Enabling VDOM downsides | Fortinet Technical Discussion Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
- Member List
- Online User List
- User Groups

Videos, Docs Library, KB
Fuse
- Fuse Fortinet User Community

Mark Thread UnreadFlat Reading Mode ❐

Hot!Enabling VDOM downsides

Author Post Essentials Only Full Version
amorales Bronze Member Total Posts : 21 Scores: 0 Reward points: 0 Joined: 2020/02/02 02:27:43 Status: online 2021/04/08 09:09:07 (permalink) 0 Enabling VDOM downsides Hi, I am wandering if there is any downside due to enabling VDOMs in a FortiGate. As far I know, by default all VDOMs could make use of all firewall resources and there is no any limitation except if the admin configure them explicitly, but I just want to confirm if there is some limitations or constraints for enabling VDOMs compared to do not using them. I want to enable VDOMs to use the root VDOM just for management traffic, and create only one extra VDOM for production traffic. Thanks. #1 6 Replies Related Threads
emnoc Expert Member Total Posts : 6055 Scores: 404 Reward points: 0 Joined: 2008/03/20 13:30:33 Location: AUSTIN TX AREA Status: offline Re: Enabling VDOM downsides 2021/04/08 09:26:14 (permalink) 0 Downsides? You mention it in resources limits. And you need to carefully think out what interface/port you assign to a vdom since it can only be in one. Now in your request this is done a lot where management is done via one vdom and production in the other. You should also think heavily on how the 2 will talk to internet( do you use emac-vlan, or a dedicated wan-port, or vdom-links, etc...) And lastly SDWAN is that something you need now or might need later ? Ken Felix PCNSE NSE StrongSwan #2
amorales Bronze Member Total Posts : 21 Scores: 0 Reward points: 0 Joined: 2020/02/02 02:27:43 Status: online Re: Enabling VDOM downsides 2021/04/09 05:28:52 (permalink) 0 Thank you Ken. Yes, I am aware of VDOM configuration and I am keeping in mind how to talk to Internet from the root VDOM. On the other hand, if I have FortiManager, will the root VDOM also consume an extra license? Thanks. #3
emnoc Expert Member Total Posts : 6055 Scores: 404 Reward points: 0 Joined: 2008/03/20 13:30:33 Location: AUSTIN TX AREA Status: offline Re: Enabling VDOM downsides 2021/04/09 07:09:38 (permalink) 0 What do you mean extra license? All fortigates comes with up to 10vdom ( disregard the smaller units ) . Some are upgradeable to more vdom. Most none sml-to-medium enterprise models are fixed at 10vdoms. Until you. get into models 1000 or larger, vdoms are limited to 10, larger units have upgrade options. note: Fortimanager can managed a fgt with 1 ,2 , 3 or 10 vdom, nothing changes from it's perspective as a manager. FYI; Also Fortimanger has it "adom" limits also and device total managed # of devices but these are primary on the bigger managers.IIRC you can't update adom totals but total number of devices is a license option. Thank of adon as administration domains so you can partition a fmgr to allow admo-1 to managed only fgt#1,#2,#3, and adom2 can only managed fgts,#4,#5,#6 Ken Felix PCNSE NSE StrongSwan #4
lobstercreed Platinum Member Total Posts : 393 Scores: 45 Reward points: 0 Joined: 2018/11/28 14:57:58 Location: Sedalia, MO Status: offline Re: Enabling VDOM downsides 2021/04/12 08:47:41 (permalink) 0 Ken, I'm afraid you may be mistaken when you say nothing changes from the FMG perspective with multiple VDOMs. I have a single HA pair of FGTs that have 3 VDOMs and consume 3 licenses on FMG. That's also what our SE told me when he sized our FMG licensing. So yes, Arnaldo, your concern about licensing is valid. I'd be happy to be proven wrong. - Daniel #5
Yurisk Gold Member Total Posts : 217 Scores: 33 Reward points: 0 Joined: 2011/12/04 03:30:01 Status: offline Re: Enabling VDOM downsides 2021/04/12 09:13:59 (permalink) 0 @Ken - what the OP meant was licenses on the FMG side, and as Daniel mentioned already - yes, each additional VDOM on the managed by FMG FGT will use up additional license out of total paid for. @amorales May be split-vdom - when one VDOM is for management only will not eat up separate license ? Just thinking out loud. Yuri https://yurisk.info/ #6
emnoc Expert Member Total Posts : 6055 Scores: 404 Reward points: 0 Joined: 2008/03/20 13:30:33 Location: AUSTIN TX AREA Status: offline Re: Enabling VDOM downsides 2021/04/12 09:23:24 (permalink) 0 Okay yes that is correct each vdom is going to consume a license. So you have to determine how many fortigates , how mnay vdoms total and then go with that number and growth. keep in mind buying add-ons can get to pricey. E.g add a 10 add-on 10 times, would cost 2x more than buying a 100 add-on just one time I would speak to the sales team if are using or planning fmgr to see what discounts you can leverage but YMMV. Ken Felix PCNSE NSE StrongSwan #7

Jump to:

© 2021 APG vNext Commercial Version 5.5