In some network environments with a pair of FortiGate in HA A-P mode with two or more VDOM, it is possible to make some of the VDOMs active in one of the primary FortiGate and other VDOMs active on the secondary FortiGate.

This is called virtual clustering with VDOM partitioning:

Step 1: Check if the HA is in sync. This can be checked under System -> HA. 

Step 2: Select the Primary device and select Edit and then enable VDOM Partitioning. The GUI should look like the one below.

Note that only one virtual cluster exists at this stage. 

Step 3: Select Create New, then select the VDOMs to be migrated to the virtual cluster 2. In this example, the VDOM TEST has been created as part of the virtual cluster 2. Select OK.

Step 4: The GUI will show two clusters and their respective VDOMs. Virtual Cluster 1 with PROD and root, Virtual Cluster 2 with TEST. Select OK.

Step 5: The GUI should show the HA page with FortiGates out of sync. 

Just select Refresh before proceeding.

Step 6: Select the TEST VDOM on secondary FortiGate (FW-SEC) and increase the priority to make it primary. 

Traffic to TEST VDOM will be handled by FW-SEC and traffic to PROD and root VDOMs will be handled by FW-PRI. 

Note:

Keep in mind that only the active VDOM handles the routing table. The output from the standby VDOM will show empty.

FIB is synchronized between the active and standby VDOMs. After HA failover of the VDOM, the packets are forwarded to the new member, because FIB is synchronized.

Related documents:

Virtual-clustering

Technical Tip: Upgrading HA virtual cluster with VDOM Partitioning with more than two FortiGates

HA virtual cluster setup - FortiGate administration guide