Fortinet black logo

Handbook

Appendix D: Maximum Configuration Values

Appendix D: Maximum Configuration Values

Maximum configuration objects - hardware models and Maximum configuration objects - virtual appliances show the maximum number of configuration objects by hardware or VM model. For more information specific to your FortiADC appliance, refer to your model’s QuickStart Guide or Datasheet.

Note: The maximum number of Layer-7 virtual servers that each model supports varies, depending on the available system memory and the number of features enabled on the unit.

Maximum configuration objects - hardware models

Parameters

60F/100F/

200F/220F

300D/400D/300F/400F/

1000F/1200F/2000F/2200F

4000F/4200F/5000F
System
Administration Administrative users 300 300 300
Access profiles 16 64 64
Virtual domains (VDOMs)

60F/100F/200F: 2

220F: 10

300D/400D/300F/1000F/

2000F:10

400F: 20

1200F: 45
2200F: 60

90
Certificates Any configuration object 256 256 256
Shared Resources Address 1024 2048 4096
Address group 256 256 256
Health checks 128 256 512
ISP address book 32 32 32
Schedule 256 256 256
Schedule group 64 64 64
Service 1024 2048 4096
Service group 256 256 256
SNMP SNMP community 16 16 16
SNMP community Host 16 16 16
SNMP user 16 16 16
Networking
Interface Physical network interfaces

100F: 4

60F: 5

200F: 6

220F: 8

300D/400D:4
300F:8

400F:10

1000F:21

1200F: 24

2000F:25

2200F 20

4000F: 15

4200F/5000F: 12

VLAN interfaces

256

512 1024
Routing ARP table entries (per VDOM) 4096 4096 4096
Static routes 2048 4096 4096
Policy routes 64 128 256
ISP routes 32 32 32
NAT Any configuration object 256 256 256
QoS Any configuration object 256 256 256
Packet capture Table 5 5 5
User
Any configuration object 256 256 256
Server Load Balancing
Virtual Servers L4 1024 2048 4096
L7

60F:128

100F/200F:256

220F : 1024

300D/400D/300F/400F:512

1000F:1024

1200F/2000F/2200F:2048

4096
L7 HTTPs

60F:64

100F/200F:128

220F: 1024

300D/400D/300F/400F:256

1000F/2000F:512

1200F/2200F: 2048

2048
Real Server Pool Pools 1024 2048 4096
Pool members 1024 2048 4096
Real server SSL profiles 256 256 256
Resources Profiles 256 256 256
Cache policies 256 256 256
Compression policies 256 256 256
Persistence policies 128 256 512
Method policies 64 128 256
Authentication policies 256 256 256
Scripts 256 256 256
Content Rules Content routing rules 256 512 1024
Content rewriting rules 256 512 1024
Link Load Balancing
Link Group Gateway 1024 2048 4096
Link group 512 1024 2048
Link group member 1024 2048 4096
Virtual Tunnel Group Virtual tunnel group 512 1024 2048
Virtual tunnel member 256 256 256
Policy LLB policy rule 512 1024 1024
Global Load Balancing
Any configuration object 256 256 256
Security
Any configuration object 256 256 256
Log & Report
Remote Syslog Servers 3 3 3

Maximum configuration values when HW SSL acceleration is enabled

Maximum configuration values - hardware models when HW SSL acceleration is enabled show the maximum number of configuration objects for hardware models able to support HW SSL acceleration.

The maximum number of processes that a virtual server is able to support can be increased by enabling HW SSL acceleration. This depends on whether the virtual server is enabled for alone mode, and which SSL hardware is supported by each model. For virtual servers enabled for alone mode, each will be handled by a separate httproxy process, whereas multiple virtual servers with alone mode disabled may share a single process. This may allow the number of virtual servers disabled for alone mode be unlimited for a virtual domain for when HW SSL acceleration is enabled.

For models that support HW SSL acceleration, they will either be compatible with the Cavium SSL or QAT SSL. For models using QAT SSL, the maximum number of processes depends on whether polling or epoll mode is enabled. Polling mode allows for four times the number of processes than epoll mode, however, epoll mode is higher performing. For models using Cavium SSL, there are no restrictions on the number of processes.

Note: Since the 6.2.0 release, the default mode for QAT SSL has been changed to polling.

Maximum configuration values - hardware models when HW SSL acceleration is enabled

Parameters

400D/400F/1000F/

1200F/2000F/2200F

4000F/4200F/5000F

Virtual Servers with alone mode enabled 2048 4096
HW SSL Process Number with QAT SSL in polling mode

400F: 64

1200F/2200F: 192

4200F/5000F: 192

HW SSL Process Number with QAT SSL in epoll mode

400F: 16

1200F/2200F: 48

4200F/5000F: 48

HW SSL Process Number with Cavium SSL

400D/1000F/2000F: 30720

4000F: 61440

Maximum configuration objects - virtual appliances

Parameters VM01 VM02 VM04 VM08

VM16

VM32

System

Administration Administrative users 300 300 300 300

300

300

Access profiles 8 16 64 64

64

64

Virtual domains (VDOMs) 10 10 10 10 15 20
Certificate Any configuration object 256 256 256 256 256 256
Shared Resources Address 512 1024 2048 4096 4096 4096
Address group 256 256 256 256 256 256
Health checks 64 128 256 512 512 512
ISP address book 32 32 32 32 32 32
Schedule 256 256 256 256 256 256
Schedule group 64 64 64 64 64 64
Service 512 1024 2048 4096 4096 4096
Service group 256 256 256 256 256 256
SNMP SNMP community 16 16 16 16 16 16
SNMP community host 16 16 16 16 16 16
SNMP user 16 16 16 16 16 16
Networking

Interfaces Physical network interfaces 10 10 10 10 10 10
VLAN interfaces 128 256 512 1024 1024 1024
Routing ARP table entries (per VDOM) 4096 4096 4096 4096 4096 4096
Static routes 1024 2048 4096 4096 4096 4096
Policy routes 32 64 128 256 256 256
ISP routes 32 32 32 32 32 32
NAT Any configuration object 256 256 256 256 256 256
QoS Any configuration object 256 256 256 256 256 256
Packet Capture Table 5 5 5 5 5 5
User

Any configuration object 256 256 256 256

256

256

Server Load Balancing

Virtual Servers L4 512 1024 2048 4096 4096 4096
L7 128 256 512 1024 1024 1024
L7 HTTPs 64 128 256 512 512 512
Real Server Pool Pools 512 1024 2048 4096 4096 4096
Pool members 512 1024 2048 4096 4096 4096
Real server SSL profile 256 256 256 256 256 256
Resources Profiles 256 256 256 256 256 256
Cache policies 256 256 256 256 256 256
Compression policies 256 256 256 256 256 256
Persistence policies 128 128 128 256 256 256
Method policies 32 64 128 256 256 256
Authentication policies 256 256 256 256 256 256
Scripts 256 256 256 256 256 256
Content Rules Content routing rules 128 256 512 1024 1024 1024
Content rewriting rules 128 256 512 1024 1024 1024
Link Load Balancing

Link Group Gateway 512 1024 2048 4096 4096 4096
Link group 256 512 1024 2048 2048 2048
Link group member 512 1024 2048 4096 4096 4096
Virtual Tunnel Virtual tunnel 256 512 1024 2048 2048 2048
Virtual tunnel member 256 256 256 256 256 256
Policy LLB policy rule 256 512 1024 2048 2048 2048
Global Load Balancing

Any configuration object 256 256 256 256

256

256

Security

Any configuration object 256 256 256 256

256

256

Log & Report

Remote Syslog Servers 3 3 3 3

3

3

Appendix D: Maximum Configuration Values

Maximum configuration objects - hardware models and Maximum configuration objects - virtual appliances show the maximum number of configuration objects by hardware or VM model. For more information specific to your FortiADC appliance, refer to your model’s QuickStart Guide or Datasheet.

Note: The maximum number of Layer-7 virtual servers that each model supports varies, depending on the available system memory and the number of features enabled on the unit.

Maximum configuration objects - hardware models

Parameters

60F/100F/

200F/220F

300D/400D/300F/400F/

1000F/1200F/2000F/2200F

4000F/4200F/5000F
System
Administration Administrative users 300 300 300
Access profiles 16 64 64
Virtual domains (VDOMs)

60F/100F/200F: 2

220F: 10

300D/400D/300F/1000F/

2000F:10

400F: 20

1200F: 45
2200F: 60

90
Certificates Any configuration object 256 256 256
Shared Resources Address 1024 2048 4096
Address group 256 256 256
Health checks 128 256 512
ISP address book 32 32 32
Schedule 256 256 256
Schedule group 64 64 64
Service 1024 2048 4096
Service group 256 256 256
SNMP SNMP community 16 16 16
SNMP community Host 16 16 16
SNMP user 16 16 16
Networking
Interface Physical network interfaces

100F: 4

60F: 5

200F: 6

220F: 8

300D/400D:4
300F:8

400F:10

1000F:21

1200F: 24

2000F:25

2200F 20

4000F: 15

4200F/5000F: 12

VLAN interfaces

256

512 1024
Routing ARP table entries (per VDOM) 4096 4096 4096
Static routes 2048 4096 4096
Policy routes 64 128 256
ISP routes 32 32 32
NAT Any configuration object 256 256 256
QoS Any configuration object 256 256 256
Packet capture Table 5 5 5
User
Any configuration object 256 256 256
Server Load Balancing
Virtual Servers L4 1024 2048 4096
L7

60F:128

100F/200F:256

220F : 1024

300D/400D/300F/400F:512

1000F:1024

1200F/2000F/2200F:2048

4096
L7 HTTPs

60F:64

100F/200F:128

220F: 1024

300D/400D/300F/400F:256

1000F/2000F:512

1200F/2200F: 2048

2048
Real Server Pool Pools 1024 2048 4096
Pool members 1024 2048 4096
Real server SSL profiles 256 256 256
Resources Profiles 256 256 256
Cache policies 256 256 256
Compression policies 256 256 256
Persistence policies 128 256 512
Method policies 64 128 256
Authentication policies 256 256 256
Scripts 256 256 256
Content Rules Content routing rules 256 512 1024
Content rewriting rules 256 512 1024
Link Load Balancing
Link Group Gateway 1024 2048 4096
Link group 512 1024 2048
Link group member 1024 2048 4096
Virtual Tunnel Group Virtual tunnel group 512 1024 2048
Virtual tunnel member 256 256 256
Policy LLB policy rule 512 1024 1024
Global Load Balancing
Any configuration object 256 256 256
Security
Any configuration object 256 256 256
Log & Report
Remote Syslog Servers 3 3 3

Maximum configuration values when HW SSL acceleration is enabled

Maximum configuration values - hardware models when HW SSL acceleration is enabled show the maximum number of configuration objects for hardware models able to support HW SSL acceleration.

The maximum number of processes that a virtual server is able to support can be increased by enabling HW SSL acceleration. This depends on whether the virtual server is enabled for alone mode, and which SSL hardware is supported by each model. For virtual servers enabled for alone mode, each will be handled by a separate httproxy process, whereas multiple virtual servers with alone mode disabled may share a single process. This may allow the number of virtual servers disabled for alone mode be unlimited for a virtual domain for when HW SSL acceleration is enabled.

For models that support HW SSL acceleration, they will either be compatible with the Cavium SSL or QAT SSL. For models using QAT SSL, the maximum number of processes depends on whether polling or epoll mode is enabled. Polling mode allows for four times the number of processes than epoll mode, however, epoll mode is higher performing. For models using Cavium SSL, there are no restrictions on the number of processes.

Note: Since the 6.2.0 release, the default mode for QAT SSL has been changed to polling.

Maximum configuration values - hardware models when HW SSL acceleration is enabled

Parameters

400D/400F/1000F/

1200F/2000F/2200F

4000F/4200F/5000F

Virtual Servers with alone mode enabled 2048 4096
HW SSL Process Number with QAT SSL in polling mode

400F: 64

1200F/2200F: 192

4200F/5000F: 192

HW SSL Process Number with QAT SSL in epoll mode

400F: 16

1200F/2200F: 48

4200F/5000F: 48

HW SSL Process Number with Cavium SSL

400D/1000F/2000F: 30720

4000F: 61440

Maximum configuration objects - virtual appliances

Parameters VM01 VM02 VM04 VM08

VM16

VM32

System

Administration Administrative users 300 300 300 300

300

300

Access profiles 8 16 64 64

64

64

Virtual domains (VDOMs) 10 10 10 10 15 20
Certificate Any configuration object 256 256 256 256 256 256
Shared Resources Address 512 1024 2048 4096 4096 4096
Address group 256 256 256 256 256 256
Health checks 64 128 256 512 512 512
ISP address book 32 32 32 32 32 32
Schedule 256 256 256 256 256 256
Schedule group 64 64 64 64 64 64
Service 512 1024 2048 4096 4096 4096
Service group 256 256 256 256 256 256
SNMP SNMP community 16 16 16 16 16 16
SNMP community host 16 16 16 16 16 16
SNMP user 16 16 16 16 16 16
Networking

Interfaces Physical network interfaces 10 10 10 10 10 10
VLAN interfaces 128 256 512 1024 1024 1024
Routing ARP table entries (per VDOM) 4096 4096 4096 4096 4096 4096
Static routes 1024 2048 4096 4096 4096 4096
Policy routes 32 64 128 256 256 256
ISP routes 32 32 32 32 32 32
NAT Any configuration object 256 256 256 256 256 256
QoS Any configuration object 256 256 256 256 256 256
Packet Capture Table 5 5 5 5 5 5
User

Any configuration object 256 256 256 256

256

256

Server Load Balancing

Virtual Servers L4 512 1024 2048 4096 4096 4096
L7 128 256 512 1024 1024 1024
L7 HTTPs 64 128 256 512 512 512
Real Server Pool Pools 512 1024 2048 4096 4096 4096
Pool members 512 1024 2048 4096 4096 4096
Real server SSL profile 256 256 256 256 256 256
Resources Profiles 256 256 256 256 256 256
Cache policies 256 256 256 256 256 256
Compression policies 256 256 256 256 256 256
Persistence policies 128 128 128 256 256 256
Method policies 32 64 128 256 256 256
Authentication policies 256 256 256 256 256 256
Scripts 256 256 256 256 256 256
Content Rules Content routing rules 128 256 512 1024 1024 1024
Content rewriting rules 128 256 512 1024 1024 1024
Link Load Balancing

Link Group Gateway 512 1024 2048 4096 4096 4096
Link group 256 512 1024 2048 2048 2048
Link group member 512 1024 2048 4096 4096 4096
Virtual Tunnel Virtual tunnel 256 512 1024 2048 2048 2048
Virtual tunnel member 256 256 256 256 256 256
Policy LLB policy rule 256 512 1024 2048 2048 2048
Global Load Balancing

Any configuration object 256 256 256 256

256

256

Security

Any configuration object 256 256 256 256

256

256

Log & Report

Remote Syslog Servers 3 3 3 3

3

3