Skip to main content
jo_rang
Staff
jo_rang
Staff
October 24, 2025

Troubleshooting Tip: FortiGate VM stops passing traffic when a new VDOM is created

  • October 24, 2025
  • 0 replies
  • 524 views
Description This article describes a scenario where a FortiGate Virtual Machine stops passing traffic when the Number of VDOMS created exceeds the maximum number of licensed VDOM.
Scope FortiGate VM v7.2+.
Solution

Ensure that the VM has a VALID License by running the command 'get system status'.

 

get system status


Version: FortiGate-VM64 v7.4.8,build2795,250523 (GA.M)
First GA patch build date: 230509
...
Serial-Number: FGVMSLTMxxxxxxxx
License Status: Valid                          <----- License is valid.
License Expiration Date: 2030-08-27
VM Resources: 2 CPU/2 allowed, 5962 MB RAM
...
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 7               <----- Maximum Number of allowed VDOMs
Virtual domains status: 2 in NAT mode, 1 in TP mode   <----- Number of VDOMS currently configured.
Virtual domain configuration: multiple

...

System time: Thu Sep 25 10:14:39 2025
Last reboot reason: warm reboot

 

Ensure that the VDOM license has not expired:

 

config global

diagnose debug vm-print-license

SerialNumber: FGVMSLTMxxxxxxxx
CreateDate: Mon Sep 22 16:00:16 2025
License expires: Tue Aug 27 19:00:00 2030
Key: yes
Cert: yes
Key2: yes
Cert2: yes
Signature: yes
Model: SL (18)
CPU: 2 (subscription:2)
MEM: 2147483647
VDOM license:
permanent: 2        <----- Valid license.
subscription: 5    
expires: Mon Jul 7 19:00:00 2025    <----- Expired license.

 

The output above shows that the FortiGate has a permanent license for 2 VDOM's and a Subscription license that allows 5 additional VDOM. However, the VDOM subscription is expired. With this configuration, the FortiGate only allows 2 VDOMs. If a third VDOM is created, all VDOMS except for the Root will be disabled.

 

The command 'diagnose sys vd list | grep name' will display the status of the VDOMS.

 

FG-LABVM-01 (global) # diagnose sys vd list | grep name
name=root/root index=0 enabled fib_ver=48837 rpdb_ver=48585 use=133 rt_num=82 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0

name=VDOM2/VDOM2 index=2 disabled fib_ver=47 rpdb_ver=1 use=12 rt_num=0 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0
name=vsys_ha/vsys_ha index=1 enabled fib_ver=8 rpdb_ver=1 use=6 rt_num=0 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0
name=vsys_fgfm/vsys_fgfm index=2 enabled fib_ver=15 rpdb_ver=0 use=8 rt_num=2 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0

name=VDOM3/VDOM3 index=1 disabled fib_ver=11 rpdb_ver=0 use=8 rt_num=0 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0

 

To restore connectivity, delete the additional VDOMs or apply a VDOM license or VDOM subscription to the FortiGate.

 

Related articles:
Terms & ConditionsAccessibility statement