Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jo_rang
Staff
Staff

Created on ‎10-24-2025 06:24 AM

Article Id 416316

Troubleshooting Tip: FortiGate VM stops passing traffic when a new VDOM is created

Description This article describes a scenario where a FortiGate Virtual Machine stops passing traffic when the Number of VDOMS created exceeds the maximum number of licensed VDOM.
Scope FortiGate VM v7.2+.
Solution

Ensure that the VM has a VALID License by running the command 'get system status'.

 

get system status


Version: FortiGate-VM64 v7.4.8,build2795,250523 (GA.M)
First GA patch build date: 230509
...
Serial-Number: FGVMSLTMxxxxxxxx
License Status: Valid                          <----- License is valid.
License Expiration Date: 2030-08-27
VM Resources: 2 CPU/2 allowed, 5962 MB RAM
...
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 7               <----- Maximum Number of allowed VDOMs
Virtual domains status: 2 in NAT mode, 1 in TP mode   <----- Number of VDOMS currently configured.
Virtual domain configuration: multiple

...

System time: Thu Sep 25 10:14:39 2025
Last reboot reason: warm reboot

 

Ensure that the VDOM license has not expired:

 

config global

diagnose debug vm-print-license

SerialNumber: FGVMSLTMxxxxxxxx
CreateDate: Mon Sep 22 16:00:16 2025
License expires: Tue Aug 27 19:00:00 2030
Key: yes
Cert: yes
Key2: yes
Cert2: yes
Signature: yes
Model: SL (18)
CPU: 2 (subscription:2)
MEM: 2147483647
VDOM license:
permanent: 2        <----- Valid license.
subscription: 5    
expires: Mon Jul 7 19:00:00 2025    <----- Expired license.

 

The output above shows that the FortiGate has a permanent license for 2 VDOM's and a Subscription license that allows 5 additional VDOM. However, the VDOM subscription is expired. With this configuration, the FortiGate only allows 2 VDOMs. If a third VDOM is created, all VDOMS except for the Root will be disabled.

 

The command 'diagnose sys vd list | grep name' will display the status of the VDOMS.

 

FG-LABVM-01 (global) # diagnose sys vd list | grep name
name=root/root index=0 enabled fib_ver=48837 rpdb_ver=48585 use=133 rt_num=82 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0

name=VDOM2/VDOM2 index=2 disabled fib_ver=47 rpdb_ver=1 use=12 rt_num=0 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0
name=vsys_ha/vsys_ha index=1 enabled fib_ver=8 rpdb_ver=1 use=6 rt_num=0 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0
name=vsys_fgfm/vsys_fgfm index=2 enabled fib_ver=15 rpdb_ver=0 use=8 rt_num=2 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0

name=VDOM3/VDOM3 index=1 disabled fib_ver=11 rpdb_ver=0 use=8 rt_num=0 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0

 

To restore connectivity, delete the additional VDOMs or apply a VDOM license or VDOM subscription to the FortiGate.

 

Related articles:
Labels:
94
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.