Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

Increase ZTNA and EMS tag limits 7.0.4

The following limits have increased for EMS server, IP addresses, and MAC addresses in EMS and ZTNA tags:

  • The maximum number of EMS servers a FortiGate can connect to increased from three to five.
  • The maximum number of IP address an EMS tag can resolve increased from 1000 to over 100,000.
  • The maximum number of MAC address an EMS tag can resolve increased from 1000 to 3000.

The following diagnose commands are available to verify address information:

# diagnose firewall fqdn <option>

Option

Description

list-ip

List IP FQDN information.

list-mac

List MAC FQDN information.

list-all

List FQDN information.

getinfo-ip

Get information of IP FQDN address.

getinfo-mac

Get information of MAC FQDN address.

get-ip

Get and display one IP FQDN address.

get-mac

Get and display one MAC FQDN address.

Sample diagnostics

# diagnose firewall fqdn list-ip
List all IP FQDN:
fqdn_u 0x16e55220 gmail.com: type:(1) ID(14) count(1) generation(2) data_len:13 flag: 1
ip list: (1 ip in total)
ip: 172.217.175.5
Total ip fqdn range blocks: 1.
Total ip fqdn addresses: 1.
# diagnose firewall fqdn list-mac
List all MAC FQDN:
arg 0x16e55220 mac_fctems8821001056_ems138_running_app_tag: type:(2) ID(258) count(0) generation(0) data_len:0 flag: 0
Total mac fqdn addresses: 0.
# diagnose firewall fqdn getinfo-ip fctems8821001322_zt_ems_mgmt
getinfo fctems8821001322_zt_ems_mgmt id:57 generation:9 count:2644 data_len:216682 flag 0
# diagnose firewall fqdn getinfo-mac mac_fctems8821001322_zt_ems_mgmt
getinfo mac_fctems8821001322_zt_ems_mgmt id:46 generation:15 count:3000 data_len:18000 flag 0
# diagnose firewall fqdn get-ip fctems8821001322_zt_ems_mgmt
fqdn_u 0x16e533f0 fctems8821001322_zt_ems_mgmt: type:(1) ID(57) count(2644) generation(12) data_len:218594 flag: 0
ip list: (1 ip in total)
ip: 2.41.58.41
...
ip list: (3931 ip in total)
...
ip list: (1 ip in total)
ip: 255.148.7.86
ip list: (1 ip in total)
ip: 255.185.252.100
Total ip fqdn range blocks: 2644.
Total ip fqdn addresses: 6641.
# diagnose firewall fqdn get-mac mac_fctems8821001322_zt_ems_mgmt
arg 0x16e533f0 mac_fctems8821001322_zt_ems_mgmt: type:(2) ID(46) count(3000) generation(16) data_len:18000 flag: 0
mac: af:**:**:**:**:**
mac: 63:**:**:**:**:**
mac: 50:**:**:**:**:**
mac: e3:**:**:**:**:**
mac: 2c:**:**:**:**:**
...
mac: 96:**:**:**:**:**
mac: 52:**:**:**:**:**
Total mac fqdn addresses: 3000.

Increase ZTNA and EMS tag limits 7.0.4

The following limits have increased for EMS server, IP addresses, and MAC addresses in EMS and ZTNA tags:

  • The maximum number of EMS servers a FortiGate can connect to increased from three to five.
  • The maximum number of IP address an EMS tag can resolve increased from 1000 to over 100,000.
  • The maximum number of MAC address an EMS tag can resolve increased from 1000 to 3000.

The following diagnose commands are available to verify address information:

# diagnose firewall fqdn <option>

Option

Description

list-ip

List IP FQDN information.

list-mac

List MAC FQDN information.

list-all

List FQDN information.

getinfo-ip

Get information of IP FQDN address.

getinfo-mac

Get information of MAC FQDN address.

get-ip

Get and display one IP FQDN address.

get-mac

Get and display one MAC FQDN address.

Sample diagnostics

# diagnose firewall fqdn list-ip
List all IP FQDN:
fqdn_u 0x16e55220 gmail.com: type:(1) ID(14) count(1) generation(2) data_len:13 flag: 1
ip list: (1 ip in total)
ip: 172.217.175.5
Total ip fqdn range blocks: 1.
Total ip fqdn addresses: 1.
# diagnose firewall fqdn list-mac
List all MAC FQDN:
arg 0x16e55220 mac_fctems8821001056_ems138_running_app_tag: type:(2) ID(258) count(0) generation(0) data_len:0 flag: 0
Total mac fqdn addresses: 0.
# diagnose firewall fqdn getinfo-ip fctems8821001322_zt_ems_mgmt
getinfo fctems8821001322_zt_ems_mgmt id:57 generation:9 count:2644 data_len:216682 flag 0
# diagnose firewall fqdn getinfo-mac mac_fctems8821001322_zt_ems_mgmt
getinfo mac_fctems8821001322_zt_ems_mgmt id:46 generation:15 count:3000 data_len:18000 flag 0
# diagnose firewall fqdn get-ip fctems8821001322_zt_ems_mgmt
fqdn_u 0x16e533f0 fctems8821001322_zt_ems_mgmt: type:(1) ID(57) count(2644) generation(12) data_len:218594 flag: 0
ip list: (1 ip in total)
ip: 2.41.58.41
...
ip list: (3931 ip in total)
...
ip list: (1 ip in total)
ip: 255.148.7.86
ip list: (1 ip in total)
ip: 255.185.252.100
Total ip fqdn range blocks: 2644.
Total ip fqdn addresses: 6641.
# diagnose firewall fqdn get-mac mac_fctems8821001322_zt_ems_mgmt
arg 0x16e533f0 mac_fctems8821001322_zt_ems_mgmt: type:(2) ID(46) count(3000) generation(16) data_len:18000 flag: 0
mac: af:**:**:**:**:**
mac: 63:**:**:**:**:**
mac: 50:**:**:**:**:**
mac: e3:**:**:**:**:**
mac: 2c:**:**:**:**:**
...
mac: 96:**:**:**:**:**
mac: 52:**:**:**:**:**
Total mac fqdn addresses: 3000.