Changing the management virtual domain
The management virtual domain is the virtual domain where all the management traffic for the FortiGate unit originates. This management traffic needs access to remote servers, such as FortiGuard services and NTP, to perform its duties. It needs access to the Internet to send and receive this traffic.
Management traffic includes, but is not limited to:
• DNS lookups
• logging to FortiAnalyzer or syslog
• FortiGuard service
• sending alert emails
• Network time protocol traffic (NTP)
• Sending SNMP traps
• Quarantining suspicious files and email.
By default the management VDOM is the root domain. When other VDOMs are configured on your FortiGate unit, management traffic can be moved to one of these other VDOMs.
Reasons to move the management VDOM include selecting a non-root VDOM to be your administration VDOM, or the root VDOM not having an interface with a connection to the Internet.
| You cannot change the management VDOM if any administrators are using RADIUS authentication. |
The following procedure will change the management VDOM from the default root to a VDOM named mgmt_vdom. It is assumed that mgmt_vdom has already been created and has an interface that can access the Internet.
To change the management VDOM - web-based manager
1. Select Global > VDOM > VDOM.
2. Select the checkbox next to the required VDOM.
3. Select Switch Management.
The current management VDOM is shown in square brackets, “[root]” for example.
To change the management VDOM - CLI
config global
config system global
set management-vdom mgmt_vdom
end
Management traffic will now originate from mgmt_vdom..