FortiGate Version 3.0 MR4 Administration Guide
66 01-30004-0203-20070102
Configuring VDOMs and global settings Using virtual domains
VLAN subinterfaces often need to be in a different VDOM than their physical
interface. To do this, the super admin must first create the VDOM, then create the
VLAN subinterface, and assign it to the required VDOM.
System > Network > Interfaces is only in global settings, and is not available
within any VDOM. For information on creating VLAN subinterfaces, see “Adding
VLAN subinterfaces” on page 98.
Assigning an interface to a VDOM
The following procedure describes how to reassign an existing interface from one
virtual domain to another. It assumes VDOMs are enabled and more than one
VDOM exists.
You cannot delete a VDOM if it is used in any configurations, such as having an
interface in that VDOM. You cannot remove an interface from a VDOM if the
interface is included in of any of the following configurations:
• DHCP server
•zone
•routing
• firewall policy
• IP pool
• proxy arp (only accessible through the CLI)
Delete these items or modify them to remove the interface before proceeding.
To assign an interface to a VDOM
1 Log in as admin.
2 Go to System > Network > Interface.
3 Select Edit for the interface that you want to reassign.
4 Select the new Virtual Domain for the interface.
5 Configure other settings as required and select OK. For more information on the
other interfaces settings see “Interface settings” on page 72.
The interface is assigned to the VDOM. Existing firewall IP pools and virtual IP
addresses for this interface are deleted. You should manually delete any routes
that include this interface, and create new routes for this interface in the new
VDOM. Otherwise your network traffic will not be properly routed.
Assigning an administrator to a VDOM
If you are creating a VDOM to serve an organization that will be administering its
own resources, you need to create an administrator account for that VDOM.
A VDOM admin can change configuration settings within that VDOM but cannot
make changes that affect other VDOMs on the FortiGate unit.
Note: An interface or subinterface is available for reassigning or removing once the delete
icon is displayed. Until then, the interface is used in a configuration somewhere.
To Next Page
Loading...
Need help?
General