Chapter 10 Install and System Administration for FortiOS 5.0 : VLANs : Troubleshooting VLAN issues : Layer-2 and Arp traffic : Multiple VDOMs solution
  
Multiple VDOMs solution
By default, physical interfaces are in the root domain. If you do not configure any of your VLANs in the root VDOM, it will not matter how many interfaces are in the root VDOM.
The multiple VDOMs solution is to configure multiple VDOMs on the FortiGate unit, one for each VLAN. In this solution, you configure one inbound and one outbound VLAN interface in each VDOM. ARP packets are not forwarded between VDOMs. This configuration limits the VLANs in a VDOM and correspondingly reduces the administration needed per VDOM.
As a result of this configuration, the switches do not receive multiple ARP packets with duplicate MACs. Instead, the switches receive ARP packets with different VLAN IDs and different MACs. Your switches are stable.
However, you should not use the multiple VDOMs solution under any of the following conditions:
you have more VLANs than licensed VDOMs
you do not have enough physical interfaces
Instead, use one of two possible solutions, depending on which operation mode you are using:
In NAT mode, you can use the vlan forward CLI command.
In transparent mode, you can use the forward-domain CLI command. But you still need to be careful in some rare configurations.
See Also
ARP traffic
Vlanforward solution
Troubleshooting VLAN issues