Skip to main content
johnlloyd_13
johnlloyd_13
Explorer III
October 28, 2024
Solved

Manage VDOM in separate ADOM

  • October 28, 2024
  • 4 replies
  • 2146 views

hi,

would it be possible or does it make sense to have a multi VDOM FG managed in FMG to be in separate ADOM?

for example, the "core or critical" VDOM such as the "root" and "internet access" are added in the "root" ADOM, then the rest of the "customer" VDOMs would be provisioned/managed in a separate ADOM.

 

we'll deploy an "internet access" VDOM deployment. refer to sample diagram/scenario.

the root VDOM in the diagram will be our "internet access" VDOM, like an internet edge device. the rest of the customer VDOM will connect (vlink) to the root/internet access VDOM.

 

image.png

 
Best answer by msanjaypadma

Hi @johnlloyd_13 ,

Advanced mode will allow you to assign a VDOM from a single device to a different ADOM.

 

Advanced ADOM mode cannot be enabled when a remote FortiAnalyzer is being managed by FortiManager.


Reference article : 
https://docs.fortinet.com/document/fortimanager/7.2.0/administration-guide/488375/advanced-settings

 

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

4 replies

msanjaypadma
Staff
msanjaypadma
Staff
October 29, 2024

Hi @johnlloyd_13 ,

 

I hope below link will address your query. 

Technical Tip: How to distribute FortiGate VDOMs in different FortiManager ADOMs

https://community.fortinet.com/t5/FortiManager/Technical-Tip-How-to-distribute-FortiGate-VDOMs-in-different/ta-p/197482

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

Thanks, Mayur Padma
    johnlloyd_13
    johnlloyd_13Author
    Explorer III
    October 30, 2024

    hi,

    we're using FMG 7.2, do we still need to configure below in order to support VDOM in different (or moving) ADOM?

    does this CLI command "break" anything (i.e. FG VDOM talking/syncing to FMG)?

    or is it safe to just simply apply the config?

     

    config system global
    set adom-mode advanced
    end

    msanjaypadma
    Staff
    msanjaypadmaAnswer
    Staff
    October 30, 2024

    Hi @johnlloyd_13 ,

    Advanced mode will allow you to assign a VDOM from a single device to a different ADOM.

     

    Advanced ADOM mode cannot be enabled when a remote FortiAnalyzer is being managed by FortiManager.


    Reference article : 
    https://docs.fortinet.com/document/fortimanager/7.2.0/administration-guide/488375/advanced-settings

     

    If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

    Thanks, Mayur Padma
      johnlloyd_13
      johnlloyd_13Author
      Explorer III
      October 30, 2024

      hi,

      thanks for these links! they're very useful.

      Terms & ConditionsAccessibility statement