Fortinet white logo
Fortinet white logo

Maximum values for VM

Maximum values for VM

The following table lists the maximum number of configuration objects that can be added to the configuration database for different FortiAuthenticator virtual machine (VM) configurations.

Caution

The maximum values in this document are the maximum configurable values and are not a commitment of performance.

The FortiAuthenticator-VM is licensed based on the total number of users and licensed on a stacking basis. All installations must start with a FortiAuthenticator-VM Base license and users can be stacked with upgrade licenses in blocks of 100, 1,000, 10,000 and 100,000 users. Due to the dynamic nature of this licensing model, most other metrics are set relative to the number of licensed users. The Calculating metric column below shows how the feature size is calculated relative to the number of licensed users for example, on a 100 user FortiAuthenticator]-VM Base License, the number of auth clients (RADIUS and TACACS+) that can authenticate to the system is:

100 / 3 = 33

Where this relative system is not used e.g. for static routes, the Calculating metric is denoted by a "-". The supported figures are shown for both the base VM and a 5000 user licensed VM system by way of example.

Feature Model
Unlicensed VM Calculating metric Licensed VM (100 users) Example 5000 licensed user VM
System
Network Static Routes 2 50 50 50
Messaging SMTP Servers 2 20 20 20
SMS Gateways 2 20 20 20
SNMP Hosts 2 20 20 20
Administration Syslog Servers 2 20 20 20
User Uploaded Images 19 Users / 20 19 (minimum) 250
Language Files 5 50 50 50
Authentication
General

Auth Clients (RADIUS and TACACS+) 3 Users / 3 33 1666

Authentication Policy (RADIUS and TACACS+)

6

Users

100

5000

Remote authentication servers

Remote LDAP Servers

4

Users / 25

4

200

Remote RADIUS Servers

1

Users / 25

4

200

Remote SAML Servers

1

Users / 25

4

200

Remote OAuth Servers

1

Users / 25

4

200

User Management

Users
(Local + Remote)1
5 *********** 100 5000
User RADIUS Attributes 15 Users x 3 300 15000
User Groups 3 Users / 10 10 500
Group RADIUS Attributes 9 User groups x 3 30 1500
FortiTokens 10 Users x 2 200 10000
FortiToken Mobile Licenses (Stacked) 2 3 200 200 200
LDAP Entries 20 Users x 2 200 10000
Device (MAC-based Auth.) 5 Users x 5 500 25000

Remote LDAP Users Sync Rule

1

Users / 10

10

500

Remote LDAP User Radius Attributes

15

Users x 3

300

15000

Realms

2

Users / 25

4

200

FSSO & Dynamic Policies
FSSO

FSSO Users 5 Users 100 5000
FSSO Groups 3 Users / 2 50 2500
Domain Controllers 3 Users / 100 (min=10) 10 50
RADIUS Accounting SSO Clients 10 Users 100 5000
FortiGate Services 2 Users / 10 10 500
FortiGate Group Filtering 30 Users / 2 50 2500
FSSO Tier Nodes 3 Users /100 (min=5) 5 50
IP Filtering Rules 30 Users / 2 50 2500

FSSO Filtering Object

30

Users x 2

200

10000

Accounting Proxy Sources 3 Users 100 5000
Destinations 3 Users / 20 5 250
Rulesets 3 Users / 20 5 250
Certificates
User Certificates User Certificates 5 Users x 5 500 25000
Server Certificates 2 Users / 10 10 500
Certificate Authorities CA Certificates 3 Users / 20 5 250
Trusted CA Certificates 5 200 200 200
Certificate Revocation Lists 5 200 200 200
SCEP Enrollment Requests 5 Users x 5 500 25000

1Users includes both local and remote users.

2FortiToken Mobile Licenses refers to the licenses that can be applied to a FortiAuthenticator, not the number of FortiToken Mobile instances that can be managed. The total number is limited by the FortiToken metric.

Maximum values for VM

Maximum values for VM

The following table lists the maximum number of configuration objects that can be added to the configuration database for different FortiAuthenticator virtual machine (VM) configurations.

Caution

The maximum values in this document are the maximum configurable values and are not a commitment of performance.

The FortiAuthenticator-VM is licensed based on the total number of users and licensed on a stacking basis. All installations must start with a FortiAuthenticator-VM Base license and users can be stacked with upgrade licenses in blocks of 100, 1,000, 10,000 and 100,000 users. Due to the dynamic nature of this licensing model, most other metrics are set relative to the number of licensed users. The Calculating metric column below shows how the feature size is calculated relative to the number of licensed users for example, on a 100 user FortiAuthenticator]-VM Base License, the number of auth clients (RADIUS and TACACS+) that can authenticate to the system is:

100 / 3 = 33

Where this relative system is not used e.g. for static routes, the Calculating metric is denoted by a "-". The supported figures are shown for both the base VM and a 5000 user licensed VM system by way of example.

Feature Model
Unlicensed VM Calculating metric Licensed VM (100 users) Example 5000 licensed user VM
System
Network Static Routes 2 50 50 50
Messaging SMTP Servers 2 20 20 20
SMS Gateways 2 20 20 20
SNMP Hosts 2 20 20 20
Administration Syslog Servers 2 20 20 20
User Uploaded Images 19 Users / 20 19 (minimum) 250
Language Files 5 50 50 50
Authentication
General

Auth Clients (RADIUS and TACACS+) 3 Users / 3 33 1666

Authentication Policy (RADIUS and TACACS+)

6

Users

100

5000

Remote authentication servers

Remote LDAP Servers

4

Users / 25

4

200

Remote RADIUS Servers

1

Users / 25

4

200

Remote SAML Servers

1

Users / 25

4

200

Remote OAuth Servers

1

Users / 25

4

200

User Management

Users
(Local + Remote)1
5 *********** 100 5000
User RADIUS Attributes 15 Users x 3 300 15000
User Groups 3 Users / 10 10 500
Group RADIUS Attributes 9 User groups x 3 30 1500
FortiTokens 10 Users x 2 200 10000
FortiToken Mobile Licenses (Stacked) 2 3 200 200 200
LDAP Entries 20 Users x 2 200 10000
Device (MAC-based Auth.) 5 Users x 5 500 25000

Remote LDAP Users Sync Rule

1

Users / 10

10

500

Remote LDAP User Radius Attributes

15

Users x 3

300

15000

Realms

2

Users / 25

4

200

FSSO & Dynamic Policies
FSSO

FSSO Users 5 Users 100 5000
FSSO Groups 3 Users / 2 50 2500
Domain Controllers 3 Users / 100 (min=10) 10 50
RADIUS Accounting SSO Clients 10 Users 100 5000
FortiGate Services 2 Users / 10 10 500
FortiGate Group Filtering 30 Users / 2 50 2500
FSSO Tier Nodes 3 Users /100 (min=5) 5 50
IP Filtering Rules 30 Users / 2 50 2500

FSSO Filtering Object

30

Users x 2

200

10000

Accounting Proxy Sources 3 Users 100 5000
Destinations 3 Users / 20 5 250
Rulesets 3 Users / 20 5 250
Certificates
User Certificates User Certificates 5 Users x 5 500 25000
Server Certificates 2 Users / 10 10 500
Certificate Authorities CA Certificates 3 Users / 20 5 250
Trusted CA Certificates 5 200 200 200
Certificate Revocation Lists 5 200 200 200
SCEP Enrollment Requests 5 Users x 5 500 25000

1Users includes both local and remote users.

2FortiToken Mobile Licenses refers to the licenses that can be applied to a FortiAuthenticator, not the number of FortiToken Mobile instances that can be managed. The total number is limited by the FortiToken metric.