Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
vraev
Staff
Staff

Created on ‎08-01-2025 12:59 AM Edited on ‎08-01-2025 06:02 AM By Moderator

Article Id 404029

Technical Tip: Global objects in multi-vdom and advanced ADOM mode behavior in FortiManager and FortiGate

Description

 

This article describes how to use the global object in advanced ADOM mode in FortiManager.

 

Scope

 

FortiManager, FortiGate.

 

Solution

 

Note:  

  • This is expected behavior due to the separation of the ADOM database.
  • The type of external connectors can be different per version.
  • Advanced ADOM device mode must be enabled to assign VDOMs across different ADOMs. Normal mode does not permit cross‑VDOM ADOM assignment.

 

The following example is used for the test.

 

FortiGate with GLOBAL, root, VDOM1 ('multi-vdom' enabled).

config system global
	set vdom-mode multi-vdom
end


FortiManager with an Administrative domain in advanced mode.

config system global
	set adom-mode advanced
	set adom-status enable
end
 

FortiGate GLOBAL and root VDOM are in the root ADOM of the FortiManager. VDOM1 VDOM is present in ADOM1 ADOM:


FGT_FMG_relation.png

 

 The possible external connectors in FortiGate GLOBAL are shown below.

 

FGT_GLOBAL_vdom_ext_connectors.png

 

The possible external connectors in FortiGate VDOM1 VDOM are shown below.

 

FGT_VDOM1_ext_connectors.png

 

Create in FortiManager a g-object in Policy & Objects, assign it to a policy, and install it in the root VDOM of the FortiGate.

 

FMG_FGT_GLOBAL_test_feed_PO.png

 

The g-object is visible under the FortiGate VDOMs but not in the FortiManager ADOM1.

 

FGT_VDOM1_ext_connectors_present.png

 FMG_FGT_VDOM1_test_feed_notpresent.png

 

If the g-object is used in a policy under VDOM1 VDOM and retrieved (root ADOM and Import under ADOM1 ADOM).

 

FGT_VDOM1_test_policy_with_g-object.png

 

FMG_FGT_VDOM1_import_after_policy_creation.png

 

It will be visible in the Policy & Objects of ADOM1.

 

FMG_FGT_VDOM1_test_feed_present_after_policy_import.png

220
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.