Managing ADOMs
When the ADOMs feature is enabled and you log in as the admin user, all the available ADOMs will be listed in the tree menus on the different available tabs. In the Policy & Objects tab, a menu bar is available that allows to select either Global, or a specific ADOM from the drop-down list. Selecting Global or a specific ADOM will then display the policy packages and objects appropriate for your selection.
To configure and manage ADOMs, go to the Device Manager tab, or to System Settings > All ADOMs. See All ADOMs for more information.
Extend workspace to entire ADOM
When concurrent ADOM access is disabled, administrators are able to lock the ADOM. A right-click menu option has been added to allow you to lock/unlock ADOM access; see Locking an ADOM. The ADOM lock status is displayed by a lock icon to the left side of the ADOM name. FortiManager 5.0.6 adds the ability to lock and edit the policy package independent from the ADOM lock.
The lock status is as follows:
- Grey lock icon: The ADOM/Policy Package is currently unlocked, and is read/write. l Green lock icon: The ADOM/Policy Package is locked by you when logged in as an administrator.
- Red lock icon: The ADOM/Policy Package is locked by another administrator.
An additional CLI command has been added to enable or disable ADOM/Policy Package lock override:
config system global set lock-preempt [enable | disable]
end
When the ADOM/Policy Package lock override is enabled, if two administrators are concurrently accessing an ADOM/Policy Package and one attempts to lock the ADOM/Policy Package, the other administrator can kick the administrator off the ADOM/Policy Package, preventing the ADOM/Policy Package from being locked.
Workspace is disabled by default, and is enabled in the CLI console. When workspace is enabled, the Device Manager and Policy & Objects tabs are read-only. You must lock the ADOM to enable read/write permission to make changes to the ADOM.
Concurrent ADOM access
System administrators can enable or disable concurrent access to the same ADOM if multiple administrators are responsible for managing a single ADOM. When enabled, multiple administrators can log in to the same ADOM concurrently. When disabled, only a single administrator has read/write access to the ADOM, while all other administrators have read-only permission. Concurrent ADOM access can be enabled or disabled using the CLI.
Concurrent ADOM access is enabled by default. To prevent concurrent administrators from making changes to the FortiManager database at the same time, and thereby causing conflicts, you must enable the workspace function.
To enable ADOM locking and disable concurrent ADOM access type the following CLI command lines:
config system global set workspace-mode normal
end
To disable ADOM locking and enable concurrent ADOM access type the following CLI command lines:
config system global set workspace-mode disabled
Warning: disabling workspaces may cause some logged in users to lose their unsaved data. Do you want to continue? (y/n) y
end
Adding an ADOM
To add an ADOM, you must be logged in as the admin administrator. You must also first enable administrative domains in the Web-based Manager; see To enable the ADOM feature:.
To create an ADOM
- Do one of the following: l Go to the Device Manager tab and select Manage ADOMs from the ADOM drop-down list. Select Create New
in the Manage ADOMs toolbar.
l Go to System Settings > All ADOMs and either select Create New, or right-click in the content pane and select New from the pop-up menu.
The Create ADOM dialog box will open which will allow you to configure the new ADOM.
Create ADOM dialog box
Configure the following settings:
Name | Type a name that will allow you to distinguish this ADOM from your other ADOMs. ADOM names must be unique. |
Device Type | Select either FortiGate or FortiCarrier from the drop-down menu. Other devices types are added to their respective default ADOM upon registering with FortiManager. |
Version | Select the version of FortiGate devices in the ADOM. FortiManager v5.2 supports FortiOS v5.2, v5.0, and v4.3.
For information on supported device firmware version, see the FortiManager Release Notes. |
Mode | Select Normal mode if you want to manage and configure the connected FortiGate devices from the FortiManager Web-based Manager. Select Backup mode if you want to backup the FortiGate configurations to the FortiManager, but configure each FortiGate locally. |
VPN Management | Select Central VPN Console or select Policy & Device VPNs. When Central
VPN Console is selected, the VPN Console menu item will be visible under the Policy & Objects tab. You can configure VPN topologies and managed/external gateway objects. |
Device | Select members from the Available member list and transfer them to the Selected member list to assign the devices to the ADOM. |
Default Device Selection for Install | Select either Select All Devices/Groups or Specify Devices/Groups. |
- Select OK to create the ADOM.
The number of ADOMs that can be created is dependent on the FortiManager model and their supported value. For more information on ADOM support values, see the FortiManager data sheet at http://www.fortinet.com/products/fortimanager/index.html.
Deleting an ADOM
To delete an ADOM, you must be logged in as the admin administrator.
To delete an ADOM
- In the Device Manager tab, right-click on an ADOM name in the tree menu and, under the ADOM heading in the pop-up menu, select Delete.
Upgrading an ADOM
To upgrade an ADOM, you must be logged in as the admin administrator.
To upgrade an ADOM:
- Go to the System Settings tab and select All ADOMs.
- Right click the ADOM you would like to upgrade from the ADOM list in the content pane and select Upgrade from the pop-up menu.
can you please tell me how to enable backup mode or normal mode ?
as per your article there are 2 modes.
1. normal
2. backup.
but how to enable them is not shown
When creating the ADOM it gives you the option. (System Settings > All ADOMS > Edit the ADOM > Change Type > Normal / Backup
on the gate you can also configure central management for the backup settings as well:
config system central-management
set mode backup
set fortimanager-fds-override enable
set fmg “xxx.xxx.xxx.xxx” <<=========
end
Good morning, I have a query, I have a fortigate 200e connected against a fortimanager, communication works, from the fortimanager I see the fotigate, but I can’t get the logs to arrive. In Fortimanager the option of FortiAnalyzer Features is enabled, but when trying to configure the fortigate it indicates the following:
No response, or FortiAnalyzer functionality must be enabled on FortiManager.
Could it be that I need to inhabit a route / port / policy?
Thank you.