Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sfksg
New Contributor

Created on ‎08-03-2016 06:08 AM

VDOM establish--what happens to my current settings?

We have a need to use VDOMs, which I'm not currently using. I have a fairly extensive configuration (IPSec, VPN clients, email and web filtering, etc.).  When enabling  VDOMs, what exactly happens to my current configuration?  If I have all that sort of logic set up, how disruptive is it going to be?  I'd like to get my current config going in a single VDOM before I start experimenting with an additional VDOM.  

 

The documentation is kind of unclear about this, so forgive me if this is a FAQ that I just can't locate a good answer to.  I'm a total newbie with VDOMs, and don't have an extra Fortigate to use in a lab so I'm unfortunately experimenting with production here.  Thanks in advance!

 

- Steve

 

Labels:
7035
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎08-04-2016 05:42 PM

According to Fortinet SE the problem mentioned (bug #0295291) affected only to FG60D. I just got an answer. So you're probably ok.

View solution in original post

2984
0 Kudos
7 REPLIES 7
Toshi_Esumi
SuperUser
SuperUser

Created on ‎08-03-2016 09:38 AM

When you enable vdom-admin in config system global, everything you have now should go into "root" vdom and nothing should break.

2943
0 Kudos
emnoc
Esteemed Contributor III
In response to Toshi_Esumi

Created on ‎08-03-2016 10:29 AM

everything you have now should go into "root" vdom

 

 

Actually everything that's built before vdom-enable is already in  "root" vdom to begin with . Nothing goes into root and the meer enabling  of  vdom support does not change any existing cfg.

 

What happens,  1> the  individual  vdom cfgs files are created ( this how you do per-vdom backup  btw ) 2> and now you can create new vdom 3> ( vdom  root can NOT be deleted )

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2943
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to emnoc

Created on ‎08-04-2016 09:07 AM

Obviously I don't know the architecture of FortiOS. Sorry.

But one thing I forgot to mention, that might break if you are running 5.2 and happen to have PPPoE (or probably DHCP as well) interfaces. It might be dependent of the model. At least FG60D's PPPoE interfaces (we first found this with FEXT-20B+4G Modem) don't become active as soon as we created a new vdom then rebooted it. This was introduced with 5.2.4 and identified as a bug last year but even 5.2.8 still doesn't have a fix built in. If you have a similar set up, you better check with TAC. 

2943
0 Kudos
sfksg
New Contributor
In response to Toshi_Esumi

Created on ‎08-04-2016 03:01 PM

Thanks. All my interfaces are static IPs, so that easy enough.

2943
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎08-04-2016 05:42 PM

According to Fortinet SE the problem mentioned (bug #0295291) affected only to FG60D. I just got an answer. So you're probably ok.

2985
0 Kudos
sfksg
New Contributor
In response to Toshi_Esumi

Created on ‎08-05-2016 06:00 AM

Thanks!

2943
0 Kudos
sfksg
New Contributor
In response to emnoc

Created on ‎08-04-2016 03:02 PM

So my original config continues to be the root vdom, and now I can create a second vdom with it's unique config? I don't see myself using more that 2 vdoms anytime soon.  

 

Thanks!

 

2943
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.