Fortinet black logo

Hyperscale Firewall Guide

CGN resource allocation firewall policy source and destination address limits

CGN resource allocation firewall policy source and destination address limits

CGN resource allocation hyperscale firewall policies have the following limitations for the number of source and destination addresses that can be added to a single policy. These limitations result from compiling firewall policies by the FortiOS kernel.

An IPv4 hyperscale firewall policy can have the following number of source or destination addresses. Addresses can be added as any combination of individual firewall addresses or firewall address groups.

  • An IPv4 hyperscale firewall policy can have up to 150 unique IP addresses distributed between the source and destination address fields.

  • An IPv4 hyperscale firewall policy can have up to 150 unique IP addresses and 10 overlapping subnets distributed between the source and destination address fields. Example subnet: 5.2.226.0/24

  • An IPv4 hyperscale firewall policy can have up to 150 unique IP addresses and 9 single IP duplicate range addresses distributed between the source and destination address fields. Example duplicate range IP address: start-ip/end-ip 118.1.1.152.

An IPv6 hyperscale firewall policy can have up to 20 IPv6 IP addresses distributed between the source and destination address fields.

CGN resource allocation firewall policy source and destination address limits

CGN resource allocation hyperscale firewall policies have the following limitations for the number of source and destination addresses that can be added to a single policy. These limitations result from compiling firewall policies by the FortiOS kernel.

An IPv4 hyperscale firewall policy can have the following number of source or destination addresses. Addresses can be added as any combination of individual firewall addresses or firewall address groups.

  • An IPv4 hyperscale firewall policy can have up to 150 unique IP addresses distributed between the source and destination address fields.

  • An IPv4 hyperscale firewall policy can have up to 150 unique IP addresses and 10 overlapping subnets distributed between the source and destination address fields. Example subnet: 5.2.226.0/24

  • An IPv4 hyperscale firewall policy can have up to 150 unique IP addresses and 9 single IP duplicate range addresses distributed between the source and destination address fields. Example duplicate range IP address: start-ip/end-ip 118.1.1.152.

An IPv6 hyperscale firewall policy can have up to 20 IPv6 IP addresses distributed between the source and destination address fields.