FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 196267
This article describes how to assign interfaces for specific VDOM.

In this example, assign two interfaces each to VDOM-A and VDOM-B: one for Internet access and one for use by the local network.

It is not possible to change the VDOM assignment if an interface is used in an existing FortiGate configuration.
It is necessary to delete existing policies and routes in order to add a particular interface, as some FortiGate models have default configurations.

1) To assign an interface that provides VDOM-A with Internet access, go to Network -> Interfaces and edit an interface (in the example, WAN1).
2) Set Virtual Domain to VDOM-A and Role to WAN.
- If the ISP provides an IP address, set Addressing mode to Manual and set the IP/Network Mask to that IP address.
- If the ISP equipment uses DHCP, set Addressing mode to DHCP to allow the equipment to assign an IP address to WAN1.

4) To assign an interface for the VDOM-A internal network, go to Network -> Interfaces and edit the interface (in the example, PORT1).
5) Set Virtual Domain to VDOM-A and Role to LAN.
6)Set Addressing Mode to Manual, assign an IP/Network Mask to the interface (in the example,, and set Administrative Access to HTTPS, PING, and SSH.
7) To assign IP addresses to devices on the internal network, enable DHCP Server.

8) Repeat the above steps to assign interfaces to VDOM-B.