Technical Tip: How to use non management VDOM for Fortiguard services and updates

This article explains how to change which VDOM to be used for FortiGuard services and updates when the multi-VDOM mode is used.

FortiGate v7.2.3+.

This is useful when management VDOM has no internet connectivity.

Sometimes, management VDOM has no internet access, in such scenarios it is possible to configure FortiGuard settings to use different VDOM.

For the purpose of this example, only 'Internet_Frontend_FW' VDOM has internet access.

Fortigate_VM (global) # show

# config system global

    set admin-https-redirect disable

    set admin-server-cert "self-sign"

    set admintimeout 480

    set alias "FGVM01TM21000517"

    set hostname "Fortigate_VM"

    set lldp-transmission enable

    set management-port-use-admin-sport disable

    set management-vdom "mgmt_vdom"

    set timezone 28

end

Fortigate_VM (fortiguard) # show

# config system fortiguard

    set fortiguard-anycast disable

    set protocol udp

    set port 8888

    set update-server-location usa

    set vdom "root"

    set sdns-server-ip "208.91.112.220" "99.83.179.12"      "45.75.200.89"

end

Syntaxis:

config global

config system fortiguard

    set vdom Internet_Frontend_FW

end