Fortinet white logo
Fortinet white logo

Administration Guide

Creating ADOMs

Creating ADOMs

ADOMs must be enabled, and you must be logged in as a super user administrator to create a new ADOM.

Consider the following when creating ADOMs:

  • The maximum number of ADOMs that can be created depends on the FortiManager model. For more information, see the FortiManager data sheet at https://www.fortinet.com/products/management/fortimanager.html.
  • You must use an administrator account that is assigned the Super_User administrative profile.
  • You can add a device to only one ADOM. You cannot add a device to multiple ADOMs.
  • You cannot add FortiGate and FortiCarrier devices to the same ADOM. FortiCarrier devices are added to a specific, default FortiCarrier ADOM.
  • You can add one or more VDOMs from a FortiGate device to one ADOM. If you want to add individual VDOMs from a FortiGate device to different ADOMs, you must first enable advanced device mode. See ADOM device modes.
  • When FortiAnalyzer features are enabled, you can configure how an ADOM handles log files from its devices. For example, you can configure how much disk space an ADOM can use for logs, and then monitor how much of the allotted disk space is used. You can also specify how long to keep logs indexed in the SQL database and how long to keep logs stored in a compressed format.
To create an ADOM:
  1. Ensure that ADOMs are enabled. See Enabling and disabling the ADOM feature.
  2. Go to System Settings > ADOMs.
  3. Click Create New in the toolbar. The Create New ADOM pane is displayed.

  4. Configure the following settings, then click OK to create the ADOM.

    Name

    Type a name that allows you to distinguish this ADOM from your other ADOMs. ADOM names must be unique.

    Type

    Select Fabric, FortiCarrier, FortiFirewall, FortiFirewall Carrier, FortiGate, or FortiProxy from the dropdown menu. The ADOM type cannot be edited.

    Other device types are added to their respective default ADOM when authorized for central management with FortiManager.

    Time Zone

    Select the time zone for the ADOM.

    The selected time zone is used by all modules in the ADOM (for example, Policy & Objects and System Settings) except in the Event Log which uses the system time zone regardless of the selected ADOM.

    When FortiAnalyzer features are enabled, this time zone will be used when displaying data in Log View and FortiView. When FortiManager is managing a FortiAnalyzer, each FortiAnalyzer ADOM synchronizes its time zone from the corresponding FortiManager ADOM.

    The Default time zone is the time zone set for the FortiManager. For more information, see Configuring the system time.

    Version

    Select the version of the devices in the ADOM. The ADOM version cannot be edited.

    Devices

    Add a device or devices with the selected versions to the ADOM. The search field can be used to find specific devices. See Assigning devices to an ADOM.

    Mode

    Select Normal mode if you want to manage and configure the connected devices from the FortiManager GUI. Select Backup mode if you want to backup the configurations to the FortiManager, but configure each device locally.

    See ADOM modes for more information.

    Central Management

    Select the VPN checkbox to enable central VPN management.

    Select the FortiAP checkbox to enable central FortiAP management. This checkbox is selected by default.

    Select the FortiSwitch checkbox to enable central FortiSwitch management.

    This option is only available when the Mode is Normal.

    Default Device Selection for Install

    Select either Select All or Deselect All.

    This option is only available when the Mode is Normal.

    Perform Policy Check Before Every Install

    Turn On to perform a policy consistency check before every install. Only added or modified policies are checked. See Perform a policy consistency check.

    Action When Conflicts Occur During Policy Check

    Select an action to take when a conflict occurs during the automatic policy consistency check , either Continue Installation or Stop Installation.

    Auto-Push Policy Packages When Device Back Online

    Automatically push policy package updates to currently offline managed devices when the devices come back online.

    Data Policy

    Specify how long to keep logs in the indexed and compressed states.

    This section is only available when FortiAnalyzer features are enabled. See FortiAnalyzer Features.

    Keep Logs for Analytics

    Specify how long to keep logs in the indexed state.

    During the indexed state, logs are indexed in the SQL database for the specified amount of time. Information about the logs can be viewed in the FortiView, Incidents & Events, and Reports modules. After the specified length of time expires, Analytics logs are automatically purged from the SQL database.

    Keep Logs for Archive

    Specify how long to keep logs in the compressed state.

    During the compressed state, logs are stored in a compressed format on the FortiManager unit. When logs are in the compressed state, information about the log messages cannot be viewed in the FortiView, Incidents & Events, or Reports modules. After the specified length of time expires, Archive logs are automatically deleted from the FortiManager unit.

    Disk Utilization

    Specify how much disk space to use for logs.

    This section is only available when FortiAnalyzer features are enabled. See FortiAnalyzer Features.

    Maximum Allowed

    Specify the maximum amount of FortiManager disk space to use for logs, and select the unit of measure.

    The total available space on the FortiManager unit is shown.

    Analytics : Archive

    Specify the percentage of the allotted space to use for Analytics and Archive logs.

    Analytics logs require more space than Archive logs. For example, a setting of 70% and 30% indicates that 70% of the allotted disk space will be used for Analytics logs, and 30% of the allotted space will be used for Archive logs. Select the Modify checkbox to change the setting.

    Alert and Delete When Usage Reaches

    Specify at what data usage percentage an alert messages will be generated and logs will be automatically deleted. The oldest Archive log files or Analytics database tables are deleted first.

Creating ADOMs

Creating ADOMs

ADOMs must be enabled, and you must be logged in as a super user administrator to create a new ADOM.

Consider the following when creating ADOMs:

  • The maximum number of ADOMs that can be created depends on the FortiManager model. For more information, see the FortiManager data sheet at https://www.fortinet.com/products/management/fortimanager.html.
  • You must use an administrator account that is assigned the Super_User administrative profile.
  • You can add a device to only one ADOM. You cannot add a device to multiple ADOMs.
  • You cannot add FortiGate and FortiCarrier devices to the same ADOM. FortiCarrier devices are added to a specific, default FortiCarrier ADOM.
  • You can add one or more VDOMs from a FortiGate device to one ADOM. If you want to add individual VDOMs from a FortiGate device to different ADOMs, you must first enable advanced device mode. See ADOM device modes.
  • When FortiAnalyzer features are enabled, you can configure how an ADOM handles log files from its devices. For example, you can configure how much disk space an ADOM can use for logs, and then monitor how much of the allotted disk space is used. You can also specify how long to keep logs indexed in the SQL database and how long to keep logs stored in a compressed format.
To create an ADOM:
  1. Ensure that ADOMs are enabled. See Enabling and disabling the ADOM feature.
  2. Go to System Settings > ADOMs.
  3. Click Create New in the toolbar. The Create New ADOM pane is displayed.

  4. Configure the following settings, then click OK to create the ADOM.

    Name

    Type a name that allows you to distinguish this ADOM from your other ADOMs. ADOM names must be unique.

    Type

    Select Fabric, FortiCarrier, FortiFirewall, FortiFirewall Carrier, FortiGate, or FortiProxy from the dropdown menu. The ADOM type cannot be edited.

    Other device types are added to their respective default ADOM when authorized for central management with FortiManager.

    Time Zone

    Select the time zone for the ADOM.

    The selected time zone is used by all modules in the ADOM (for example, Policy & Objects and System Settings) except in the Event Log which uses the system time zone regardless of the selected ADOM.

    When FortiAnalyzer features are enabled, this time zone will be used when displaying data in Log View and FortiView. When FortiManager is managing a FortiAnalyzer, each FortiAnalyzer ADOM synchronizes its time zone from the corresponding FortiManager ADOM.

    The Default time zone is the time zone set for the FortiManager. For more information, see Configuring the system time.

    Version

    Select the version of the devices in the ADOM. The ADOM version cannot be edited.

    Devices

    Add a device or devices with the selected versions to the ADOM. The search field can be used to find specific devices. See Assigning devices to an ADOM.

    Mode

    Select Normal mode if you want to manage and configure the connected devices from the FortiManager GUI. Select Backup mode if you want to backup the configurations to the FortiManager, but configure each device locally.

    See ADOM modes for more information.

    Central Management

    Select the VPN checkbox to enable central VPN management.

    Select the FortiAP checkbox to enable central FortiAP management. This checkbox is selected by default.

    Select the FortiSwitch checkbox to enable central FortiSwitch management.

    This option is only available when the Mode is Normal.

    Default Device Selection for Install

    Select either Select All or Deselect All.

    This option is only available when the Mode is Normal.

    Perform Policy Check Before Every Install

    Turn On to perform a policy consistency check before every install. Only added or modified policies are checked. See Perform a policy consistency check.

    Action When Conflicts Occur During Policy Check

    Select an action to take when a conflict occurs during the automatic policy consistency check , either Continue Installation or Stop Installation.

    Auto-Push Policy Packages When Device Back Online

    Automatically push policy package updates to currently offline managed devices when the devices come back online.

    Data Policy

    Specify how long to keep logs in the indexed and compressed states.

    This section is only available when FortiAnalyzer features are enabled. See FortiAnalyzer Features.

    Keep Logs for Analytics

    Specify how long to keep logs in the indexed state.

    During the indexed state, logs are indexed in the SQL database for the specified amount of time. Information about the logs can be viewed in the FortiView, Incidents & Events, and Reports modules. After the specified length of time expires, Analytics logs are automatically purged from the SQL database.

    Keep Logs for Archive

    Specify how long to keep logs in the compressed state.

    During the compressed state, logs are stored in a compressed format on the FortiManager unit. When logs are in the compressed state, information about the log messages cannot be viewed in the FortiView, Incidents & Events, or Reports modules. After the specified length of time expires, Archive logs are automatically deleted from the FortiManager unit.

    Disk Utilization

    Specify how much disk space to use for logs.

    This section is only available when FortiAnalyzer features are enabled. See FortiAnalyzer Features.

    Maximum Allowed

    Specify the maximum amount of FortiManager disk space to use for logs, and select the unit of measure.

    The total available space on the FortiManager unit is shown.

    Analytics : Archive

    Specify the percentage of the allotted space to use for Analytics and Archive logs.

    Analytics logs require more space than Archive logs. For example, a setting of 70% and 30% indicates that 70% of the allotted disk space will be used for Analytics logs, and 30% of the allotted space will be used for Archive logs. Select the Modify checkbox to change the setting.

    Alert and Delete When Usage Reaches

    Specify at what data usage percentage an alert messages will be generated and logs will be automatically deleted. The oldest Archive log files or Analytics database tables are deleted first.