Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RichV
New Contributor II

VDOM for MGMT Port but VDOM Not Enables

Hello,

   I have recently taken over a site that has a Pair of FortiGate 100F's (6.4.8). Looking at the GUI I see VDOMs are not enabled. When I query the Sys Global Full Config VDOM-MODE is set to NO-VDOM.  However when I query the System Interfaces I see that the MGMT Port is not on the Root VDOM. I believe the prior person manually set this and setup IPs so he could manage each unit separately via the MGMT Port as each has it's own IP and HTTPS and Management enabled.  Is there some documentation on setting this up or did he just do this himself. Is this a viable config or will there be possible issues to look for?

1 Solution
Debbie_FTNT

Dear Rich,

the dmgmt_vdom is a dedicated management vdom where interfaces with 'dedicated-to management' go into, same as vsys_hamgmt is is the dedicated HA management vdom.
Even with vdoms enabled, the vsys_hamgmt and dmgmt_vdom still technically exist and can't be deleted.

If you unset the 'dedicated-to management' option in the interface, it should return to root VDOM.

Hope this helps!

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

View solution in original post

11 REPLIES 11
Kangming
Staff
Staff

Hi

The device should use the Technical Tip: HA Reserved Management Interface feature.

 

You will find that the independently managed HA Reserved Management interface looks like an independent lightweight VDOM, which is isolated from the root VDOM, have an independent  routing, so that the feature of independent network management two HA FGT can be realized

 

FGT101E # execute enter
<name>    vdom name
vsys_hamgmt   --- >  HA Reserved Management Interface Lightweight & Hidden VDOM
root

Thanks

Kangming

RichV
New Contributor II

Thanks for the reply I did look at this and it does not appear this is enabled as it show off when I connect to the HA Master and Edit. I really think he just went into the CLI and manually put the VDOM of the MGMT interface on a different named vdom

 

Kangming

You are welcome.

How do you see multiple VDOMs, if you do not enable VDOM, there is no way to add interfaces to other VDOM, there is the only root in CLI/GUI.

Thanks

Kangming

RichV
New Contributor II

From the CLI:

#show sys interfaces

RichV_0-1641495200721.png

 

Kangming

Yeah, It looks really strange, you can share the configuration below ha

# config system ha
# show

Thanks

Kangming

RichV
New Contributor II

Here is what is below the HA Config very basic

RichV_0-1641503340645.png

 

Kangming

Check if this VDOM is configured in other places:

# show full-configuration | grep -f dmgmt-vdom

Thanks

Kangming

RichV
New Contributor II

This is the only Place:


#dedicated-management=dmgmt-vdom <---
config system interface
edit "mgmt"
set vdom "dmgmt-vdom" <---

 

Debbie_FTNT

Dear Rich,

the dmgmt_vdom is a dedicated management vdom where interfaces with 'dedicated-to management' go into, same as vsys_hamgmt is is the dedicated HA management vdom.
Even with vdoms enabled, the vsys_hamgmt and dmgmt_vdom still technically exist and can't be deleted.

If you unset the 'dedicated-to management' option in the interface, it should return to root VDOM.

Hope this helps!

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++