Per-VDOM settings - CLI
The following table lists commands in the web-based manager that are considered VDOM-specific settings when VDOMs are enabled.
From the super_admin account, you can use the commands below to add and configure virtual domains. The number of virtual domains you can add is dependent on the FortiGate model. Virtual domain configuration (vdom-admin) must be enabled.
Once you add a virtual domain you can configure it by adding zones, firewall policies, routing settings, and VPN settings. You can also move physical interfaces from the root virtual domain to other virtual domains and move VLAN subinterfaces from one virtual domain to another.
By default all physical interfaces are in the root virtual domain. You cannot remove an interface from a virtual domain if the interface is part of any of the following configurations:
• routing
• proxy arp
• DHCP server
• zone
• firewall policy
• redundant pair
• link aggregate (802.3ad) group
Delete these objects, or modify them, to be able to remove the interface.
This command syntax shows how you access the commands within a VDOM. Refer to the relevant sections in this Reference for information on these commands.
config vdom
edit <vdom_name>
config antivirus profile
config antivirus quarantine
config antivirus settings
config application list
config application rule-settings
config dlp ... (except settings)
config endpoint-control app-detect
config endpoint-control profile
config endpoint-control settings
config firewall ... (except ssl)
config ftp-proxy
config icap
config imp2p
config ips DoS
config ips custom
config ips rule-settings
config ips sensor
config ips settings
config log custom-field
config log disk
config log eventfilter
config log fortianalyzer
config log gui
config log memory
config log syslogd
config log trafficfilter
config log visibility
config netscan
config router
config spamfilter ... (except fortishield and options)
config system 3g-modem
config system admin
config system arp-table
config system carrier-endpoint-translation
config system dhcp ...
config system dhcp6 ...
config system dns-database
config system dns-server
config system gre-tunnel
config system interface
config system ipv6-tunnel
config system modem
config system monitors
config system object-tag
config system proxy-arp
config system replacemsg-group
config system session-ttl
config system settings
config system sit-tunnel
config system switch-interface
config system wccp
config system zone
config user ...
config voip
config vpn ...
config wanopt
config web-proxy
config webfilter (except fortiguard)
config wireless-controller (except global and timers)
execute backup
execute clear system arp table
execute cli check-template-status
execute cli status-msg-only
execute dhcp lease-clear
execute dhcp lease-list
execute dhcp6 lease-clear
execute dhcp6 lease-list
execute enter
execute fortitoken ...
execute fsso refresh
execute interface dhcpclient-renew
execute interface pppoe-reconnect
execute log ...
execute log-report ...
execute modem dial
execute modem hangup
execute modem trigger
execute mrouter clear
execute netscan ...
execute ping, ping6
execute ping-options, ping6-options
execute restore
execute revision
execute router clear bgp
execute router clear ospf process
execute router restart
execute sfp-mode-sgmii
execute ssh
execute tac
execute telnet
execute traceroute
execute tracert6
execute upload
execute usb-disk
execute vpn ipsec tunnel
execute vpn sslvpn ...
execute wireless-controller reset-wtp
next
edit <another_vdom>
config ...
execute ...
end
end
See also