Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
fwilliams
Staff
Staff

Created on ‎08-30-2022 12:34 PM Edited on ‎03-12-2025 04:21 PM By Staff

Article Id 222354

Technical Tip: Installing VDOM licenses in HA environment

Description

This article describes how to install VDOM licenses in HA environment.

 
Scope

FortiGate v6.4

FortiGate v7.0

FortiGate v7.2

Configured in HA cluster.
Product which supports additional VDOM license, for example FortiGate 2000E but not FortiGate 60F.
Solution

An administrator might require to increase the number of configurable VDOMs on the FortiGate in HA.

One typical reason a site may require additional VDOMs is if the site supports multiple tenants and each tenant must be placed in its own VDOM. Most FortiGate models support up to 10 VDOMs by default. Some products support additional VDOM licensing to increase this amount. For example, a FortiGate 2000E comes with 10 VDOMs, but can support up to 500 with appropriate licenses installed.

 

WARNING: configuring more VDOMs than a cluster member's licensing allows will create a split-brain condition. This will cause degraded network performance. Ensure all cluster members support the required number of VDOMs before creating the additional virtual domains.


In this example, an administrator purchased a 10 VDOM license for the primary's serial number and applied it to the primary device following instructions in Technical Tip: How to activate a VDOM licence from CLI.

primary # config global

primary (global) # execute upd-vd-license XXXX-YYYY-ZZZZ-X

update vdom license succeeded.

 

Now the primary unit shows '20 VDOMs' are configurable.

 

primary # config global

primary (global) # get system status | grep "Max number"
Max number of virtual domains: 20

 

However, the secondary unit still shows only 10 configurable VDOMs.

 

secondary # config global

secondary (global) # get system status | grep "Max number"
Max number of virtual domains: 10

 

The license key from the primary device is not valid for the secondary unit.

 

secondary # config global

secondary (global) # execute upd-vd-license XXXX-YYYY-ZZZZ-X

decode vdom license key failed

Command fail. Return code -1003

 

Fix:

Purchase a second VDOM license and register it to the secondary unit’s serial number. Then enter the second license key on the secondary device.

secondary # config global

secondary (global) # execute upd-vd-license AAAA-BBBB-CCCC-D

update vdom license succeeded.

 

The secondary device now supports the required number of VDOMs and it is safe to configure up to twenty (20) virtual domains on the cluster.

 

secondary # config global

secondary (global) # get system status | grep "Max number"
Max number of virtual domains: 20

 
Labels:
6170
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.