Skip to main content
sfksg
sfksg
New Member
August 3, 2016
Solved

VDOM establish--what happens to my current settings?

  • August 3, 2016
  • 1 reply
  • 8836 views

We have a need to use VDOMs, which I'm not currently using. I have a fairly extensive configuration (IPSec, VPN clients, email and web filtering, etc.).  When enabling  VDOMs, what exactly happens to my current configuration?  If I have all that sort of logic set up, how disruptive is it going to be?  I'd like to get my current config going in a single VDOM before I start experimenting with an additional VDOM.  

 

The documentation is kind of unclear about this, so forgive me if this is a FAQ that I just can't locate a good answer to.  I'm a total newbie with VDOMs, and don't have an extra Fortigate to use in a lab so I'm unfortunately experimenting with production here.  Thanks in advance!

 

- Steve

 

Best answer by Toshi_Esumi

According to Fortinet SE the problem mentioned (bug #0295291) affected only to FG60D. I just got an answer. So you're probably ok.

1 reply

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
August 3, 2016

When you enable vdom-admin in config system global, everything you have now should go into "root" vdom and nothing should break.

emnoc
emnoc
New Member
August 3, 2016

everything you have now should go into "root" vdom

 

 

Actually everything that's built before vdom-enable is already in  "root" vdom to begin with . Nothing goes into root and the meer enabling  of  vdom support does not change any existing cfg.

 

What happens,  1> the  individual  vdom cfgs files are created ( this how you do per-vdom backup  btw ) 2> and now you can create new vdom 3> ( vdom  root can NOT be deleted )

 

 

 

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
August 4, 2016

Obviously I don't know the architecture of FortiOS. Sorry.

But one thing I forgot to mention, that might break if you are running 5.2 and happen to have PPPoE (or probably DHCP as well) interfaces. It might be dependent of the model. At least FG60D's PPPoE interfaces (we first found this with FEXT-20B+4G Modem) don't become active as soon as we created a new vdom then rebooted it. This was introduced with 5.2.4 and identified as a bug last year but even 5.2.8 still doesn't have a fix built in. If you have a similar set up, you better check with TAC. 

Terms & ConditionsAccessibility statement