Increase ZTNA and EMS tag limits 7.0.4
The following limits have increased for EMS server, IP addresses, and MAC addresses in EMS and ZTNA tags:
- The maximum number of EMS servers a FortiGate can connect to increased from three to five.
- The maximum number of IP address an EMS tag can resolve increased from 1000 to over 100,000.
- The maximum number of MAC address an EMS tag can resolve increased from 1000 to 3000.
The following diagnose commands are available to verify address information:
# diagnose firewall fqdn <option>
Option |
Description |
---|---|
list-ip |
List IP FQDN information. |
list-mac |
List MAC FQDN information. |
list-all |
List FQDN information. |
getinfo-ip |
Get information of IP FQDN address. |
getinfo-mac |
Get information of MAC FQDN address. |
get-ip |
Get and display one IP FQDN address. |
get-mac |
Get and display one MAC FQDN address. |
Sample diagnostics
# diagnose firewall fqdn list-ip List all IP FQDN: fqdn_u 0x16e55220 gmail.com: type:(1) ID(14) count(1) generation(2) data_len:13 flag: 1 ip list: (1 ip in total) ip: 172.217.175.5 Total ip fqdn range blocks: 1. Total ip fqdn addresses: 1.
# diagnose firewall fqdn list-mac List all MAC FQDN: arg 0x16e55220 mac_fctems8821001056_ems138_running_app_tag: type:(2) ID(258) count(0) generation(0) data_len:0 flag: 0 Total mac fqdn addresses: 0.
# diagnose firewall fqdn getinfo-ip fctems8821001322_zt_ems_mgmt getinfo fctems8821001322_zt_ems_mgmt id:57 generation:9 count:2644 data_len:216682 flag 0
# diagnose firewall fqdn getinfo-mac mac_fctems8821001322_zt_ems_mgmt getinfo mac_fctems8821001322_zt_ems_mgmt id:46 generation:15 count:3000 data_len:18000 flag 0
# diagnose firewall fqdn get-ip fctems8821001322_zt_ems_mgmt fqdn_u 0x16e533f0 fctems8821001322_zt_ems_mgmt: type:(1) ID(57) count(2644) generation(12) data_len:218594 flag: 0 ip list: (1 ip in total) ip: 2.41.58.41 ... ip list: (3931 ip in total) ... ip list: (1 ip in total) ip: 255.148.7.86 ip list: (1 ip in total) ip: 255.185.252.100 Total ip fqdn range blocks: 2644. Total ip fqdn addresses: 6641.
# diagnose firewall fqdn get-mac mac_fctems8821001322_zt_ems_mgmt arg 0x16e533f0 mac_fctems8821001322_zt_ems_mgmt: type:(2) ID(46) count(3000) generation(16) data_len:18000 flag: 0 mac: af:**:**:**:**:** mac: 63:**:**:**:**:** mac: 50:**:**:**:**:** mac: e3:**:**:**:**:** mac: 2c:**:**:**:**:** ... mac: 96:**:**:**:**:** mac: 52:**:**:**:**:** Total mac fqdn addresses: 3000.