This article explains how to change which VDOM is to be used for FortiGuard services and updates when the multi-VDOM mode is used.

FortiGate v7.2.3+.

This is useful when a management VDOM has no internet connectivity.

By default, FortiGate communicates to FortiGuard servers using management VDOM.

Sometimes, management VDOM has no internet access, in such scenarios it is possible to configure FortiGuard settings to use different VDOM to reach to FortiGuard servers. DNS setting is also required in 'Internet_Frontend_FW'.   

For the purpose of this example, only 'Internet_Frontend_FW' VDOM has internet access.

Fortigate_VM (global) # show

config system global

    set admin-https-redirect disable

    set admin-server-cert "self-sign"

    set admintimeout 480

    set alias "FGVM01TM21000517"

    set hostname "Fortigate_VM"

    set lldp-transmission enable

    set management-port-use-admin-sport disable

    set management-vdom "mgmt_vdom"

    set timezone 28

end

Fortigate_VM (fortiguard) # show

config system fortiguard

    set fortiguard-anycast disable

    set protocol udp

    set port 8888

    set update-server-location usa

    set vdom "root"

    set sdns-server-ip "208.91.112.220" "99.83.179.12"      "45.75.200.89"

end

Syntax:

config global

    config system fortiguard

        set vdom Internet_Frontend_FW

    end

end

config vdom
    edit Internet_Frontend_FW
        config system vdom-dns
            set vdom-dns enable
            set primary 8.8.8.8
end