Fortinet black logo

New Features

Increase ZTNA and EMS tag limits 7.0.4

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:502664
Download PDF

Increase ZTNA and EMS tag limits 7.0.4

The following limits have increased for EMS server, IP addresses, and MAC addresses in EMS and ZTNA tags:

  • The maximum number of EMS servers a FortiGate can connect to increased from three to five.
  • The maximum number of IP address an EMS tag can resolve increased from 1000 to over 100,000.
  • The maximum number of MAC address an EMS tag can resolve increased from 1000 to 3000.

The following diagnose commands are available to verify address information:

# diagnose firewall fqdn <option>

Option

Description

list-ip

List IP FQDN information.

list-mac

List MAC FQDN information.

list-all

List FQDN information.

getinfo-ip

Get information of IP FQDN address.

getinfo-mac

Get information of MAC FQDN address.

get-ip

Get and display one IP FQDN address.

get-mac

Get and display one MAC FQDN address.

Sample diagnostics

# diagnose firewall fqdn list-ip
List all IP FQDN:
fqdn_u 0x16e55220 gmail.com: type:(1) ID(14) count(1) generation(2) data_len:13 flag: 1
ip list: (1 ip in total)
ip: 172.217.175.5
Total ip fqdn range blocks: 1.
Total ip fqdn addresses: 1.
# diagnose firewall fqdn list-mac
List all MAC FQDN:
arg 0x16e55220 mac_fctems8821001056_ems138_running_app_tag: type:(2) ID(258) count(0) generation(0) data_len:0 flag: 0
Total mac fqdn addresses: 0.
# diagnose firewall fqdn getinfo-ip fctems8821001322_zt_ems_mgmt
getinfo fctems8821001322_zt_ems_mgmt id:57 generation:9 count:2644 data_len:216682 flag 0
# diagnose firewall fqdn getinfo-mac mac_fctems8821001322_zt_ems_mgmt
getinfo mac_fctems8821001322_zt_ems_mgmt id:46 generation:15 count:3000 data_len:18000 flag 0
# diagnose firewall fqdn get-ip fctems8821001322_zt_ems_mgmt
fqdn_u 0x16e533f0 fctems8821001322_zt_ems_mgmt: type:(1) ID(57) count(2644) generation(12) data_len:218594 flag: 0
ip list: (1 ip in total)
ip: 2.41.58.41
...
ip list: (3931 ip in total)
...
ip list: (1 ip in total)
ip: 255.148.7.86
ip list: (1 ip in total)
ip: 255.185.252.100
Total ip fqdn range blocks: 2644.
Total ip fqdn addresses: 6641.
# diagnose firewall fqdn get-mac mac_fctems8821001322_zt_ems_mgmt
arg 0x16e533f0 mac_fctems8821001322_zt_ems_mgmt: type:(2) ID(46) count(3000) generation(16) data_len:18000 flag: 0
mac: af:**:**:**:**:**
mac: 63:**:**:**:**:**
mac: 50:**:**:**:**:**
mac: e3:**:**:**:**:**
mac: 2c:**:**:**:**:**
...
mac: 96:**:**:**:**:**
mac: 52:**:**:**:**:**
Total mac fqdn addresses: 3000.

Increase ZTNA and EMS tag limits 7.0.4

The following limits have increased for EMS server, IP addresses, and MAC addresses in EMS and ZTNA tags:

  • The maximum number of EMS servers a FortiGate can connect to increased from three to five.
  • The maximum number of IP address an EMS tag can resolve increased from 1000 to over 100,000.
  • The maximum number of MAC address an EMS tag can resolve increased from 1000 to 3000.

The following diagnose commands are available to verify address information:

# diagnose firewall fqdn <option>

Option

Description

list-ip

List IP FQDN information.

list-mac

List MAC FQDN information.

list-all

List FQDN information.

getinfo-ip

Get information of IP FQDN address.

getinfo-mac

Get information of MAC FQDN address.

get-ip

Get and display one IP FQDN address.

get-mac

Get and display one MAC FQDN address.

Sample diagnostics

# diagnose firewall fqdn list-ip
List all IP FQDN:
fqdn_u 0x16e55220 gmail.com: type:(1) ID(14) count(1) generation(2) data_len:13 flag: 1
ip list: (1 ip in total)
ip: 172.217.175.5
Total ip fqdn range blocks: 1.
Total ip fqdn addresses: 1.
# diagnose firewall fqdn list-mac
List all MAC FQDN:
arg 0x16e55220 mac_fctems8821001056_ems138_running_app_tag: type:(2) ID(258) count(0) generation(0) data_len:0 flag: 0
Total mac fqdn addresses: 0.
# diagnose firewall fqdn getinfo-ip fctems8821001322_zt_ems_mgmt
getinfo fctems8821001322_zt_ems_mgmt id:57 generation:9 count:2644 data_len:216682 flag 0
# diagnose firewall fqdn getinfo-mac mac_fctems8821001322_zt_ems_mgmt
getinfo mac_fctems8821001322_zt_ems_mgmt id:46 generation:15 count:3000 data_len:18000 flag 0
# diagnose firewall fqdn get-ip fctems8821001322_zt_ems_mgmt
fqdn_u 0x16e533f0 fctems8821001322_zt_ems_mgmt: type:(1) ID(57) count(2644) generation(12) data_len:218594 flag: 0
ip list: (1 ip in total)
ip: 2.41.58.41
...
ip list: (3931 ip in total)
...
ip list: (1 ip in total)
ip: 255.148.7.86
ip list: (1 ip in total)
ip: 255.185.252.100
Total ip fqdn range blocks: 2644.
Total ip fqdn addresses: 6641.
# diagnose firewall fqdn get-mac mac_fctems8821001322_zt_ems_mgmt
arg 0x16e533f0 mac_fctems8821001322_zt_ems_mgmt: type:(2) ID(46) count(3000) generation(16) data_len:18000 flag: 0
mac: af:**:**:**:**:**
mac: 63:**:**:**:**:**
mac: 50:**:**:**:**:**
mac: e3:**:**:**:**:**
mac: 2c:**:**:**:**:**
...
mac: 96:**:**:**:**:**
mac: 52:**:**:**:**:**
Total mac fqdn addresses: 3000.