Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Anonymous
Not applicable

Created on ‎07-04-2022 06:04 AM Edited on ‎08-22-2025 03:05 AM By Community Manager

Article Id 216679

Technical Tip: Configuring new administrative VDOM types

Description This article describes the changes that were introduced in v7.2.0 on the Split-task VDOM mode.
Scope FortiGate v7.2.0 and above.
Solution

On FortiOS versions from 6.2.0 to 7.0.X, a FortiGate administrator could configure the firewall to act in split-task VDOM mode.

 

More information regarding the particular feature can be found on the below KB article:

Technical Tip: Configuring split-task VDOM mode With Fortinet Security Fabric

 

From FortiOS v7.2.0+ GA releases the split task VDOM feature was removed and a new VDOM type named Admin was introduced. Important details regarding the new feature are:

 

  1. There can be two types of VDOMs:
    1. Admin type which can be only used for management access.
    2. Traffic type which is used for passing traffic through the firewall.

 

  1. Only one administrative VDOM can exist at a time.

     

  2. Upon upgrade to v7.2.0+ releases, if a FortiGate was configured in split-task VDOM mode, it will be automatically converted to multi-VDOM mode.

    1. The FortiGate-traffic VDOM will now become a Traffic VDOM.

    2. The root VDOM will now become an Admin-type VDOM.

       

 

To configure the VDOM feature in CLI, enabling multi-VDOM mode is needed.

 

The following commands are used to enable multi-VDOM mode.

 

config system global

    set vdom-mode multi-vdom

end

 

You will be logged out for the operation to take effect.
Do you want to continue? (y/n)

 

Then, on the individual VDOM:

 

config vdom

    edit <Name_Of_The_VDOM>

        config system settings

            set vdom-type {traffic | admin}

end

 

In case there is an issue using all of the VDOMs as applied in the license information below, follow the steps.

get system status
Max number of virtual domains: 7 <--------
Virtual domains status: 6 in NAT mode, 0 in TP mode

 

The following debug outputs can be used to check the error displayed :


diagnose debug reset
diagnose debug console timestamp ena
diagnose debug cli 8
diagnose debug application httpsd -1
diagnose debug enable

 

When it ends stop by :

 

diagnose debug disable

 

config global
    config system vdom
        edit "Test"
            set short-name "Test"
root vdom type must be admin to create new vdom. <---
end
[httpsd 9289 - 1737536317 info] cmdb_save_with_children[280] -- appended main node (nret=-4, is_new=1)
[httpsd 9289 - 1737536317 error] cmdb_save_with_children[285] -- saving failed for main node: 'vdom' (err=-4)

[httpsd 9289 - 1737536317 error] cmdb_commit_from_json[2186] -- error saving request object to CLI (-4)
[httpsd 9289 - 1737536317 error] _api_cmdb_v2_config[1456] -- error editing object (nret=-4)
[httpsd 9289 - 1737536317 warning] api_return_http_result[1304] -- API error -4 raised

 

The solution to this issue is that the 'root' vdom should be 'admin-VDOM' to add another 'traffic-VDOM'.
6716
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.