Using virtual domains Configuring VDOMs and global settings
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 165
http://docs.fortinet.com/ • Feedback
• A new VDOM entry appears under the System option.
• Within a VDOM, reduced dashboard menu options are available, and a new Global
option appears. Selecting Global exits the current VDOM.
• There is no operation mode selection at the Global level.
• Only super_admin profile accounts can view or configure global options.
• Super_admin profile accounts can configure all VDOM configurations.
• One or more administrators can be set up for each VDOM; however, these admin
accounts cannot edit settings for any VDOMs for which they are not set up.
When virtual domains are enabled, the current virtual domain is displayed at the bottom
left of the screen, in the format Current VDOM: <name of the virtual domain>.
Configuring VDOMs and global settings
A VDOM is not useful unless it contains at least two physical interfaces or virtual
subinterfaces for incoming and outgoing traffic. Availability of the associated tasks
depends on the permissions of the admin. If your are using a super_admin profile account,
you can perform all tasks. If you are using a regular admin account, the tasks available to
you depend on whether you have read only or read/write permissions, Table 6 shows
what roles can perform which tasks.
VDOM licenses
All FortiGate units, except the 30B, support 10 VDOMs by default.
High-end FortiGate models support the purchase of a VDOM license key from customer
service to increase their maximum allowed VDOMs to 25, 50, 100, 250, or 500.
Configuring 250 or more VDOMs will result in reduced system performance.
Table 9: Admin VDOM permissions
Tasks Regular administrator account Super_admin
profile
administrator
account
Read only
permission
Read/write
permission
View global settings yes yes yes
Configure global settings no no yes
Create or delete VDOMs no no yes
Configure multiple VDOMs no no yes
Assign interfaces to a VDOM no no yes
Create VLANs no yes - for 1 VDOM yes - for all VDOMs
Assign an administrator to a VDOM no no yes
Create additional admin accounts no yes - for 1 VDOM yes - for all VDOMs
Create and edit protection profiles no yes - for 1 VDOM yes - for all VDOMs
Table 10: VDOM support by FortiGate model
FortiGate model Support
VDOMs
Default VDOM
maximum
Maximum VDOM
license
30B no 0 0
Low and mid-range models yes 10 10
High-end models yes 10 500
To Next Page
Loading...
Need help?
General