Hello,
some questions, please
1 ) I need know use case between (limitation, advantage/inconvenience) :
use GLOBAL ADOM (push to many devices or vdom)
have many device in ADOM and push same policy package
What it is your opinion ?
2 ) maximum number of managed devices for each ADOM, (it is depend : hardware, license or unlimited)
3 ) What you did think to use fortigate with nat and transparent mode in HA (problem / complexy / limitation)
thank you in advance.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
To elaborate on Adam's reply:
1. you need different ADOMs if you have FGTs with different firmware version as well; Global database is to allow you to create objects you can then push to any ADOM, no matter what firmware it is. You can't really share objects/config between ADOMs, each is its own, isolated container usuallly
-> it depends very much on your FortiManager use case
-> if you're unsure, you can reach out to Fortinet Sales/Professional Services for assistance in assessing what you need and what FortiManager configuration is suitable
2. An ADOM can contain up to the maximum number of devices the FortiManager itself supports. How many devices the FortiManager supports depends on HW model or VM licence. Note that FortiGate VDOMs count as individual devices
3. FortiGates should have an identical configuration in an active-passive (or active-active) cluster, so they will either be in transparent OR in NAT mode (or have VDOMs with both), but if you try to form a cluster with different modes, then the secondary unit will be overwritten
hello,
It is same company but in differents building,(we use adom advance mode). The root is alone. But i would like to know if to use in same adom what it is all benifit of both.
The adom it depend of liense or hardware, but for 1 adom how many vdom/device it is possible
no nat we use only layer 4
Why? Why not use the same ADOM for all devices then? I see no point here in using ADOMs.
Unlimited up until the maximum supported by the FortiManager.
Routed mode / NAT mode means layer4. Transparent is Layer2. So you should not deploy your firewalls in transparent mode.
To elaborate on Adam's reply:
1. you need different ADOMs if you have FGTs with different firmware version as well; Global database is to allow you to create objects you can then push to any ADOM, no matter what firmware it is. You can't really share objects/config between ADOMs, each is its own, isolated container usuallly
-> it depends very much on your FortiManager use case
-> if you're unsure, you can reach out to Fortinet Sales/Professional Services for assistance in assessing what you need and what FortiManager configuration is suitable
2. An ADOM can contain up to the maximum number of devices the FortiManager itself supports. How many devices the FortiManager supports depends on HW model or VM licence. Note that FortiGate VDOMs count as individual devices
3. FortiGates should have an identical configuration in an active-passive (or active-active) cluster, so they will either be in transparent OR in NAT mode (or have VDOMs with both), but if you try to form a cluster with different modes, then the secondary unit will be overwritten
To be able to share objects (that are not device config) between adoms the global adom does exist.
Objects and Policies in there can be assigned to any available adom.
I mainly use this e.g. to maintain my Security Profile Groups and filters so I only need to maintain these in one place but can use these an any of my adoms.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hello,
thanks to everyone,
I have my reponse I will use one Adom and put all device, eeasy for security, upgrade firmware group,
I mean we use layer 4 we not do nat.
I close this subject
Again thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1698 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.