We've FortiGate firewalls running without VDOM. Now we need to enable VDOM feature but after we enabled the VDOM feature , the current existing config will be migrated into root VDOM. We don't want the existing config migrated into root VDOM. We only want root VDOM for management purpose only without any other configuration. We want to place the current existing configuration into different/separate VDOM. What can we do to achieve our purpose? Actually we have a bunch of FortiGate running without VDOM and now we need to enable VDOM feature for application team requirements.
Thank you and help me suggest on this. Either manual process or automatic process is fine as long as we can still maintain the current configuration into a separate VDOM other than root-VDOM.
The OP's concern with multi-vdom was all interfaces already existing and anything using them like policies&objects would go into "root" vdom when the mode is set, which is true and which is not desirable for his/her case.
Hi, thank you all for the suggestions . We are now doing tech refresh to our existing fortigate firewalls and we want to make a unique design for all Firewalls. Root-VDOM for management and other VDOM for data traffic.
Recent newly deployment FortiGate firewalls were already with Root-VDOM for management.
So we want the existing firewalls to be the same format as VDOM requirement was critical for the environment now.
You can use split-task VDOM as @Toshi_Esumi suggested—this will put your management into the root VDOM. However please note this is deprecated in current FortiOS release in favour of admin VDOM.
Best thing to do in your case, IMO is take your config, back it up, and edit it in a text editor replacing every instance of "root" in reference to vdom config with your preferred VDOM name then restore this config to the FortiGate (will require a reboot).
Then create a new VDOM named root and use that for management.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.