Defining ADOMs
Some settings can only be configured by the admin account — they are global. Global settings apply to the appliance overall regardless of ADOM, such as:
• operation mode
• network interfaces
• system time
• backups
• administrator accounts
• access profiles
• FortiGuard connectivity settings
• HA and configuration sync
• SNMP
• RAID
• X.509 certificates
• TCP SYN flood anti-DoS setting
• vulnerability scans
• exec ping and other global operations that exist only in the CLI
Only the admin account can configure global settings.
Other settings can be configured separately for each ADOM. They essentially define each ADOM. For example, the policies of adom-A are separate from adom-B.
Initially, only the root ADOM exists, and it contains settings such as policies that were global before ADOMs were enabled. Typically, you will create additional ADOMs, and few if any administrators will be assigned to the root ADOM. After ADOMs are created, the admin account usually assigns other administrator accounts to configure their ADOM-specific settings. However, as the root account, the admin administrator does have permission to configure all settings, including those within ADOMs.
To create an ADOM
1. Log in with the admin account.
Other administrators do not have permissions to configure ADOMs.
2. Enter the following commands:
config vdom
edit <adom_name>
where <adom_name> is the name of your new ADOM. (Alternatively, to configure the default root ADOM, type root.)
The new ADOM exists, but its settings are not yet configured.
3. Either:
• configure the ADOM yourself by entering commands such as:
config log...
config server-policy...
config system...
config waf...
See also