Technical Tip: Moving a specific FortiGate VDOM from its current ADOM to a new ADOM on FortiAnalyzer/FortiManager

2) Set the ADOM mode to 'Advanced'.

In Advanced mode, assign a VDOM from a single FortiGate device to a different ADOM is possible.

3) Create a new ADOM (or use any existing ADOM) and move the respective VDOM  to the new ADOM, which needs to have a separate management access.

System Settings-> All ADOMs-> Create New-> Create a new ADOM and select only the VDOM of FortiGate which needs to be moved to this new ADOM.

Refer a sample screenshot below, on which initially it has added a FGT81E device to the FortiAnalyzer and then enabled ADOM in Advanced Mode. Later while creating the new ADOM, administrator selects VDOM 'test'.

-  Output of #diagnose dvm device list will display the FortiGate and its ADOM assignment information.

4) Now create an admin user with required privilege and restrict access to that user only for the specific required ADOM on FortiAnalyzer.

5) Perform SQL database rebuild for both the Old and New ADOM. This is required to remove any Analytic logs from the OLD ADOM for that VDOM and also to create Analytic Database for the respective VDOM on the new ADOM.

-To rebuild SQL for a specific ADOM, execute the below syntax:

#execute sql-local rebuild-adom <adom>                             <----- Input ADOM name to rebuild the SQL database.

-To check the status of SQL rebuild

#diag sql status rebuild-adom <adom>                                         <----- Input ADOM name  to rebuild the SQL database.