Configuring new Fortigates

Hello, 

I am currently configuring two Fortigates 501E in HA and I have a couple of questions. I need to have two independent VDOMs, each with individual Internet access. The HA mode is Active-Passive but I am using virtual cluster, so each firewall is the Active FW in one VDOM. I have created a management interface Vlan and add it in ther Management Interface Reservation so it is in the vsys_hamgmt VDOM. Each Fortigate has a different IP in the Management interface for management purposes. So, my questions:

1- Where is the management interface placed? I mean, is it inside a specific VDOM? I cannot find it.

2- I wanted to set the root VDOM as Management VDOM (default), and then give both Fortigates access to both Internet links though a management router, so if one Internet link goes down, the management VDOM will continue having access to Internet (remember that each Internet link is placed in one VDOM ---VDOM1-Link1 and VDOM2-Link2---, and these links are NOT shared between all VDOMs. For the moment, I have had to set one of the new VDOMs as the new Management VDOM because I don't know how to place the Management Interfaces in the root VDOM (I don't know if it is possible). In my current configuration, if the VDOM1 internet link goes down, the management VDOM wouldn't have access to Internet and I would be forced to change the VDOM2 and set it as the new management VDOM. Do you know if there is a more elegant solution to avoid this? I was thinking to create a new Vlan Internface and place it in the root VDOM and give it access to both Internet links throught a management router, but I don't know how to give each firewall a different IP for this new interface in the root VDOM.

3- As a side question, I know that I cannot delete the root VDOM and I have created two new VDOMs (VDOM1 and VDOM2) for the requested vrf separation the customer needs. Will the root VDOM drains resources for the entire FW if I am not using it?

Thank you very much.

Best Regards.