Description
This article describes how to configure split-task VDOM mode With Fortinet Security Fabric.
Scope
FortiOS versions before v7.2.0. See the end of the article for information regarding higher versions.
Solution
Virtual Domains (VDOMs) are used to divide a FortiGate into two or more virtual units that function independently.
VDOMs can provide separate security policies and, in NAT mode, completely separate configurations for routing and VPN services for each connected network.
There are two VDOM modes:
- Split-task VDOM mode: One VDOM is used only for management, and the other is used to manage traffic. See Split-task VDOM mode.
- Multi VDOM mode: Multiple VDOMs can be created and managed as independent units. See Multi VDOM mode.
Split-task VDOM mode simplifies deployments that require only one management VDOM and one traffic VDOM.
The management VDOM is used to manage the FortiGate, and cannot be used to process traffic.
The traffic VDOM provides separate security policies, and is used to process all network traffic.
Split-task VDOM mode is not available on all FortiGate models.
The Fortinet Security Fabric supports split-task VDOM mode.
Enable split-task VDOM mode.
Split-task VDOM mode can be enabled in the GUI or CLI.
Enabling it does not require a reboot, but does log you out of the FortiGate.
From the CLI:
config system global
set vdom-mode split-vdom
end
set vdom-mode split-vdom
end
From the GUI:
- Go to System -> Settings.
- In the 'System Operation Settings' section, select the 'Virtual Domains' checkbox.
- Select 'Split-Task VDOM' for the VDOM mode.
- Select a dedicated management interface from the Interface list. This interface is used to access the management VDOM, and cannot be used in firewall policies.
- Select 'OK'.
Note: Split-task VDOM mode is not supported in FortiOS version 7.2.0 and above. In these versions, the split-task VDOM feature is removed and replaced with a new VDOM type named 'Admin'.
Related document:
