FortiGate Version 3.0 MR4 Administration Guide
64 01-30004-0203-20070102
Enabling VDOMs Using virtual domains
Enabling VDOMs
Using the default admin administration account, you can enable multiple VDOM
operation on the FortiGate unit.
To enable virtual domains
1 Log in to the web-based manager as admin.
2 Go to System > Status.
3 In System Information, next to Virtual Domain select Enable.
The FortiGate unit logs you off. You can now log in again as admin.
When virtual domains are enabled, the web-based manager and the CLI are
changed as follows:
• Global and per-VDOM configurations are separated.
• A new VDOM entry appears under System.
• Only the admin account can view or configure global options.
• The admin account can configure all VDOM configurations.
• The admin account can connect through any interface in the root VDOM or
though any interface that belongs to a VDOM for which a regular administrator
account has been assigned.
• A regular administrator account can configure only the VDOM to which it is
assigned and can access the FortiGate unit only through an interface that
belongs to that VDOM.
When virtual domains are enabled, you can see what the current virtual domain is
by looking at the bottom left of the screen. It will say Current VDOM: followed by
the name of the virtual domain.
Configuring VDOMs and global settings
When Virtual Domains are enabled, only the default super admin account can:
• configure global settings
• create or delete VDOMs
• configure multiple VDOMs
• assign interfaces to a VDOM
• assign an administrator to a VDOM
A VDOM is not useful unless it contains at least two physical interfaces or virtual
subinterfaces for incoming and outgoing traffic. Only the super admin can assign
interfaces or subinterfaces to VDOMs. A regular administrator account can create
a VLAN subinterface on a physical interface within their own VDOM.
Only the super admin can configure a VDOM unless you create and assign a
regular administrator to that VDOM. Only the super admin can assign an
administrator to a VDOM. An administrator account whose access profile provides
read and write access to Admin Users can create additional administrators in its
own VDOM.
To Next Page
Loading...
Need help?
General