Fortinet VDOM-ADOM
Virtual Domains (VDOMs)
Overview:
Virtual Domains (VDOMs) enable a single FortiGate device to function as multiple independent security units. Each VDOM can maintain its own configuration, policies, routing, and VPN settings providing true multi-tenancy and enhanced administrative flexibility.
VDOM Modes
FortiGate supports two operating modes for VDOMs:
Split-Task VDOM Mode
One VDOM handles all management functions, while a second VDOM manages user traffic. This separation is ideal for clearer role delegation and secure administration.Multi-VDOM Mode
Create and manage multiple VDOMs, each functioning as a fully independent firewall instance. Perfect for MSPs, large enterprises, or segmented networks.
VDOM Capacity & Global Settings
Most FortiGate models support up to 10 VDOMs by default, with licensing options available to increase that number.
Global settings including firmware, interface configuration, DNS, certain logging options, and sandbox integration exist outside individual VDOMs and affect the entire appliance.
Global settings should only be modified by top-level administrators, as they impact all VDOM instances.
VDOMs offer scalable, secure segmentation allowing you to isolate departments, customers, or services without the need for multiple physical devices.
Split-task VDOM mode:
In split-task VDOM mode, the FortiGate has two VDOMs: the management VDOM (root) and the traffic VDOM (FG-traffic).
The Management VDOM is used to manage the FortiGate, and cannot be used to process traffic.
The Traffic VDOM provides separate security policies, and is used to process all network traffic.
| The Management VDOM | The Traffic VDOM | |
|---|---|---|
| The following GUI sections are available: |
|
|
* Please note: Split-task VDOM mode is not available on all FortiGate models. The Fortinet Security Fabric supports split-task VDOM mode.
Multi VDOM mode:
In multi VDOM mode, the FortiGate can have multiple VDOMs that function as independent units. One VDOM is used to manage global settings. The root VDOM cannot be deleted, and remains in the configuration even if it is not processing any traffic.
Multi VDOM mode isn’t available on all FortiGate models. The Fortinet Security Fabric does not support multi VDOM mode.
There are 3 types of Multi VDOM:
Independent VDOMs:
Multiple, completely separate VDOMs are created. Any VDOM can be the management VDOM, as long as it has Internet access. There are no inter-VDOM links, and each VDOM is independently managed.
Management VDOM:
A management VDOM is located between the other VDOMs and the Internet, and the other VDOMs connect to the management VDOM with inter-VDOM links. The management VDOM has complete control over Internet access, including the types of traffic that are allowed in both directions. This can improve security, as there is only one point of ingress and egress. There is no communication between the other VDOMs.
Meshed VDOMs:
VDOMs can communicate with inter-VDOM links. In full-mesh configurations, all the VDOMs are interconnected. In partial-mesh configurations, only some of the VDOMs are interconnected.
Switching VDOM modes:
Note: All performance values are “up to” and vary depending on system configuration. IPsec VPN performance is based on 512 byte UDP packets using AES-256+SHA1. 1. IPS performance is measured using 1 Mbyte HTTP and Enterprise Traffic Mix. 2. SSL Inspection is measured with IPS enabled and HTTP traffic, using TLS v1.2 with AES256-SHA. 3. Application Control performance is measured with 64 Kbytes HTTP traffic. 4. NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Mix. 5. Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix. 6. CAPWAP performance is based on 1444 byte UDP packets. * Maximum loading on each PoE/+ port is 30 W (802.3at).
| Fortinet Products | ||
| Upgrade license for adding VDOMs to FortiOS 5.4 and later | ||
Limited by platform maximum VDOM capacity |
||
| Upgrade license for adding 15 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity. |
#FG-VDOM-15-US
|
Get a Quote |
| Upgrade license for adding 240 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity. |
#FG-VDOM-240-UG
|
Get a Quote |
| Upgrade license for adding 25 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity. |
#FG-VDOM-25-UG
|
Get a Quote |
| Upgrade license for adding 5 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity. |
#FG-VDOM-5-UG
|
Get a Quote |
| Upgrade license for adding 50 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity. |
#FG-VDOM-50-UG
|
Get a Quote |
| VDOM Subscription License for FortiGate S Series Subscription license for adding 5 VDOMs to FortiGate-VM S series running OS 7.0.1 or higher | ||
| SKU is stackable for additional VDOMs. | ||
| VDOM Subscription License for FortiGate S Series 1 Year Subscription license for adding VDOMs to FortiGate-VM S series running FortiOS 6.4.9/7.0.2 or higher. This is a seat-based SKU where each seat is equal to 5 VDOMs and max number of seats is 100 (500 vdoms) |
#FC1-10-FGVMS-498-02-12
|
Get a Quote |
| VDOM Subscription License for FortiGate S Series 3 Year Subscription license for adding VDOMs to FortiGate-VM S series running FortiOS 6.4.9/7.0.2 or higher. This is a seat-based SKU where each seat is equal to 5 VDOMs and max number of seats is 100 (500 vdoms) |
#FC1-10-FGVMS-498-02-36
|
Get a Quote |
| VDOM Subscription License for FortiGate S Series 5 Year Subscription license for adding VDOMs to FortiGate-VM S series running FortiOS 6.4.9/7.0.2 or higher. This is a seat-based SKU where each seat is equal to 5 VDOMs and max number of seats is 100 (500 vdoms) |
#FC1-10-FGVMS-498-02-60
|
Get a Quote |
| ADOM Subscription License for FortiAnalyzer S-Series ADOM subscription license for adding 1 ADOM to FortiAnalyzer-VM S models running OS 6.4 or higher | ||
| FortiManager 1 Year ADOM Subscription License for adding 1 ADOM to FortiAnalyzer-VM S models running OS 6.4 or higher |
#FC-10-AZVMS-230-01-12
|
Get a Quote |
| FortiManager 2 Years ADOM Subscription License for adding 1 ADOM to FortiAnalyzer-VM S models running OS 6.4 or higher |
#FC-10-AZVMS-230-01-24
|
Get a Quote |
| FortiManager 3 Years ADOM Subscription License for adding 1 ADOM to FortiAnalyzer-VM S models running OS 6.4 or higher |
#FC-10-AZVMS-230-01-36
|
Get a Quote |
| FortiManager 4 Years ADOM Subscription License for adding 1 ADOM to FortiAnalyzer-VM S models running OS 6.4 or higher |
#FC-10-AZVMS-230-01-60
|
Get a Quote |
| ADOM Subscription License for FortiManager S Series ADOM Subscription license for adding 1 ADOM to FortiManager-VM S models running OS 6.4 or higher | |
| FortiManager 1 Year ADOM Subscription License for adding 1 ADOM to FortiManager-VM S models running OS 6.4 or higher | FC-10-FMGVS-230-01-12 Get a Quote |
| FortiManager 2 Years ADOM Subscription License for adding 1 ADOM to FortiManager-VM S models running OS 6.4 or higher | FC-10-FMGVS-230-01-24 Get a Quote |
| FortiManager 3 Year ADOM Subscription License for adding 1 ADOM to FortiManager-VM S models running OS 6.4 or higher | FC-10-FMGVS-230-01-36 Get a Quote |
| FortiManager 5 Year ADOM Subscription License for adding 1 ADOM to FortiManager-VM S models running OS 6.4 or higher | FC-10-FMGVS-230-01-60 Get a Quote |
| Upgrade license for adding 1 ADOM to FortiAnalyzer hardware G models 1000 Series and above. | |
| ADOM License for FortiAnalyzer Upgrade license for adding 1 ADOM to FortiAnalyzer hardware G models 3000 Series and above | FAZ-ADOM-1-UG Get a Quote |
| Upgrade license for adding 1 ADOM to FortiManager hardware G models 1000 Series and above. | |
| ADOM License for FortiManager Upgrade license for adding 1 ADOM to FortiManager hardware G models 3000 Series and above | FMG-ADOM-1-UG Get a Quote |
Talk to a Specialist Right Now: 224-625-8340