Per-VDOM settings - CLI
The following table lists commands in the web-based manager that are considered VDOM-specific settings when VDOMs are enabled.
From the super_admin account, you can use the commands below to add and configure virtual domains. The number of virtual domains you can add is dependent on the FortiGate model. Virtual domain configuration (vdom-admin) must be enabled.
Once you add a virtual domain you can configure it by adding zones, firewall policies, routing settings, and VPN settings. You can also move physical interfaces from the root virtual domain to other virtual domains and move VLAN subinterfaces from one virtual domain to another.
By default all physical interfaces are in the root virtual domain. You cannot remove an interface from a virtual domain if the interface is part of any of the following configurations:
• routing
• proxy arp
• DHCP server
• zone
• firewall policy
• redundant pair
• link aggregate (802.3ad) group
Delete these objects, or modify them, to be able to remove the interface.
This command syntax shows how you access the commands within a VDOM. Refer to the relevant sections in this Reference for information on these commands.
config vdom
edit <vdom_name>
config antivirus profile
config antivirus quarantine
config antivirus settings
config application custom
config application list
config application rule-settings <id>
config dlp filepattern
config dlp fp-doc-source
config dlp fp-sensitivity
config dlp sensor
config endpoint-control profile
config endpoint-control settings
config extender-controller extender
config firewall DoS-policy
config firewall DoS-policy6
config firewall address
config firewall address6
config firewall addrgrp
config firewall addrgrp6
config firewall auth-portal
config firewall central-nat
config firewall dnstranslation
config firewall explicit-proxy-policy
config firewall identity-based-route
config firewall interface-policy
config firewall interface-policy6
config firewall ip-translation
config firewall ipmacbinding setting
config firewall ipmacbinding table
config firewall ippool
config firewall ippool6
config firewall ldb-monitor
config firewall local-in-policy
config firewall local-in-policy6
config firewall multicast-address
config firewall multicast-policy
config firewall policy
config firewall policy46
config firewall policy6
config firewall policy64
config firewall profile-group
config firewall profile-protocol-options
config firewall schedule group
config firewall schedule onetime
config firewall schedule recurring
config firewall service category
config firewall service custom
config firewall service group
config firewall shaper per-ip-shaper
config firewall shaper traffic-shaper
config firewall sniffer
config firewall ssl-ssh-profile
config firewall ttl-policy
config firewall vip
config firewall vip46
config firewall vip6
config firewall vip64
config firewall vipgrp
config firewall vipgrp46
config firewall vipgrp6
config firewall vipgrp64
config ftp-proxy explicit
config icap profile
config icap server
config ips custom
config ips rule-settings <id>
config ips sensor
config ips settings
config log custom-field
config log eventfilter
config log fortianalyzer override-setting
config log fortiguard override-setting
config log gui-display
config log memory filter
config log memory setting
config log setting
config log syslogd override-setting
config log threat-weight
config netscan assets
config netscan settings
config router access-list
config router access-list6
config router aspath-list
config router auth-path
config router bfd
config router bgp
config router community-list
config router isis
config router key-chain
config router multicast
config router multicast-flow
config router multicast6
config router ospf
config router ospf6
config router policy
config router policy6
config router prefix-list
config router prefix-list6
config router rip
config router ripng
config router route-map
config router setting
config router static
config router static6
config spamfilter bwl
config spamfilter bword
config spamfilter dnsbl
config spamfilter iptrust
config spamfilter mheader
config spamfilter profile
config system 3g-modem
config system admin
config system arp-table
config system dhcp server
config system dhcp6 server
config system dns-database
config system dns-server
config system gre-tunnel
config system interface
config system ipip-tunnel
config system ipv6-neighbor-cache
config system ipv6-tunnel
config system link-monitor
config system monitors
config system nat64
config system network-visibility
config system object-tag
config system proxy-arp
config system replacemsg-group
config system session-ttl
config system settings
config system sit-tunnel
config system switch-interface
config system vdom-dns
config system vdom-netflow
config system vdom-sflow
config system virtual-wan-link
config system wccp
config system zone
config user adgrp
config user device
config user device-access-list
config user device-group
config user fortitoken
config user fsso
config user fsso-polling
config user group
config user ldap
config user local
config user password-policy
config user peer
config user peergrp
config user pop3
config user radius
config user security-exempt-list
config user setting
config user tacacs+
config voip profile
config vpn certificate ocsp-server
config vpn certificate setting
config vpn ipsec concentrator
config vpn ipsec forticlient
config vpn ipsec manualkey
config vpn ipsec manualkey-interface
config vpn ipsec phase1
config vpn ipsec phase1-interface
config vpn ipsec phase2
config vpn ipsec phase2-interface
config vpn l2tp
config vpn pptp
config vpn ssl settings
config vpn ssl web host-check-software
config vpn ssl web portal
config vpn ssl web realm
config vpn ssl web user-bookmark
config vpn ssl web virtual-desktop-app-list
config wanopt auth-group
config wanopt peer
config wanopt profile
config wanopt settings
config wanopt ssl-server
config wanopt webcache
config web-proxy debug-url
config web-proxy explicit
config web-proxy forward-server
config web-proxy forward-server-group
config web-proxy global
config web-proxy profile
config web-proxy url-match
config webfilter content
config webfilter content-header
config webfilter ftgd-local-cat
config webfilter ftgd-local-rating
config webfilter ips-urlfilter-setting
config webfilter override
config webfilter profile
config webfilter search-engine
config webfilter urlfilter
config wireless-controller ap-status
config wireless-controller setting
config wireless-controller vap
config wireless-controller wids-profile
config wireless-controller wtp
config wireless-controller wtp-profile
execute backup config flash
execute backup config ftp <string>
execute backup config management-station
execute backup config tftp <string>
execute backup config usb <string>
execute backup full-config ftp <string>
execute backup full-config tftp <string>
execute backup full-config usb <string>
execute backup ipsuserdefsig ftp <string>
execute backup ipsuserdefsig tftp <string>
execute backup memory alllogs ftp <ftp server>[:ftp port]
execute backup memory alllogs tftp <ip>
execute backup memory log ftp <ftp server>[:ftp port]
execute backup memory log tftp <ip>
execute clear system arp table
execute cli check-template-status
execute cli status-msg-only <enable/disable>
execute dhcp lease-clear <xxx.xxx.xxx.xxx>
execute dhcp lease-clear all
execute dhcp lease-list <interface>
execute dhcp6 lease-clear <xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx>
execute dhcp6 lease-clear all
execute dhcp6 lease-list <interface>
execute enter <vdom>
execute extender dial <SN>
execute extender hangup <SN>
execute extender reset-fortiextender <all>|<SN>
execute fortitoken activate <id>
execute fortitoken import <file name>
execute fortitoken import-sn-file <FTK_200 Serial Number>
execute fortitoken sync <id>
execute fortitoken-mobile import <code>
execute fortitoken-mobile poll
execute fortitoken-mobile provision <SN>
execute fortitoken-mobile renew <SN>
execute fsso refresh
execute interface dhcp6client-renew <interface>
execute interface dhcpclient-renew <interface>
execute interface pppoe-reconnect <interface>
execute log delete
execute log delete-all
execute log detail <category>
execute log display
execute log filter category <category>
execute log filter device <device>
execute log filter dump
execute log filter field <name>
execute log filter ha-member <SN>
execute log filter max-checklines <number>
execute log filter reset <enter|all|field>
execute log filter start-line <number>
execute log filter view-lines <number>
execute log fortianalyzer test-connectivity arg
execute modem
execute mrouter clear dense-routes <xxx.xxx.xxx.xxx>
execute mrouter clear igmp-group <xxx.xxx.xxx.xxx>
execute mrouter clear igmp-interface <string>
execute mrouter clear multicast-routes <xxx.xxx.xxx.xxx>
execute mrouter clear sparse-mode-bsr
execute mrouter clear sparse-routes <xxx.xxx.xxx.xxx>
execute mrouter clear statistics <xxx.xxx.xxx.xxx>
execute netscan pause
execute netscan resume
execute netscan start scan <asset IDs>
execute netscan status
execute netscan stop
execute ping <ip>
execute ping-options data-size <integer>
execute ping-options df-bit <string> <yes|no>
execute ping-options interval <integer>
execute ping-options pattern <string>
execute ping-options repeat-count <string>
execute ping-options source <string>
execute ping-options timeout <integer>
execute ping-options tos <string>
execute ping-options ttl <integer>
execute ping-options validate-reply <string> <yes|no>
execute ping-options view-settings
execute ping6 arg
execute ping6-options data-size <integer>
execute ping6-options interval <integer>
execute ping6-options pattern <string>
execute ping6-options repeat-count <string>
execute ping6-options source <string>
execute ping6-options timeout <integer>
execute ping6-options tos <string>
execute ping6-options ttl <integer>
execute ping6-options validate-reply <string> <yes|no>
execute ping6-options view-settings
execute policy-packet-capture delete-all
execute restore av ftp <string>
execute restore av tftp <string>
execute restore config dhcp <port>
execute restore config flash <revision>
execute restore config ftp <string>
execute restore config management-station normal <revision>
execute restore config tftp <string>
execute restore config usb <string>
execute restore ips ftp <string>
execute restore ips tftp <string>
execute restore ipsuserdefsig ftp <string>
execute restore ipsuserdefsig tftp <string>
execute restore src-vis ftp <string>
execute restore src-vis tftp <string>
execute restore vcm ftp <string>
execute restore vcm tftp <string>
execute revision delete config <revision>
execute revision list config
execute router clear bfd session <xxx.xxx.xxx.xxx>
execute router clear bgp all
execute router clear bgp as
execute router clear bgp dampening <A.B.C.D><A.B.C.D/M>
execute router clear bgp dampening <X:X::X:X><X:X::X:X/M>
execute router clear bgp external
execute router clear bgp flap-statistics
execute router clear bgp ip <A.B.C.D>
execute router clear bgp ipv6 <X:X::X:X>
execute router clear ospf process
execute router clear ospf6 process
execute router restart
execute sfp-mode-sgmii <port>
execute ssh <user@host>
execute tac report
execute telnet <dest>
execute traceroute <dest>
execute tracert6
execute upload config ftp <string>
execute usb-device disconnect
execute usb-device list
execute usb-disk delete <filename>
execute usb-disk format
execute usb-disk list
execute usb-disk rename <old>
execute vpn ipsec tunnel down <phase2>
execute vpn ipsec tunnel up <phase2>
execute vpn sslvpn del-all <tunnel>
execute vpn sslvpn del-tunnel <index>
execute vpn sslvpn del-web <index>
execute vpn sslvpn list <web|tunnel>
execute wireless-controller reset-wtp <all>|<SN>
next
edit <another_vdom>
config ...
execute ...
end
end
See also