The internet-service-custom entry is part of the FortiGate configuration no matter whether it has been used or not.

When deploying configuration from FortiManager to FortiGate device with multiple Virtual Domains (VDOMs), custom Internet Services are installed across all VDOMs, regardless of their usage in specific policies. This behavior is due to the global nature of Internet Service objects within the FortiGate architecture.

Internet Service objects, including custom ones, are treated as global objects within FortiGates. When FortiManager installs these objects, they are distributed to all VDOMs to ensure consistency and availability across the entire device and VDOMs.

Example:

1. Create custom internet service on FortiManager:

2. The new customer internet service is not used on any policy within the VDOMs. However, the policy package status both all VDOMs is modified.

3. Install policy packages to corresponding VDOMs. Installation preview shows custom internet service is going to be installed on each VDOM regardless it is being used on any policy or not.

4. On FortiGate, the custom internet service is installed on each VDOM.