We have a need to use VDOMs, which I'm not currently using. I have a fairly extensive configuration (IPSec, VPN clients, email and web filtering, etc.). When enabling VDOMs, what exactly happens to my current configuration? If I have all that sort of logic set up, how disruptive is it going to be? I'd like to get my current config going in a single VDOM before I start experimenting with an additional VDOM.
The documentation is kind of unclear about this, so forgive me if this is a FAQ that I just can't locate a good answer to. I'm a total newbie with VDOMs, and don't have an extra Fortigate to use in a lab so I'm unfortunately experimenting with production here. Thanks in advance!
- Steve
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
According to Fortinet SE the problem mentioned (bug #0295291) affected only to FG60D. I just got an answer. So you're probably ok.
When you enable vdom-admin in config system global, everything you have now should go into "root" vdom and nothing should break.
everything you have now should go into "root" vdom
Actually everything that's built before vdom-enable is already in "root" vdom to begin with . Nothing goes into root and the meer enabling of vdom support does not change any existing cfg.
What happens, 1> the individual vdom cfgs files are created ( this how you do per-vdom backup btw ) 2> and now you can create new vdom 3> ( vdom root can NOT be deleted )
PCNSE
NSE
StrongSwan
Obviously I don't know the architecture of FortiOS. Sorry.
But one thing I forgot to mention, that might break if you are running 5.2 and happen to have PPPoE (or probably DHCP as well) interfaces. It might be dependent of the model. At least FG60D's PPPoE interfaces (we first found this with FEXT-20B+4G Modem) don't become active as soon as we created a new vdom then rebooted it. This was introduced with 5.2.4 and identified as a bug last year but even 5.2.8 still doesn't have a fix built in. If you have a similar set up, you better check with TAC.
Thanks. All my interfaces are static IPs, so that easy enough.
According to Fortinet SE the problem mentioned (bug #0295291) affected only to FG60D. I just got an answer. So you're probably ok.
Thanks!
So my original config continues to be the root vdom, and now I can create a second vdom with it's unique config? I don't see myself using more that 2 vdoms anytime soon.
Thanks!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1468 | |
1006 | |
748 | |
443 | |
206 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.