Configuring VDOM resource limits Using virtual domains
FortiGate Version 4.0 MR1 Administration Guide
172 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
7 Configure other settings as required.
For detailed information, see “Configuring an administrator account” on page 270.
8 Select OK.
Changing the management VDOM
The management VDOM on your FortiGate unit is where some default types of traffic
originate, including:
•SNMP
• logging
•alert email
• FDN-based updates
• NTP-based time setting.
Before you change the management VDOM, ensure that virtual domains are enabled on
the system dashboard screen. For more information, see “Enabling VDOMs” on page 164.
Only one VDOM can be the management VDOM at any given time.
Global events are logged with the VDOM set to the management VDOM.
To change the management VDOM
1 Go to System > VDOM.
2 From the list of VDOMs, select the VDOM to be the new management VDOM.
This list is located to the immediate left of the Apply button.
3 Select Apply to make the change.
At the prompt, confirm the change.
Management traffic will now originate from the new management VDOM.
Configuring VDOM resource limits
Super administrators can configure VDOM resource limits to control how many resources
each VDOM can use. This means you can provide tiered services for different VDOMs.
You can also use resource limits to share resources evenly among VDOMs, preventing
one VDOM from affecting the performance of others.
You can set limits for dynamic and some static resources. Dynamic resources are
resources that are not controlled by the FortiGate configuration. You can limit dynamic
resources to limit the amount of traffic that a VDOM processes and so limit the amount of
FortiGate processing resources the VDOM can use. If you do not limit the number of
dynamic resources each VDOM will use as many as it can until the capacity of the
FortiGate unit becomes the limiting factor. You can set the following dynamic resource
limits:
• The total number of communication Sessions that can be started in a VDOM. When
this limit is reached additional sessions are dropped.
• The number of IPSec VPN Dal-up Tunnels that can be started in a VDOM. When this
limit is reached, additional tunnels are dropped.
Note: You cannot change the management VDOM if any administrators are using RADIUS
authentication.
To Next Page
Loading...
Need help?
General
