FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
rameshk_FTNT
Staff
Staff
Description
This article describes how to move a specific FortiGate VDOM from its current ADOM to a new ADOM on either FortiAnalyzer or FortiManager to provide the Administrator or Users separate management access to different VDOMs of the FortiGate.

Solution
1) Enable the ADOM feature on FortiAnalyzer, if not enabled.

Enabling the ADOM will Logout the device once.

2) Set the ADOM mode to 'Advanced'.

In Advanced mode, assign a VDOM from a single FortiGate device to a different ADOM is possible.



3) Create a new ADOM (or use any existing ADOM) and move the respective VDOM  to the new ADOM, which needs to have a separate management access.

System Settings-> All ADOMs-> Create New-> Create a new ADOM and select only the VDOM of FortiGate which needs to be moved to this new ADOM.

Refer a sample screenshot below, on which initially it has added a FGT81E device to the FortiAnalyzer and then enabled ADOM in Advanced Mode. Later while creating the new ADOM, administrator selects VDOM 'test'.


-  Output of #diagnose dvm device list will display the FortiGate and its ADOM assignment information.

4) Now create an admin user with required privilege and restrict access to that user only for the specific required ADOM on FortiAnalyzer.


5) Perform SQL database rebuild for both the Old and New ADOM. This is required to remove any Analytic logs from the OLD ADOM for that VDOM and also to create Analytic Database for the respective VDOM on the new ADOM.

-To rebuild SQL for a specific ADOM, execute the below syntax:
#execute sql-local rebuild-adom <adom>                             <----- Input ADOM name to rebuild the SQL database.
-To check the status of SQL rebuild
#diag sql status rebuild-adom <adom>                                         <----- Input ADOM name  to rebuild the SQL database.

Contributors