Skip to main content
MSmeltzer
MSmeltzer
New Member
April 26, 2016
Solved

Does VDOM creation disrupt root VDOM

  • April 26, 2016
  • 1 reply
  • 9656 views

I have a question regarding creating a VDOM. I have been using the root vdom for our environment, but would like to test if flow mode might be better, so looking to setup a new vdom with flow mode enabled. If I create a Flow based vdom does this disrupt any of my policies on the root vdom.

 

Speaking of the root vdom, should this be used, or should this be left alone and a VDOM setup for what we are using the root vdom for?

 

1st of many questions to come :)

 

Thanks in advance.

 

Matt

 

 

Best answer by Michael_McDonnell

In my experience, the creation of a VDOM does not disrupt the root VDOM. You will have to re-assign interfaces to the new VDOM. If those interfaces are currently in use in the root VDOM, you will need to remove all references to them.

 

The first time you enable VDOM mode, you will be logged out of the GUI/CLI when the changes are applied. It will not reboot the FortiGate... just log out all admin sessions.

 

The first time your create a new VDOM, everything gets separated into "global" settings and VDOM settings. Most of your policies/settings get migrated to the "root" VDOM.

 

If you are managing your FortiGate with a FortiManager, then creating a new VDOM may be... confusing. Changes made via the FortiManager to a single VDOM often cause policy and device configuration changes that appear to affect all VDOMs (this is really just changing some interface related things). It may be best to make the changes on the FortiGate and then re-import your configurations for each other VDOM. 

1 reply

Michael_McDonnell
Michael_McDonnellAnswer
New Member
April 26, 2016

In my experience, the creation of a VDOM does not disrupt the root VDOM. You will have to re-assign interfaces to the new VDOM. If those interfaces are currently in use in the root VDOM, you will need to remove all references to them.

 

The first time you enable VDOM mode, you will be logged out of the GUI/CLI when the changes are applied. It will not reboot the FortiGate... just log out all admin sessions.

 

The first time your create a new VDOM, everything gets separated into "global" settings and VDOM settings. Most of your policies/settings get migrated to the "root" VDOM.

 

If you are managing your FortiGate with a FortiManager, then creating a new VDOM may be... confusing. Changes made via the FortiManager to a single VDOM often cause policy and device configuration changes that appear to affect all VDOMs (this is really just changing some interface related things). It may be best to make the changes on the FortiGate and then re-import your configurations for each other VDOM. 

MSmeltzer
MSmeltzerAuthor
New Member
April 26, 2016

Thanks Michael. I ll go ahead and make a new VDOM, no downfall of keeping the root VDOM going as is right now I suspect, I'll create a new VDOM I would like to try out flow mode. I ll make a new WAN / LAN interface for the new VDOM. Appreciate your help.

 

Matt

emnoc
emnoc
New Member
April 26, 2016

No, the enabling or adding or deleting   a VDOM will not effect  "root" vdom.

 

Terms & ConditionsAccessibility statement