Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
Nour
Staff
Staff

Created on ‎05-10-2024 03:20 AM Edited on ‎05-13-2024 04:57 AM By Community Manager

Article Id 314234

Technical Tip: FortiManager configuration interface changes in Advanced ADOM mode

Description This article describes how the VDOM interface device configuration install works in Advanced ADOM mode (i.e. Each VDOM of the FortiGate resides on a separate ADOM on the FortiManager).
Scope
  • FortiManager: Configured in Advanced ADOM mode, with several ADOMs, where ADOM configuration is similar to the below:
    • Non-MGMT-ADOMs: ADOM_1, ADOM_2, ADOM_3,...: containing VDOM_1, VDOM_2, VDOM_3, ..
    • MGMT_ADOM: Contains root (Or management VDOM) of the FortiGate.
  •  FortiGate configured with several VDOMs.
Solution

Behavior: 

  • Users can change under Network -> Interfaces,  interface settings of each VDOM using 2 methods:
    • From the corresponding Non-MGMT-ADOMs.
    • From MGMT_ADOM where all the interfaces are listed.
  • The above changes impact the device config status of the device in all ADOMs belonging to this device.
  • However, the Device config installation can only be done from the ADOM where the VDOM with the changes resides.
  • Similarly, the installation preview can only be seen from the ADOM where the VDOM with the changes resides.

 

Example:

Assuming that port1 belongs to VDOM_1 that resides in ADOM_1, it is possible to change something within the configuration of port1 from either MGMT_ADOM or ADOM_1.

 

  • The below would be the Config Status of VDOM_2 that resides in ADOM_2, showing a 'Modified' status of our device, but a 'Synced' status of the VDOM. The status would be the same from MGMT_ADOM or any other Non-MGMT-ADOMs except ADOM_1.

 

2.png

 

  • Attempts to install the device config from MGMT_ADOM or any other VDOM except VDOM_1 would not be possible.
  • Checking the installation preview from MGMT_ADOM or any other VDOM except VDOM_1 would show no changes
  • Below would be the Config Status of VDOM_1 that resides in ADOM_1, where the changes were made, showing a 'Modified' status of the device, and a 'Modified' status of the VDOM.

 

3.png

 

  • Device configuration would then be possible, moreover, the installation preview would show us the changes done in port1.

Related article:

Technical Tip: SAML SSO - FortiManager/FortiAnalyzer Troubleshooting Options
369
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.