Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
johnlloyd_13
Contributor II

Manage VDOM in separate ADOM

hi,

would it be possible or does it make sense to have a multi VDOM FG managed in FMG to be in separate ADOM?

for example, the "core or critical" VDOM such as the "root" and "internet access" are added in the "root" ADOM, then the rest of the "customer" VDOMs would be provisioned/managed in a separate ADOM.

 

we'll deploy an "internet access" VDOM deployment. refer to sample diagram/scenario.

the root VDOM in the diagram will be our "internet access" VDOM, like an internet edge device. the rest of the customer VDOM will connect (vlink) to the root/internet access VDOM.

 

image.png

 
1 Solution
msanjaypadma
Staff
Staff

Hi @johnlloyd_13 ,

Advanced mode will allow you to assign a VDOM from a single device to a different ADOM.

 

Advanced ADOM mode cannot be enabled when a remote FortiAnalyzer is being managed by FortiManager.


Reference article : 
https://docs.fortinet.com/document/fortimanager/7.2.0/administration-guide/488375/advanced-settings

 

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

Mayur Padma

View solution in original post

4 REPLIES 4
msanjaypadma
Staff
Staff

Hi @johnlloyd_13 ,

 

I hope below link will address your query. 

Technical Tip: How to distribute FortiGate VDOMs in different FortiManager ADOMs

https://community.fortinet.com/t5/FortiManager/Technical-Tip-How-to-distribute-FortiGate-VDOMs-in-di...

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

Mayur Padma
johnlloyd_13
Contributor II

hi,

we're using FMG 7.2, do we still need to configure below in order to support VDOM in different (or moving) ADOM?

does this CLI command "break" anything (i.e. FG VDOM talking/syncing to FMG)?

or is it safe to just simply apply the config?

 

config system global
set adom-mode advanced
end

msanjaypadma
Staff
Staff

Hi @johnlloyd_13 ,

Advanced mode will allow you to assign a VDOM from a single device to a different ADOM.

 

Advanced ADOM mode cannot be enabled when a remote FortiAnalyzer is being managed by FortiManager.


Reference article : 
https://docs.fortinet.com/document/fortimanager/7.2.0/administration-guide/488375/advanced-settings

 

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

Mayur Padma
johnlloyd_13
Contributor II

hi,

thanks for these links! they're very useful.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors