What are 

Fortigate VDOMs(Virtual Domains)?

Well Fortigate VDOMs are like ASAs contexts, you are able to separate the firewall so it
looks like you have 2, with different management and user groups. With ASA you lose
some features when you enabled contexts, but in the Fortinets’ Firewall you do not lose
any features.(Isn’t that just great?!)

VDOMs features:

1. Have separate routing and firewall services

2. Each physical interface belongs to only one Virtual Domains

3. By Default for the VDOMs to communicate you need an external source(Internet) to

allow the communications

4. By Default 10 VDOMs are supported (in NAT or Transparent Modes)

5. The Configuration file of the Fortigate, holds all VDOM configuration. EX: AntiVirus,
IPS and System Time

I. VDOM Configuration Features:

There are 2 features that you can configure for the VDOMs and those are applied
globally:
1. Guaranteed – defined the minimum level of resources that will be available to the
VDOM

2. Maximum – overrides the global limit to reduce the amount of each resource available
for this VDOM. This must be the same or lower than the global limit!

II. Management VDOM/ROOT

All management traffic goes through this VDOM. Examples:

1. DNS lookup

2. Logging

3. Fortiguard services

4. Alerts/Traps

5. NTP

6. Quarantine of suspicious files

III. VDOM Types

There are 3 types of VDOMs:

1. Independent VDOM 
This uses multiple VDOMs that are completely separated from each others.

2. Management VDOM

The ROOT VDOM is the managemental VDOM and the other VDOMs are connected to
the management VDOM with the VDOM links. With this implementation you do not need
a user for each VDOM, you manage them from the Management VDOM.

3. Meshed VDOM

This feature uses interconnectivity between VDOMs. This setup can get complex very
quickly. The security needs to be increased.
IV. SSL with VDOMs

SSL.VDOM are automaticly configured for each VDOM.