Maximum values for VM
The following table lists the maximum number of configuration objects that can be added to the configuration database for different FortiAuthenticator virtual machine (VM) configurations.
|
The maximum values in this document are the maximum configurable values and are not a commitment of performance. |
The FortiAuthenticator-VM is licensed based on the total number of users and licensed on a stacking basis. All installations must start with a FortiAuthenticator-VM Base license and users can be stacked with upgrade licenses in blocks of 100, 1,000, 10,000 and 100,000 users. Due to the dynamic nature of this licensing model, most other metrics are set relative to the number of licensed users. The Calculating metric column below shows how the feature size is calculated relative to the number of licensed users for example, on a 100 user FortiAuthenticator]-VM Base License, the number of auth clients (RADIUS and TACACS+) that can authenticate to the system is:
100 / 3 = 33
Where this relative system is not used e.g. for static routes, the Calculating metric is denoted by a "-". The supported figures are shown for both the base VM and a 5000 user licensed VM system by way of example.
| Feature | Model | ||||
|---|---|---|---|---|---|
| Unlicensed VM | Calculating metric | Licensed VM (100 users) | Example 5000 licensed user VM | ||
| System | |||||
| Network | Static Routes | 2 | 50 | 50 | 50 |
| Messaging | SMTP Servers | 2 | 20 | 20 | 20 |
| SMS Gateways | 2 | 20 | 20 | 20 | |
| SNMP Hosts | 2 | 20 | 20 | 20 | |
| Administration | Syslog Servers | 2 | 20 | 20 | 20 |
| User Uploaded Images | 19 | Users / 20 | 19 (minimum) | 250 | |
| Language Files | 5 | 50 | 50 | 50 | |
| Authentication | |||||
| General
|
Auth Clients (RADIUS and TACACS+) | 3 | Users / 3 | 33 | 1666 |
|
Authentication Policy (RADIUS and TACACS+) |
6 |
Users |
100 |
5000 |
|
|
Remote authentication servers
|
Remote LDAP Servers |
4 |
Users / 25 |
4 |
200 |
|
Remote RADIUS Servers |
1 |
Users / 25 |
4 |
200 |
|
|
Remote SAML Servers |
1 |
Users / 25 |
4 |
200 |
|
|
Remote OAuth Servers |
1 |
Users / 25 |
4 |
200 |
|
|
Remote TACACS+ Servers |
1 |
Users / 25 |
4 |
200 |
|
| User Management
|
Users
(Local + Remote)1 |
5 | *********** | 100 | 5000 |
| User RADIUS Attributes | 15 | Users x 3 | 300 | 15000 | |
| User Groups | 3 | Users / 10 | 10 | 500 | |
| Group RADIUS Attributes | 9 | User groups x 3 | 30 | 1500 | |
| FortiTokens | 10 | Users x 2 | 200 | 10000 | |
| FortiToken Mobile Licenses (Stacked) 2 | 3 | 200 | 200 | 200 | |
| LDAP Entries | 20 | Users x 2 | 200 | 10000 | |
| Device (MAC-based Auth.) | 5 | Users x 5 | 500 | 25000 | |
|
Remote LDAP Users Sync Rule |
1 |
Users / 10 |
10 |
500 |
|
|
Remote LDAP User Radius Attributes |
15 |
Users x 3 |
300 |
15000 |
|
|
Realms |
2 |
Users / 25 |
4 |
200 |
|
| FSSO & Dynamic Policies | |||||
| FSSO
|
FSSO Users | 5 | Users | 100 | 5000 |
| FSSO Groups | 3 | Users / 2 | 50 | 2500 | |
| Domain Controllers | 3 | Users / 100 (min=10) | 10 | 50 | |
| RADIUS Accounting SSO Clients | 10 | Users | 100 | 5000 | |
| FortiGate Group Filtering | 30 | Users / 2 | 50 | 2500 | |
| FSSO Tier Nodes | 3 | Users /100 (min=5) | 5 | 50 | |
| IP Filtering Rules | 30 | Users / 2 | 50 | 2500 | |
|
FSSO Filtering Object |
30 |
Users x 2 |
200 |
10000 |
|
| Accounting Proxy | Sources | 3 | Users | 100 | 5000 |
| Destinations | 3 | Users / 20 | 5 | 250 | |
| Rulesets | 3 | Users / 20 | 5 | 250 | |
| Certificates | |||||
| User Certificates | User Certificates | 5 | Users x 5 | 500 | 25000 |
| Server Certificates | 2 | Users / 10 | 10 | 500 | |
| Certificate Authorities | CA Certificates | 3 | Users / 20 | 5 | 250 |
| Trusted CA Certificates | 5 | 200 | 200 | 200 | |
| Certificate Revocation Lists | 5 | 200 | 200 | 200 | |
| SCEP | Enrollment Requests | 5 | Users x 5 | 500 | 25000 |
|
Services |
|||||
|
|
FortiGate Services |
2 |
Users / 10 |
10 |
500 |
|
|
TACACS+ Services |
5 |
Users / 10 |
10 |
500 |
1Users includes both local and remote users.
2FortiToken Mobile Licenses refers to the licenses that can be applied to a FortiAuthenticator, not the number of FortiToken Mobile instances that can be managed. The total number is limited by the FortiToken metric.