FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
naveenk
Staff
Staff
Description
This article describes how to configure per-VDOM administrators.

Solution
Per-VDOM administrators can be created to access only the management or traffic VDOM.
These administrators have to use either the prof_admin administrator profile, or a custom profile.

A per-VDOM administrator can only access the FortiGate through a network interface that is assigned to the VDOM that they are assigned to.
The interface has also to be configured to allow management access.
It can also connect to the FortiGate using the console port.

To assign an administrator to multiple VDOMs, it has to be created at the global level.
When creating an administrator at the VDOM level, the super_admin administrator profile cannot be used.

To create a per-VDOM administrator From GUI:
1) On the FortiGate, connect to the management VDOM.
2) Go to Global -> System > Administrators and select 'Create New' -> Administrator.
3) Fill in the required information, setting the Type as Local User.
4) In the Virtual Domains field, add the VDOM that the administrator will be assigned to, and if necessary, remove the other VDOM from the list.





5) Select 'OK'.

To create a per-VDOM administrator from CLI:
# config global
# config system admin

    edit <name>
        set vdom <VDOM_name>
        set password <password>
        set accprofile <admin_profile>
    end
end

Contributors