The FortiGate Virtual Domain (VDOM) is a core virtualization capability inherent to FortiGate firewalls, specifically engineered to facilitate multi-tenancy and logical isolation management. Functioning as a discrete virtual firewall, each VDOM maintains its own set of policies, interfaces, routing tables, and security configurations. Multiple VDOMs can be instantiated on a single physical appliance, allowing for multi-instance management and stringent resource segregation. They support independent configuration of bandwidth, security policies, and logging, while enabling the allocation of distinct administrative privileges to different VDOMs.

Typical VDOM usage scenarios include: requiring independent network policies and log management for different departments within an enterprise; utilizing a shared device for production and laboratory environments while ensuring strict mutual isolation; and allowing service providers to offer segregated virtual firewall instances to various clients. The key characteristics of VDOMs are robust logical isolation, flexible multi-instance administration, autonomous resource allocation, fine-grained administrative control, and the ability to implement a full multi-tenant environment on a single physical device.

Upon VDOM activation, the FortiGate device is logically partitioned into the Global Domain and the Root VDOM by default. Users can toggle between the Global Domain and the Root VDOM by directly clicking "Global" or "Root." If multiple VDOMs exist, they will all be enumerated in the location indicated in the accompanying diagram/figure.

The VDOM names configured on the device can also be identified within the FortiGate configuration file under the config vDOM section.

It is important to note that when VDOMs are enabled on a FortiGate, Layer 4 and Layer 7 protection policies cannot be configured within the Global Domain. These security policies are exclusively configurable within the specific, individual VDOMs.