Friday, August 1, 2014

Understanding the Fortigate Management VDOM

The fortigate management vdom is critical. Without it and internet access, you will prevent simple operations such as;

  • AV/IPS updates
  • DNS queries
  • NTP time-sync
  • Webfilter rating look-ups
  • forticloud logging
  • the sending of SNMP or  Emails Alerts



All of the above originates by whatever vdom you  list as the management. If not clear, all of the above functions need internet access.

By the default, the management vdom is the "root" vdom. But if you have multiple vdoms enabled fortigate,   you can change this via the following command;

config global
config system global
      set management-vdom <the_vdom_name_here>
end

 Also make sure you are aware of the  management vdom, and what one ( vdom ) is in used. Its a waste of time diagnostic management functions from the wrong vdom.




Ken Felix
Security and Network  Engineer
kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^
=(   -   - )=
         o
      /     \
Posted by at

2 comments:

  1. AltomanMarch 13, 2018 at 5:47 AM

    hello,
    a comment 4 years later ;)

    regarding internet access from mgmt VDOM, does it mean we should have direct internet access from root VDOM or Internet access could be from another VDOM and use inter-vdom links?

    ReplyDelete
  2. socpuppetsMarch 14, 2018 at 4:05 AM

    Yes , for management access it needs internet directly or thru a 2nd vdom. Without this access updates, forticloud, fortirating, etc.... will not work.

    ReplyDelete

Subscribe to: Post Comments (Atom)