Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BrianD
New Contributor

Created on ‎04-28-2022 11:25 AM

Vdom-Exceptions not showing all options

Hello, I am trying to setup a VDOM-Exception

 

reference:

Administration Guide | FortiGate / FortiOS 7.2.0 | Fortinet Documentation Library

 

 When I go enter conf sys vdom-exception and edit 1, the only option I have is to "set object". Per the documentation, I should be able to "set scope" and "set vdom". 

Further, when I go into "set object", I am missing most of the options. I can only set logs and a couple of system settings, but no interfaces, firewall, router or any other functional items.

 

I am engaged with my SE on this and it has been escalated, however they are confused as well. I have tried this on 4 different ha clusters of firewalls with different versions of firmware ranging from 6.4.7 to 7.2.0 and using FGT60e's, FGT300e's, FGT501e's and FGTVM's.

 

Any idea on how to get this working?

Labels:
1427
0 Kudos
5 REPLIES 5
jintrah_FTNT
Staff
Staff

Created on ‎04-28-2022 11:19 PM

Hi,

 

This is mainly used if you need to override the default/global settings used for some/required vdoms. So the selected object should be those that needs an override from defaults.For example,

 

config system vdom-exception
edit 1
set object log.fortianalyzer.override-setting
set scope inclusive
set vdom "Student"
next
end

 

best regards,

Jin

 

1367
0 Kudos
Debbie_FTNT
Staff
Staff

Created on ‎04-29-2022 12:14 AM

To elaborate on Jin's post:

- the FortiGate will sometimes hide/not allow settings before a different parameter is set

- in the VDOM expection settings, you must first specify an object, and THEN you can specify scope, and if scope is inclusive/exclusive, THEN you can specify VDOMs.

Debbie_FTNT_0-1651216445686.png

You have something similar with interface settings in CLI for example - you can only set an IP if the interface is set to static; if it's set to DHCP, there is no 'set ip' option available.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
1362
BrianD
New Contributor

Created on ‎04-29-2022 06:34 AM

Thank you both for your replies.

Jin, I am using VDOM Exceptions because I would like to have a HA cluster members in different physical sites. I need a unique vdom at each location for connectivity to different subnets. 

 

Debbie, I did try to set the object parameter just as you did in your example, however I still do not have any additional options. 2022-04-29 08_28_43-FortiGate - FW1 and 4 more pages - Work - Microsoft​ Edge.jpg

1355
0 Kudos
jintrah_FTNT
Staff
Staff
In response to BrianD

Created on ‎04-30-2022 01:15 AM

Hi,

 

You should be able to use the override-setting objects for different connectivity for different vdoms.

 

Best regards,

Jin

 

1345
0 Kudos
AlexFerenX
New Contributor
In response to jintrah_FTNT

Created on ‎07-15-2023 01:11 AM Edited on ‎07-15-2023 01:34 AM

You didn't answer the question. Look at Technical Tip: Exclude few config to sync between HA members with 'vdom-exception' - there are many more objects there (including "no interfaces, firewall, router or any other functional items") than those available at CLI in 7.x.

584
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.