Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
johnlloyd_13
Contributor

Created on ‎10-27-2024 06:52 PM Edited on ‎10-27-2024 06:53 PM

Manage VDOM in separate ADOM

hi,

would it be possible or does it make sense to have a multi VDOM FG managed in FMG to be in separate ADOM?

for example, the "core or critical" VDOM such as the "root" and "internet access" are added in the "root" ADOM, then the rest of the "customer" VDOMs would be provisioned/managed in a separate ADOM.

 

we'll deploy an "internet access" VDOM deployment. refer to sample diagram/scenario.

the root VDOM in the diagram will be our "internet access" VDOM, like an internet edge device. the rest of the customer VDOM will connect (vlink) to the root/internet access VDOM.

 

image.png

 
Labels:
324
0 Kudos
1 Solution
msanjaypadma
Staff
Staff

Created on ‎10-30-2024 03:06 AM

Hi @johnlloyd_13 ,

Advanced mode will allow you to assign a VDOM from a single device to a different ADOM.

 

Advanced ADOM mode cannot be enabled when a remote FortiAnalyzer is being managed by FortiManager.


Reference article : 
https://docs.fortinet.com/document/fortimanager/7.2.0/administration-guide/488375/advanced-settings

 

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

Mayur Padma

View solution in original post

225
4 REPLIES 4
msanjaypadma
Staff
Staff

Created on ‎10-29-2024 05:31 AM

Hi @johnlloyd_13 ,

 

I hope below link will address your query. 

Technical Tip: How to distribute FortiGate VDOMs in different FortiManager ADOMs

https://community.fortinet.com/t5/FortiManager/Technical-Tip-How-to-distribute-FortiGate-VDOMs-in-di...

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

Mayur Padma
258
johnlloyd_13
Contributor

Created on ‎10-29-2024 05:42 PM

hi,

we're using FMG 7.2, do we still need to configure below in order to support VDOM in different (or moving) ADOM?

does this CLI command "break" anything (i.e. FG VDOM talking/syncing to FMG)?

or is it safe to just simply apply the config?

 

config system global
set adom-mode advanced
end

238
0 Kudos
msanjaypadma
Staff
Staff

Created on ‎10-30-2024 03:06 AM

Hi @johnlloyd_13 ,

Advanced mode will allow you to assign a VDOM from a single device to a different ADOM.

 

Advanced ADOM mode cannot be enabled when a remote FortiAnalyzer is being managed by FortiManager.


Reference article : 
https://docs.fortinet.com/document/fortimanager/7.2.0/administration-guide/488375/advanced-settings

 

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

Mayur Padma
226
johnlloyd_13
Contributor

Created on ‎10-30-2024 03:11 AM

hi,

thanks for these links! they're very useful.

221
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.