FortiOS VDOM (Virtual Domain) is a feature of Fortinet's FortiGate firewall that allows the creation of multiple virtual instances of a single physical FortiGate device. Each VDOM can have its own security policies, NAT rules, and configurations, allowing for tailored security measures for different users. Administrators can allocate specific resources (CPU, memory, and bandwidth) to each VDOM to ensure proper usage and performance isolation.
VDOM mode allows the creation of multiple virtual instances within a single FortiGate unit. A normal FortiGate unit operates as a single entity with one management context and one set of security policies, routing configurations, and firewall rules. Each VDOM acts as an independent virtual firewall with its own configurations, policies, and resources.
When the VDOMs are configured with different modes (split/Multiple), the scan report includes the configuration information and the associated VDOM profile name.
The following is an example to show if the host is configured as split or multi-VDOM.
An account profile (Accprofile) with a super_admin user role has the privilege to access the global settings and the settings for all VDOMs. The user must have super_admin access to perform the PC scans.
Accprofiles can be created using the following commands:
For example
After authentication, shell setup is performed by executing the config global command.
Now, you can access:
If the setting is VDOM specific, you can view all the settings present across all VDOMs. For example,
<K>fortios.config_user.auth-lockout-threshold</K>
<V>config vdom root|:|config user setting|:|set auth-lockout-threshold 3</V>
<V>config vdom FG_TRAFFIC|:|config user setting|:|set auth-lockout-threshold 3</V>
If the setting is global, you can fetch it from the global config. For example,
<K>fortios.minimum-length</K>
<V>config system password-policy|:|set minimum-length 8</V>
Perform the following steps for the Fortinet VDOM instance scan.
A new user can be created using CLI or FortiGate User Interface
Perform the following steps to create an authentication record to scan the hosts configured with different VDOM modes.