I've been playing around with Split-Task VDOMs, and there are a few peculiarities I was hoping Fortinet could shine some light on.
In Split-Task VDOM mode, there are three config modes, Global (for all VDOMS) and one for traffic (FG-traffic) and one for management (root). The only config mode that provides the ability to configure admin users is Global, however that page in the GUI lacks the ability to assign users to one or more VDOMS, so admin users seem to only be able to configured as global admins. This seems contrary to one of the intended purposes of using multiple VDOMs. Is this because I configured Split-task VDOM and not Multi-VDOM mode? With Multi-VDOM mode do you define users in each VDOM or in the Global config mode and then assign them to one or more VDOMs.
The part that is more of a problem is I no longer have access to configure remote authentication like Radius from the GUI. If I go to the CLI, and the root VDOM I can see my radius servers which I configured prior to configuring split-task VDOM mode, but why is there no config section for Radius visible in the GUI for either the global context or the root VDOM for administrative users? It seems like there should be a Radius section in the Global config context since that is where you define admin users.
I'm running 6.4.9 FortiOS, but I saw the same behavior with FortiOS 6.2.8 as well. I have not tried this with 7.0 or 7.2.