VDOM for MGMT Port but VDOM Not Enables

Question

Hello,

I have recently taken over a site that has a Pair of FortiGate 100F's (6.4.8). Looking at the GUI I see VDOMs are not enabled. When I query the Sys Global Full Config VDOM-MODE is set to NO-VDOM. However when I query the System Interfaces I see that the MGMT Port is not on the Root VDOM. I believe the prior person manually set this and setup IPs so he could manage each unit separately via the MGMT Port as each has it's own IP and HTTPS and Management enabled. Is there some documentation on setting this up or did he just do this himself. Is this a viable config or will there be possible issues to look for?

Debbie_FTNT · Accepted Answer

Dear Rich,

the dmgmt_vdom is a dedicated management vdom where interfaces with 'dedicated-to management' go into, same as vsys_hamgmt is is the dedicated HA management vdom.
Even with vdoms enabled, the vsys_hamgmt and dmgmt_vdom still technically exist and can't be deleted.

If you unset the 'dedicated-to management' option in the interface, it should return to root VDOM.

Hope this helps!

Kangming · Answer

HiThe device should use the Technical Tip: HA Reserved Management Interface feature. You will find that the independently managed HA Reserved Management interface looks like an independent lightweight VDOM, which is isolated from the root VDOM, have an independent  routing, so that the feature of independent network management two HA FGT can be realized FGT101E # execute enter<name>    vdom namevsys_hamgmt   --- >  HA Reserved Management Interface Lightweight & Hidden VDOMroot

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded