What is vdom in fortigate
Last updated: April 1, 2026
Key Facts
- VDOMs allow a single FortiGate device to function as multiple firewalls with independent configurations and security policies
- Each VDOM operates with its own routing table, firewall rules, authentication policies, and management interfaces
- VDOMs enable multiple organizations or departments to share a single physical FortiGate device while maintaining complete isolation
- Administrators can be assigned specific VDOMs for role-based access control, preventing unauthorized configuration changes
- VDOMs support both transparent and routed operational modes, allowing flexibility in network architecture implementations
Overview of VDOMs
Virtual Domains in FortiGate firewalls provide a powerful feature for organizations that need to segment security policies and administration across different business units, customers, or network segments. By partitioning a single physical FortiGate appliance into multiple virtual firewalls, organizations achieve operational flexibility and cost efficiency.
Isolation and Independence
Each VDOM operates completely independently from other VDOMs on the same physical device. This means that traffic from one VDOM cannot access another VDOM unless explicitly routed through the root VDOM. Each VDOM maintains its own firewall rules, intrusion detection settings, web filtering policies, and security features. Administrators assigned to a specific VDOM cannot view or modify configurations in other VDOMs.
Administrative Benefits
- Delegate VDOM administration to specific teams or customers
- Maintain separate security policies for different departments or business units
- Reduce hardware costs by consolidating multiple physical firewalls
- Simplify management through centralized monitoring of multiple logical firewalls
- Implement granular role-based access control for security administrators
VDOM Operating Modes
Routed mode VDOMs function as independent routers with their own routing tables and gateway interfaces. Transparent mode VDOMs operate as network bridges without modifying IP addresses. Organizations choose the appropriate mode based on their network topology and security requirements. Some FortiGate appliances also support a mixed-mode configuration combining both modes.
Use Cases and Applications
Internet Service Providers use VDOMs to provide managed firewall services to multiple customers on a single appliance. Large enterprises leverage VDOMs to implement security segmentation across business units while maintaining centralized oversight. Managed Service Providers utilize VDOMs for customer isolation and delegated administration. Government and financial institutions use VDOMs to satisfy compliance requirements while optimizing infrastructure costs.
Related Questions
What is the difference between a VDOM and a physical FortiGate?
A VDOM is a virtual partition within a single FortiGate device, while a physical FortiGate is a separate hardware appliance. VDOMs provide cost savings and simplified management, but physical firewalls offer complete hardware separation and higher throughput capacity.
Can traffic be routed between different VDOMs?
Yes, traffic can be routed between VDOMs through the root VDOM or directly between specific VDOMs if configured with explicit routes and firewall policies. By default, VDOMs are isolated; inter-VDOM communication requires deliberate configuration.
How many VDOMs can a FortiGate device support?
The number of VDOMs supported depends on the specific FortiGate model and license. High-end models can support hundreds of VDOMs, while entry-level models may support only a few. FortiGate licensing specifies the maximum VDOM count for each device.
More What Is in Daily Life
Also in Daily Life
More "What Is" Questions
Trending on WhatAnswers
Browse by Topic
Browse by Question Type
Sources
- Wikipedia - FortinetCC-BY-SA-4.0
- Fortinet Documentation PortalCopyright Fortinet