Appendix A: Virtual domains : Creating VDOMs
Creating VDOMs
Some settings can only be configured by the admin account — they are global. Global settings apply to the appliance overall regardless of VDOM, such as:
network interfaces
system time
administrator accounts
access profiles
FortiGuard connectivity settings
HA and configuration sync
X.509 certificates
TCP SYN flood anti-DoS setting
exec ping and other global operations that exist only in the CLI
Only the admin account can configure global settings.
Other settings can be configured separately for each VDOM. They essentially define each VDOM. For example, the policies of VDOM-A are separate from VDOM-B.
Initially, only the root VDOM exists, and it contains settings such as policies that were global before VDOMs were enabled. Typically, you will create additional VDOMs, and few if any administrators will be assigned to the root VDOM. After VDOMs are created, the admin account usually assigns other administrator accounts to configure their VDOM-specific settings. However, as the root account, the admin administrator does have permission to configure all settings, including those within VDOMs.
To create a VDOM
1. Log in with the admin account.
Other administrators do not have permissions to configure VDOMs.
2. Enter the following commands:
config vdom
edit <VDOM_name>
where <VDOM_name> is the name of your new VDOM. (Alternatively, to configure the default root VDOM, type root.
The new VDOM exists, but its settings are not yet configured.