- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- VDOM and 40C
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VDOM and 40C
Hi there
Does anyone know why VDOMs are no longer available in the combination FortiOS 5+FortiGate 40C? I could not find the information anywhere other than a remark in this forum that it is no longer available, but it would be interesting to know before I downgrade my 40C...
Thanks
Kind regards,
Jaap
Kind regards, Jaap
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How are you trying to enable vdoms?
btw: the fortigate 40C is one of the smallest fgt and if you need vdoms, in a SOHO gear, you might be using the appliance for the wrong need. IIRC the product sheet shows 10/10 default/max in this model, but I would hate to see the network that needs 10 vdoms in this model 
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have also checked the product matrix guide (revised Dec 2012) and it still shows 10/10 VDOMS. The update notes for FortiOS 5.x doesn' t indicate anything missing VDOM wise from the 40C either.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I only need to enable two VDOMs and the manual says it supports it, so I was wondering why in version 5 the 40C no longer does.
I have followed the handbook at
http://docs.fortinet.com/fgt/handbook/50/fortigate-vdoms-50.pdf
but neither the GUI nor the console commands to enable VDOMs are accessible.
I can apparently only create VLANs, using console commands. Which means the VDOM handbook is wrong.
From the guide:
The information in this guide applies to all FortiGate units. All FortiGate models except the FortiGate-30B model support VDOMs, and all FortiGate models support VLANs.
Kind regards,
Jaap
Kind regards, Jaap
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have confirmed by upgrading the firmware on my little Wifi 40C that fortinet has disabled all VDOM support under FortiOS5.x.
What I did...
1. Upgraded the firmware to 4.0MR 3-patch 10.
2. Performed a factory reset.
3. Enabled VDOMS.
4. Upgraded to 5.1 (patch 1).
5. Received several errors on the console (see below).
6. Performed a factory reset.
7. Attempted to enable VDOMs -- discovered no VDOM support commands exist at the CLI level.
8. downgraded the firmware back to 4.0MR3-patch10.
Shame that...I originally purchased the Fortiwifi 40C because it was the only low-end model with VDOM support. Looks like I will not be upgrading this unit to firmware 5.0x.
BTW noticed from factory reset, FortiOS5.0 eats up 10% more memory than 4.0MR3-patch10.
FWF40CXXXXXXXXX login: Checking new firmware integrity ... pass Firmware upgrade in progress ... Done. The system is going down NOW !! Please stand by while rebooting the system. Restarting system. ü FortiWifi-40C (11:21-11.28.2011) Ver:04000004 Serial number: FWF40CXXXXXXXXX CPU(00): 525MHz Total RAM: 512MB Initializing boot device... Initializing MAC... nplite#0 Press any key to display configuration menu... ...... Reading boot image... 1705021 bytes. Initializing firewall... System is starting... Too many entries in all tables of .vpn.ssl.web.portal in vdom root: 1 / vdom-max = 1 Too many entries in all tables of .vpn.ssl.web.portal in vdom root: 1 / vdom-max = 1 Too many entries in all tables of .endpoint-control.profile in vdom root: 1 / vdom-max = 1 Too many entries in all tables of .endpoint-control.profile in vdom root: 1 / vdom-max = 1 Too many entries in all tables of .endpoint-control.profile in vdom root: 1 / vdom-max = 1 The config file may contain errors, Please see details by the command ' diagnose debug config-error-log read' FWF40CXXXXXXXXX login: admin Password: Welcome ! FWF40CXXXXXXXXX # diag debug config-error-log read >>> " set" " vdom-admin" " enable" @ global.system.global:command parse error (error -61) >>> " set" " wanoptgrp" " read-write" @ global.system.accprofile.prof_admin:command parse error (error -6 1) >>> " config" " system" " replacemsg" " webproxy" " deny" @ global:command parse error (error 1) >>> " config" " system" " replacemsg" " webproxy" " user-limit" @ global:command parse error (error 1) >>> " config" " system" " replacemsg" " webproxy" " auth-challenge" @ global:command parse error (error 1) >>> " config" " system" " replacemsg" " webproxy" " auth-login-fail" @ global:command parse error (error 1) >>> " config" " system" " replacemsg" " webproxy" " auth-authorization-fail" @ global:command parse error ( error 1) >>> " config" " system" " replacemsg" " webproxy" " http-err" @ global:command parse error (error 1) >>> " config" " wanopt" " storage" @ global:command parse error (error 1) >>> " config" " firewall" " shaper" " traffic-shaper" @ root:command parse error (error 1) >>> " edit" " web-access" @ root.vpn.ssl.web.portal:failed command (error -4) >>> " edit" " tunnel-access" @ root.vpn.ssl.web.portal:failed command (error -4) >>> " set" " group-type" " fsso-service" @ root.user.group.FSSO_Guest_Users:failed command (error -160) >>> " set" " options" " https-scan" @ root.webfilter.profile.default:failed command (error -160) >>> " set" " category" " 32" @ root.webfilter.profile.default.ftgd-wf.filters.11:value parse error (error -600) >>> " config" " endpoint-control" " app-detect" " rule-list" @ root:command parse error (error 1) >>> " edit" " Recommend_FortiClient" @ root.endpoint-control.profile:failed command (error -4) >>> " edit" " Enforce_FortiClient_AV" @ root.endpoint-control.profile:failed command (error -4) >>> " edit" " P2P_application_detection" @ root.endpoint-control.profile:failed command (error -4) >>> " config" " https" @ root.antivirus.profile.default:command parse error (error 1) >>> " config" " imaps" @ root.antivirus.profile.default:command parse error (error 1) >>> " config" " pop3s" @ root.antivirus.profile.default:command parse error (error 1) >>> " config" " smtps" @ root.antivirus.profile.default:command parse error (error 1) >>> " config" " firewall" " service" " explicit-web" @ root:command parse error (error 1) >>> " config" " wanopt" " rule" @ root:command parse error (error 1) >>> " config" " redistribute" " connected" @ root.router.rip:failed command (error 1) >>> " config" " redistribute" " static" @ root.router.rip:failed command (error 1) >>> " config" " redistribute" " ospf" @ root.router.rip:failed command (error 1) >>> " config" " redistribute" " bgp" @ root.router.rip:failed command (error 1) >>> " config" " redistribute" " isis" @ root.router.rip:failed command (error 1) >>> " config" " router" " ripng" @ root:command parse error (error 1) >>> " config" " redistribute" " connected" @ root.router.ospf:failed command (error 1) >>> " config" " redistribute" " static" @ root.router.ospf:failed command (error 1) >>> " config" " redistribute" " rip" @ root.router.ospf:failed command (error 1) >>> " config" " redistribute" " bgp" @ root.router.ospf:failed command (error 1) >>> " config" " redistribute" " isis" @ root.router.ospf:failed command (error 1) >>> " config" " redistribute" " connected" @ root.router.ospf6:failed command (error 1) >>> " config" " redistribute" " static" @ root.router.ospf6:failed command (error 1) >>> " config" " redistribute" " rip" @ root.router.ospf6:failed command (error 1) >>> " config" " redistribute" " bgp" @ root.router.ospf6:failed command (error 1) >>> " config" " redistribute" " isis" @ root.router.ospf6:failed command (error 1) >>> " config" " redistribute" " connected" @ root.router.bgp:failed command (error 1) >>> " config" " redistribute" " rip" @ root.router.bgp:failed command (error 1) >>> " config" " redistribute" " ospf" @ root.router.bgp:failed command (error 1) >>> " config" " redistribute" " static" @ root.router.bgp:failed command (error 1) >>> " config" " redistribute" " isis" @ root.router.bgp:failed command (error 1) >>> " config" " redistribute6" " connected" @ root.router.bgp:failed command (error 1) >>> " config" " redistribute6" " rip" @ root.router.bgp:failed command (error 1) >>> " config" " redistribute6" " ospf" @ root.router.bgp:failed command (error 1) >>> " config" " redistribute6" " static" @ root.router.bgp:failed command (error 1) >>> " config" " redistribute6" " isis" @ root.router.bgp:failed command (error 1) >>> " config" " redistribute" " connected" @ root.router.isis:failed command (error 1) >>> " config" " redistribute" " rip" @ root.router.isis:failed command (error 1) >>> " config" " redistribute" " ospf" @ root.router.isis:failed command (error 1) >>> " config" " redistribute" " bgp" @ root.router.isis:failed command (error 1) >>> " config" " redistribute" " static" @ root.router.isis:failed command (error 1) FWF40CXXXXXXXXX # Checking new firmware integrity ... pass Firmware downgrade in progress ... Done. The system is going down NOW !! Please stand by while rebooting the system. Restarting system. ü FortiWifi-40C (11:21-11.28.2011) Ver:04000004 Serial number: FWF40CXXXXXXXXX CPU(00): 525MHz Total RAM: 512MB Initializing boot device... Initializing MAC... nplite#0 Press any key to display configuration menu... ...... Reading boot image... 1796255 bytes. Initializing firewall... System is started. The config file may contain errors, Please see details by the command ' diagnose debug config-error-log read' FWF40CXXXXXXXXX login:
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
May I direct you to the follow
http://docs.fortinet.com/fgt/handbook/50/fortigate-max-values-50.pdf
http://docs.fortinet.com/fgt/handbook/50/fortigate-vdoms-50.pdf
Go the enabling vdom and let us know how your executing the vdoms.
Also what does " get sys status" show you
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I myself have already spent the evening going through the documents in question. Have actually flashed the 5.1 patch 1 firmware twice.
Under 5.x, the Virtual Domain VDOMs allowed section is completely missing from the License Information.
Executing...
config system global set vdom-admin enable endJust returns an error message at " set vdom-admin enable" ... While in " config system global" , I issued a " set ?" doesn' t show any vdom commands.
FWF40CXXXXXXXXXX # get sys status Version: FortiWiFi-40C v5.0,build0147,121221 (GA Patch 1) Virus-DB: 16.00560(2012-10-19 08:31) Extended DB: 1.00000(2012-10-17 15:46) IPS-DB: 3.00249(2012-10-11 02:47) IPS-ETDB: 0.00000(2001-01-01 00:00) Serial-Number: FWF40CXXXXXXXXXX Botnet DB: 1.00000(2012-05-28 22:51) BIOS version: 04000004 System Part-Number: P08928-05 Log hard disk: Available Internal Switch mode: switch Hostname: FWF40CXXXXXXXXX Operation Mode: NAT FIPS-CC mode: disable Current HA mode: standalone Branch point: 147 Release Version Information: GA Patch 1 System time: Tue Jan 8 22:02:37 2013 FWF40CXXXXXXXXXX #
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No problems enabling VDOMS under MR3 Patch 10....
FWF40CXXXXXXXXXX # get sys status Version: FortiWiFi-40C v4.0,build0639,120906 (MR3 Patch 10) Virus-DB: 14.00000(2011-08-24 17:17) Extended DB: 14.00000(2011-08-24 17:09) IPS-DB: 3.00150(2012-02-15 23:15) FortiClient application signature package: 1.131(2013-01-08 22:15) Serial-Number: FWF40CXXXXXXXXXX BIOS version: 04000004 System Part-Number: P08928-05 Log hard disk: Available Internal Switch mode: switch Hostname: FWF40CXXXXXXXXXX Operation Mode: NAT Current virtual domain: root Max number of virtual domains: 10 Virtual domains status: 1 in NAT mode, 0 in TP mode Virtual domain configuration: enable FIPS-CC mode: disable Current HA mode: standalone Distribution: International Branch point: 639 Release Version Information: MR3 Patch 10 System time: Tue Jan 8 22:19:36 2013 FWF40CXXXXXXXXXX #
FWF40CXXXXXXXXXX # get sys status Version: FortiWiFi-40C v5.0,build0147,121221 (GA Patch 1) Virus-DB: 16.00560(2012-10-19 08:31) Extended DB: 1.00000(2012-10-17 15:46) IPS-DB: 3.00249(2012-10-11 02:47) IPS-ETDB: 0.00000(2001-01-01 00:00) Serial-Number: FWF40CXXXXXXXXXX Botnet DB: 1.00000(2012-05-28 22:51) BIOS version: 04000004 System Part-Number: P08928-05 Log hard disk: Available Internal Switch mode: switch Hostname: FWF40CXXXXXXXXX Operation Mode: NAT FIPS-CC mode: disable Current HA mode: standalone Branch point: 147 Release Version Information: GA Patch 1 System time: Tue Jan 8 22:02:37 2013 FWF40CXXXXXXXXXX #
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VDOMs have been removed from the 40C in FortiOS 5.0 
The first model to support them is the 60C
The first model to support them is the 60C
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Dave, Selective, emnoc.
I think Dave' s tests clearly indicated that VDOMs indeed have been removed for the 40C in Version 5.
That poses two questions:
- What was the reason behind the removal of the VDOM functionality for that particular combination?
- Why wasn' t the documentation updated to reflect this?
Is anyone from Fortinet available to answer this?
Kind regards,
Jaap
Kind regards, Jaap
Related Posts
- Vdom setup with ISP LAN pool 505 Views
- Fortigate initiating local traffic for blocked... 339 Views
- Fortigate can't enable Multi-VDOM 231 Views
- Understanding the application control 409 Views
- Using FortiSwitch Interfaces in multiple VDOMs 367 Views
Labels
-
FortiGate
6,768 -
FortiClient
1,345 -
5.2
801 -
5.4
639 -
FortiManager
581 -
FortiAnalyzer
425 -
6.0
416 -
5.6
362 -
FortiSwitch
347 -
FortiAP
346 -
FortiClient EMS
274 -
FortiMail
263 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
162 -
6.4
128 -
FortiNAC
113 -
FortiGuard
108 -
FortiSIEM
91 -
FortiGateCloud
88 -
IPsec
87 -
FortiCloud Products
85 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
69 -
4.0MR3
64 -
Wireless Controller
62 -
FortiProxy
47 -
FortiADC
44 -
FortiEDR
41 -
Fortivoice
41 -
FortiGate v5.4
34 -
FortiDNS
34 -
SD-WAN
34 -
FortiExtender
33 -
FortiSandbox
33 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
High Availability
24 -
FortiConnect
24 -
FortiAuthenticator
23 -
VLAN
23 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
Certificate
16 -
SAML
15 -
FortiMonitor
14 -
BGP
14 -
DNS
14 -
Interface
14 -
Logging
14 -
FortiGate v5.0
13 -
LDAP
13 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
11 -
RADIUS
10 -
Authentication
10 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
SSL SSH inspection
9 -
Traffic shaping
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSID
8 -
SSO
8 -
Application control
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
Fortigate Cloud
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
SNMP
6 -
Web application firewall profile
6 -
Web profile
6 -
Proxy policy
5 -
Traffic shaping policy
5 -
FortiAP profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Packet capture
4 -
Antivirus profile
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
FortiToken Cloud
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
trunk
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Users
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.