Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    6.0.0
    6.6.2
    6.6.1
    6.6.0
    6.5.5
    6.5.4
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.2
    6.2.1
    6.2.0
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.5.0
    5.4.1
    5.4.0
    5.3.1
    5.3.0
    5.2.2
    5.2.1
    5.2.0
    5.1.2
    5.1.1
    5.1.0
    5.0.0
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.1
    4.2.0

    Maximum values for VM

    Maximum values for VM

    This section lists the maximum number of configuration objects that can be added to the configuration database for different FortiAuthenticator virtual machine (VM) configurations.

    The maximum values in this document are the maximum configurable values and are not a commitment of performance.

    The FortiAuthenticator VM is licensed based on the total number of users and licensed on a stacking basis. All installations must start with a FortiAuthenticator VM Base license and users can be stacked with upgrade licenses in blocks of 100, 1,000, 10,000 and 100,000 users. Due to the dynamic nature of this licensing model, most other metrics are set relative to the number of licensed users. The Calculating metric column below shows how the feature size is calculated relative to the number of licensed users for example, on a 100 user FortiAuthenticator VM Base License, the number of auth clients (NAS devices) that can authenticate to the system is:

    100 / 10 = 10

    Where this relative system is not used e.g. for static routes, the Calculating metric is denoted by a "-". The supported figures are shown for both the base VM and a 5000 user licensed VM system by way of example.

    The following table describes the maximum values set for the various VM configurations.

    Feature Model
    Unlicensed VM Calculating metric Licensed VM (100 users) Example 5000 licensed user VM
    System
    Network Static Routes 2 50 50 50
    Messaging SMTP Servers 2 20 20 20
    SMS Gateways 2 20 20 20
    SNMP Hosts 2 20 20 20
    Administration Syslog Servers 2 20 20 20
    User Uploaded Images 19 Users / 20 19 250
    Language Files 5 50 50 50
    Authentication
    General Auth Clients (NAS) 3 Users / 3 33 1666
    User Management Users
    (Local + Remote)1     		5 *********** 100 5000
    User RADIUS Attributes 15 Users x 3 300 15000
    User Groups 3 Users / 10 10 500
    Group RADIUS Attributes 9 User groups x 3 30 1500
    FortiTokens 10 Users x 2 200 10000
    FortiToken Mobile Licenses (Stacked) 2 3 200 200 200
    LDAP Entries 20 Users x 2 200 10000
    Device (MAC-based Auth.) 5 Users x 5 500 25000
    RADIUS Client Profiles 3 Users 100 5000
    Remote LDAP Servers 4 Users / 25 4 200
    Remote LDAP Users Sync Rule 1 Users / 10 10 500
    Remote LDAP User Radius Attributes 15 Users x 3 300 15000
    FSSO & Dynamic Policies
    FSSO FSSO Users 5 Users 100 5000
    FSSO Groups 3 Users / 2 50 2500
    Domain Controllers 3 Users / 100 (min=10) 10 50
    RADIUS Accounting SSO Clients 10 Users 100 5000
    FortiGate Services 2 Users / 10 10 500
    FortiGate Group Filtering 30 Users / 2 50 2500
    FSSO Tier Nodes 3 Users /100 (min=5) 5 50
    IP Filtering Rules 30 Users / 2 50 2500
    Accounting Proxy Sources 3 Users 100 5000
    Destinations 3 Users / 20 5 250
    Rulesets 3 Users / 20 5 250
    Certificates
    User Certificates User Certificates 5 Users x 5 500 25000
    Server Certificates 2 Users / 10 10 500
    Certificate Authorities CA Certificates 3 Users / 20 5 250
    Trusted CA Certificates 5 200 200 200
    Certificate Revocation Lists 5 200 200 200
    SCEP Enrollment Requests 5 Users x 5 2500 10000

    1 Note that there is one metric used for the number of allowed users which is Users. Local Users and Remote Users share the same limit value. This enables Local Users or Remote Users to be equal to Users or for there to be a mixture of user types, however, the total number of local and remote users cannot exceed the Users metric.

    2 FortiToken Mobile Licenses refers to the licenses that can be applied to a FortiAuthenticator, not the number of FortiToken Mobile instances that can be managed. The total number is limited by the FortiToken metric.

    Previous
    Next

    Maximum values for VM

    Maximum values for VM

    This section lists the maximum number of configuration objects that can be added to the configuration database for different FortiAuthenticator virtual machine (VM) configurations.

    The maximum values in this document are the maximum configurable values and are not a commitment of performance.

    The FortiAuthenticator VM is licensed based on the total number of users and licensed on a stacking basis. All installations must start with a FortiAuthenticator VM Base license and users can be stacked with upgrade licenses in blocks of 100, 1,000, 10,000 and 100,000 users. Due to the dynamic nature of this licensing model, most other metrics are set relative to the number of licensed users. The Calculating metric column below shows how the feature size is calculated relative to the number of licensed users for example, on a 100 user FortiAuthenticator VM Base License, the number of auth clients (NAS devices) that can authenticate to the system is:

    100 / 10 = 10

    Where this relative system is not used e.g. for static routes, the Calculating metric is denoted by a "-". The supported figures are shown for both the base VM and a 5000 user licensed VM system by way of example.

    The following table describes the maximum values set for the various VM configurations.

    Feature Model
    Unlicensed VM Calculating metric Licensed VM (100 users) Example 5000 licensed user VM
    System
    Network Static Routes 2 50 50 50
    Messaging SMTP Servers 2 20 20 20
    SMS Gateways 2 20 20 20
    SNMP Hosts 2 20 20 20
    Administration Syslog Servers 2 20 20 20
    User Uploaded Images 19 Users / 20 19 250
    Language Files 5 50 50 50
    Authentication
    General Auth Clients (NAS) 3 Users / 3 33 1666
    User Management Users
    (Local + Remote)1     		5 *********** 100 5000
    User RADIUS Attributes 15 Users x 3 300 15000
    User Groups 3 Users / 10 10 500
    Group RADIUS Attributes 9 User groups x 3 30 1500
    FortiTokens 10 Users x 2 200 10000
    FortiToken Mobile Licenses (Stacked) 2 3 200 200 200
    LDAP Entries 20 Users x 2 200 10000
    Device (MAC-based Auth.) 5 Users x 5 500 25000
    RADIUS Client Profiles 3 Users 100 5000
    Remote LDAP Servers 4 Users / 25 4 200
    Remote LDAP Users Sync Rule 1 Users / 10 10 500
    Remote LDAP User Radius Attributes 15 Users x 3 300 15000
    FSSO & Dynamic Policies
    FSSO FSSO Users 5 Users 100 5000
    FSSO Groups 3 Users / 2 50 2500
    Domain Controllers 3 Users / 100 (min=10) 10 50
    RADIUS Accounting SSO Clients 10 Users 100 5000
    FortiGate Services 2 Users / 10 10 500
    FortiGate Group Filtering 30 Users / 2 50 2500
    FSSO Tier Nodes 3 Users /100 (min=5) 5 50
    IP Filtering Rules 30 Users / 2 50 2500
    Accounting Proxy Sources 3 Users 100 5000
    Destinations 3 Users / 20 5 250
    Rulesets 3 Users / 20 5 250
    Certificates
    User Certificates User Certificates 5 Users x 5 500 25000
    Server Certificates 2 Users / 10 10 500
    Certificate Authorities CA Certificates 3 Users / 20 5 250
    Trusted CA Certificates 5 200 200 200
    Certificate Revocation Lists 5 200 200 200
    SCEP Enrollment Requests 5 Users x 5 2500 10000

    1 Note that there is one metric used for the number of allowed users which is Users. Local Users and Remote Users share the same limit value. This enables Local Users or Remote Users to be equal to Users or for there to be a mixture of user types, however, the total number of local and remote users cannot exceed the Users metric.

    2 FortiToken Mobile Licenses refers to the licenses that can be applied to a FortiAuthenticator, not the number of FortiToken Mobile instances that can be managed. The total number is limited by the FortiToken metric.

    Previous
    Next