Fortinet white logo
Fortinet white logo

Administration Guide

VDOM

VDOM

Virtual Domains (VDOMs) are used to divide a single FortiProxy into two or more virtual units that function independently. VDOMs can provide separate firewall policies and security profiles. In NAT mode, they provide separate routing configurations. When multi VDOM mode is enabled, the default VDOM is the root VDOM, and it cannot be deleted.

Multiple VDOMs allow users to combine NAT and transparent mode on a single FortiProxy; VDOMs can be independently configured to operate in NAT or transparent mode. In transparent mode, it is recommended to configure a dedicated management interface when out-of-band management is required. See Transparent mode management.

By default, most FortiProxy units support 5 VDOMs.

Global settings are configured outside of a VDOM. They effect the entire FortiProxy, and include settings such as interfaces, firmware, HA, and so on. Global settings should only be changed by top level administrators. Both VDOM specific and global security profiles can be created. Global security profiles are configured in the global VDOM, and can be used by any VDOM and have g- appended to their names to differentiate them from VDOM specific profiles.

Administrative users can be configured to have global access, or access to specific VDOMs. See Administrators for more information about administrators.

Global administrators have complete visibility and access because the scope of their role is to manage the entire physical FortiProxy device. To create a global administrator that has access to all VDOMs and access to global settings, it must be created at the global level and must use the super_admin administrator profile. See Create Global VDOM administrators for configuration details.

Per-VDOM administrators are unable to view global settings or VDOMs that are not assigned to them because the scope of their role is restricted to managing specific VDOMs only. They can only access the FortiProxy through interfaces that are assigned to the VDOM that they are assigned to. The interface must also be configured to allow management access. They can also connect to the FortiProxy using the console port. See Create per-VDOM administrators for configuration details.

VDOM

VDOM

Virtual Domains (VDOMs) are used to divide a single FortiProxy into two or more virtual units that function independently. VDOMs can provide separate firewall policies and security profiles. In NAT mode, they provide separate routing configurations. When multi VDOM mode is enabled, the default VDOM is the root VDOM, and it cannot be deleted.

Multiple VDOMs allow users to combine NAT and transparent mode on a single FortiProxy; VDOMs can be independently configured to operate in NAT or transparent mode. In transparent mode, it is recommended to configure a dedicated management interface when out-of-band management is required. See Transparent mode management.

By default, most FortiProxy units support 5 VDOMs.

Global settings are configured outside of a VDOM. They effect the entire FortiProxy, and include settings such as interfaces, firmware, HA, and so on. Global settings should only be changed by top level administrators. Both VDOM specific and global security profiles can be created. Global security profiles are configured in the global VDOM, and can be used by any VDOM and have g- appended to their names to differentiate them from VDOM specific profiles.

Administrative users can be configured to have global access, or access to specific VDOMs. See Administrators for more information about administrators.

Global administrators have complete visibility and access because the scope of their role is to manage the entire physical FortiProxy device. To create a global administrator that has access to all VDOMs and access to global settings, it must be created at the global level and must use the super_admin administrator profile. See Create Global VDOM administrators for configuration details.

Per-VDOM administrators are unable to view global settings or VDOMs that are not assigned to them because the scope of their role is restricted to managing specific VDOMs only. They can only access the FortiProxy through interfaces that are assigned to the VDOM that they are assigned to. The interface must also be configured to allow management access. They can also connect to the FortiProxy using the console port. See Create per-VDOM administrators for configuration details.