Assigning An Administrator To A Vdom - Fortinet FortiGate Series Administration Manual

Using virtual domains

Assigning an administrator to a VDOM

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Note: You can reassign or remove an interface or subinterface once the Delete icon is
displayed. Absence of the icon means that the interface is being used in a configuration
somewhere.
Tip: You can disable a VDOM instead of deleting it. Your configuration will be preserved,
saving time you would otherwise need to remove and reconfigure it.
To assign an interface to a VDOM
1 Log in as admin.
2 Go to System > Network > Interface.
3 Select Edit for the interface that you want to reassign.
4 Select the new virtual domain for the interface.
5 Configure other settings as required and select OK. For more information, see
"Interface settings" on page
The interface is assigned to the VDOM. Existing firewall IP pools and virtual IP
addresses for this interface are deleted. You should manually delete any routes that
include this interface, and create new routes for this interface in the new VDOM.
Otherwise your network traffic will not be properly routed. For more information on
creating static routes, see
If you are creating a VDOM to serve an organization that will be administering its own
resources, you need to create an administrator account for that VDOM.
A VDOM admin can change configuration settings within that VDOM but cannot make
changes that affect other VDOMs on the FortiGate unit.
A regular administrator assigned to a VDOM can log in to the web-based manager or the
CLI only on interfaces that belong to that VDOM. The super administrator can connect to
the web-based manager or CLI through any interface on the FortiGate unit that permits
management access. Only the super administrator or a regular administrator of the root
domain can log in by connecting to the console interface.
Note: If an admin account is assigned to a VDOM, that VDOM cannot be deleted until that
account is assigned to another VDOM or removed.
To assign an administrator to a VDOM
1 Log in as the super_admin.
2 Ensure that virtual domains are enabled. For more information, see
on page 164.
3 Go to System > Admin >Administrators.
4 Create a new administrator account or select the Edit icon of an existing administrator
account.
5 Go to the Virtual Domain list.
6 Select the VDOM that this administrator manages.
Administrators are assigned to a specific VDOM when the account is created unless
they are super_admin administrators. For more information, see
administrator account" on page
181.
"Router Static" on page 335.
270.
Configuring VDOMs and global settings
"Enabling VDOMs"
"Configuring an
171