Defining ADOMs
Some settings can only be configured by the admin account — they are global. Global settings apply to the appliance overall regardless of ADOM, such as:
• operation mode
• network interfaces
• system time
• backups
• administrator accounts
• access profiles
• FortiGuard connectivity settings
• HA and configuration sync
• SNMP
• RAID
• TCP SYN flood anti-DoS setting
• vulnerability scans
• exec ping and other global operations that exist only in the CLI
Only the admin account can configure global settings.
Other settings can be configured separately for each ADOM. They essentially define each ADOM. For example, the policies of adom-A are separate from adom-B.
Initially, only the root ADOM exists, and it contains settings such as policies that were global before ADOMs were enabled. Typically, you will create additional ADOMs, and few if any administrators will be assigned to the root ADOM. After ADOMs are created, the admin account usually assigns other administrator accounts to configure their ADOM-specific settings. However, as the root account, the admin administrator does have permission to configure all settings, including those within ADOMs.
To create an ADOM
1. Log in with the admin account.
Other administrators do not have permissions to configure ADOMs.
2. Go to Global > System > Administrative Domain > Administrative Domain.
3. Click Create New, enter the Name, then click OK.
The new ADOM exists, but its settings are not yet configured. . (Alternatively, to configure the default root ADOM, click root.)
4. Either:
• configure the ADOM yourself: in the navigation menu on the left, click Administrative Domains, click the name of the new ADOM, then configure its policies and other settings as usual.
See also