:
- In the Device Manager tab, display the device dashboard for the unit you want to configure.
- From the System menu, select Virtual Domain.
- Click Create New to create a new VDOM.
The Virtual Domain tab may not be visible in the content pane tab bar. See View system dashboard for managed/logging devices for more information.
After the first VDOM is created you can create additional VDOMs by right-clicking on the existing VDOM and selecting Add VDOM from the right-click menu.
- Complete the options, and clickOK to create the new VDOM.
Configuring inter-VDOM routing
By default, for two virtual domains to communicate it must be through externally connected physical interfaces. Inter-VDOM routing creates a link with two ends that act as virtual interfaces, internally connecting the two virtual domains.
Before configuring inter-VDOM routing:
- You must have at least two virtual domains configured.
- The virtual domains must all be in NAT mode.
- Each virtual domain to be linked must have at least one interface or subinterface assigned to it.
To create a VDOM link:
- In the Device Manager pane, display the device dashboard for the device.
- From the System menu, select Interface.
- Click Create New > VDOM Link. The New VDOM Link pane opens.
- Enter the following information:
Name
Name of the VDOM link.
Interface #x
The interface number, either 1 or 0.
VDOM
Select the VDOM
IP/Netmask
Type the IP address and netmask for the VDOM.
Administrative Access
Select the allowed administrative service protocols: HTTPS, PING, FMG-Access, CAPWAP, SSH, and SNMP.
Note: HTTP traffic will be automatically redirected to HTTPS.
Description
Optionally, type a description for the link.
- Click OK to save your settings.
Deleting a virtual domain
Prior to deleting a VDOM, all policies must be removed from the VDOM. To do this, apply and install a blank, or empty, policy package to the VDOM (see Create new policy packages). All objects related to the VDOM must also be removed, such as routes, VPNs, and admin accounts.
To delete a VDOM:
- In the Device Manager tab, display the device dashboard for the unit you want to configure.
- From the System menu, select Virtual Domain.
- Right-click on the VDOM and select Delete.
- Click OK in the confirmation dialog box to delete the VDOM.