Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Maximum values for VM

This section lists the maximum number of configuration objects that can be added to the configuration database for different FortiAuthenticator virtual machine (VM) configurations.

The maximum values in this document are the maximum configurable values and are not a commitment of performance.

The FortiAuthenticator VM is licensed based on the total number of users and licensed on a stacking basis. All installations must start with a FortiAuthenticator VM Base license and users can be stacked with upgrade licenses in blocks of 100, 1,000, 10,000 and 100,000 users. Due to the dynamic nature of this licensing model, most other metrics are set relative to the number of licensed users. The Calculating metric column below shows how the feature size is calculated relative to the number of licensed users for example, on a 100 user FortiAuthenticator VM Base License, the number of auth clients (NAS devices) that can authenticate to the system is:

100 / 10 = 10

Where this relative system is not used e.g. for static routes, the Calculating metric is denoted by a "-". The supported figures are shown for both the base VM and a 5000 user licensed VM system by way of example.

The following table describes the maximum values set for the various VM configurations.

Feature Model
  Unlicensed VM Calculating metric Licensed VM (100 users) Example 5000 licensed user VM
System
Network Static Routes 2 50 50 50
Messaging SMTP Servers 2 20 20 20
SMS Gateways 2 20 20 20
SNMP Hosts 2 20 20 20
Administration Syslog Servers 2 20 20 20
User Uploaded Images 19 Users / 20 19 250
Language Files 5 50 50 50
Authentication
General Auth Clients (NAS) 3 Users / 3 33 1666
User Management Users
(Local + Remote)1
5 *********** 100 5000
User RADIUS Attributes 15 Users x 3 300 15000
User Groups 3 Users / 10 10 500
Group RADIUS Attributes 9 User groups x 3 30 1500
FortiTokens 10 Users x 2 200 10000
FortiToken Mobile Licenses (Stacked) 2 3 200 200 200
LDAP Entries 20 Users x 2 200 10000
Device (MAC-based Auth.) 5 Users x 5 500 25000
  RADIUS Client Profiles 3 Users 100 5000
Remote LDAP Servers 4 Users / 25 4 200
Remote LDAP Users Sync Rule 1 Users / 10 10 500
Remote LDAP User Radius Attributes 15 Users x 3 300 15000
FSSO & Dynamic Policies
FSSO FSSO Users 5 Users 100 5000
FSSO Groups 3 Users / 2 50 2500
Domain Controllers 3 Users / 100 (min=10) 10 50
RADIUS Accounting SSO Clients 10 Users 100 5000
FortiGate Services 2 Users / 10 10 500
FortiGate Group Filtering 30 Users / 2 50 2500
FSSO Tier Nodes 3 Users /100 (min=5) 5 50
IP Filtering Rules 30 Users / 2 50 2500
Accounting Proxy Sources 3 Users 100 5000
Destinations 3 Users / 20 5 250
Rulesets 3 Users / 20 5 250
Certificates
User Certificates User Certificates 5 Users x 5 500 25000
Server Certificates 2 Users / 10 10 500
Certificate Authorities CA Certificates 3 Users / 20 5 250
Trusted CA Certificates 5 200 200 200
Certificate Revocation Lists 5 200 200 200
SCEP Enrollment Requests 5 Users x 5 2500 10000

1   Note that there is one metric used for the number of allowed users which is Users. Local Users and Remote Users share the same limit value. This enables Local Users or Remote Users to be equal to Users or for there to be a mixture of user types, however, the total number of local and remote users cannot exceed the Users metric.

2    FortiToken Mobile Licenses refers to the licenses that can be applied to a FortiAuthenticator, not the number of FortiToken Mobile instances that can be managed. The total number is limited by the FortiToken metric.

Maximum values for VM

This section lists the maximum number of configuration objects that can be added to the configuration database for different FortiAuthenticator virtual machine (VM) configurations.

The maximum values in this document are the maximum configurable values and are not a commitment of performance.

The FortiAuthenticator VM is licensed based on the total number of users and licensed on a stacking basis. All installations must start with a FortiAuthenticator VM Base license and users can be stacked with upgrade licenses in blocks of 100, 1,000, 10,000 and 100,000 users. Due to the dynamic nature of this licensing model, most other metrics are set relative to the number of licensed users. The Calculating metric column below shows how the feature size is calculated relative to the number of licensed users for example, on a 100 user FortiAuthenticator VM Base License, the number of auth clients (NAS devices) that can authenticate to the system is:

100 / 10 = 10

Where this relative system is not used e.g. for static routes, the Calculating metric is denoted by a "-". The supported figures are shown for both the base VM and a 5000 user licensed VM system by way of example.

The following table describes the maximum values set for the various VM configurations.

Feature Model
  Unlicensed VM Calculating metric Licensed VM (100 users) Example 5000 licensed user VM
System
Network Static Routes 2 50 50 50
Messaging SMTP Servers 2 20 20 20
SMS Gateways 2 20 20 20
SNMP Hosts 2 20 20 20
Administration Syslog Servers 2 20 20 20
User Uploaded Images 19 Users / 20 19 250
Language Files 5 50 50 50
Authentication
General Auth Clients (NAS) 3 Users / 3 33 1666
User Management Users
(Local + Remote)1
5 *********** 100 5000
User RADIUS Attributes 15 Users x 3 300 15000
User Groups 3 Users / 10 10 500
Group RADIUS Attributes 9 User groups x 3 30 1500
FortiTokens 10 Users x 2 200 10000
FortiToken Mobile Licenses (Stacked) 2 3 200 200 200
LDAP Entries 20 Users x 2 200 10000
Device (MAC-based Auth.) 5 Users x 5 500 25000
  RADIUS Client Profiles 3 Users 100 5000
Remote LDAP Servers 4 Users / 25 4 200
Remote LDAP Users Sync Rule 1 Users / 10 10 500
Remote LDAP User Radius Attributes 15 Users x 3 300 15000
FSSO & Dynamic Policies
FSSO FSSO Users 5 Users 100 5000
FSSO Groups 3 Users / 2 50 2500
Domain Controllers 3 Users / 100 (min=10) 10 50
RADIUS Accounting SSO Clients 10 Users 100 5000
FortiGate Services 2 Users / 10 10 500
FortiGate Group Filtering 30 Users / 2 50 2500
FSSO Tier Nodes 3 Users /100 (min=5) 5 50
IP Filtering Rules 30 Users / 2 50 2500
Accounting Proxy Sources 3 Users 100 5000
Destinations 3 Users / 20 5 250
Rulesets 3 Users / 20 5 250
Certificates
User Certificates User Certificates 5 Users x 5 500 25000
Server Certificates 2 Users / 10 10 500
Certificate Authorities CA Certificates 3 Users / 20 5 250
Trusted CA Certificates 5 200 200 200
Certificate Revocation Lists 5 200 200 200
SCEP Enrollment Requests 5 Users x 5 2500 10000

1   Note that there is one metric used for the number of allowed users which is Users. Local Users and Remote Users share the same limit value. This enables Local Users or Remote Users to be equal to Users or for there to be a mixture of user types, however, the total number of local and remote users cannot exceed the Users metric.

2    FortiToken Mobile Licenses refers to the licenses that can be applied to a FortiAuthenticator, not the number of FortiToken Mobile instances that can be managed. The total number is limited by the FortiToken metric.