FortiGate VDOMs: multi-tenant design for MSPs and large enterprises

VDOMs let one FortiGate be many. Used poorly, they create a maintenance nightmare; used well, they replace racks of devices.

Modes

• Multi-VDOM for true tenancy.
• Split-task to separate management from traffic.

Inter-VDOM links

• Soft links for traffic between VDOMs.
• Treat as transit; firewall both directions.

Resource quotas

• Sessions, policies, IPs per VDOM enforced.
• Avoid noisy-neighbor outages.

Management

• Per-VDOM admins via FortiManager ADOM mapping.
• RBAC tight; auditing on.

Pitfalls

• License limits per chassis; size before sell.
• Routing complexity grows fast — document.

Train multi-tenant network design in a TechLeague tournament.