ADOM limits for managed FortiGates
The following table identifies the FortiManager per ADOM limits for managed FortiGates.
|
Per ADOM (Policy Package) limit means the maximum number of same category entries per ADOM (or per Policy Package). 0 means unlimited. |
|
Table |
Per ADOM limit |
|---|---|
| antivirus mms-checksum | 1000 |
| antivirus notification | 1000 |
| antivirus profile | 1000 |
| application categories | 0 |
| application custom | 18000 |
| application group | 512 |
| application list | 2000 |
| authentication rule | 2560 (256) |
| authentication scheme | 512 |
| authentication setting | 0 |
| cifs domain-controller | 512 |
| cifs profile | 512 |
| credential-store domain-controller | 512 |
| dlp data-type | 512 |
| dlp dictionary | 512 |
| dlp filepattern | 25000 |
| dlp profile | 3000 |
| dlp sensitivity | 256 |
| dlp sensor | 3000 |
| dnsfilter domain-filter | 2000 |
| dnsfilter profile | 40000 |
| emailfilter block-allow-list | 8000 |
| emailfilter bwl | 8000 |
| emailfilter bword | 4000 |
| emailfilter dnsbl | 4000 |
| emailfilter fortishield | 0 |
| emailfilter iptrust | 4000 |
| emailfilter mheader | 4000 |
| emailfilter options | 0 |
| emailfilter profile | 1000 |
| endpoint-control fctems | 7 |
| extender-controller dataplan | 512 |
| extender-controller extender | 81920 |
| extender-controller extender-profile | 512 |
| extension-controller dataplan | 512 |
| extension-controller extender | 512 |
| extension-controller extender-profile | 512 |
| file-filter profile | 3000 |
| firewall DoS-policy | 10240 |
| firewall DoS-policy6 | 2560 (256) |
| firewall access-proxy | 512 |
| firewall access-proxy-virtual-host | 512 |
| firewall access-proxy6 | 512 |
| firewall acl | 2560 (256) |
| firewall acl6 | 2560 (256) |
| firewall address | 400000 |
| firewall address6 | 400000 |
| firewall address6-template | 512 |
| firewall addrgrp | 60000 |
| firewall addrgrp6 | 16384 |
| firewall carrier-endpoint-bwl | 512 |
| firewall central-snat-map | 300000 (30000) |
| firewall consolidated policy | 2000000 (200000) |
| firewall decrypted-traffic-mirror | 512 |
| firewall gtp | 20000 |
| firewall hyperscale-policy | 20000 (2000) |
| firewall hyperscale-policy46 | 20000 (2000) |
| firewall hyperscale-policy6 | 20000 (2000) |
| firewall hyperscale-policy64 | 20000 (2000) |
| firewall identity-based-route | 512 |
| firewall interface-policy | 2560 (256) |
| firewall interface-policy6 | 2560 (256) |
| firewall internet-service | 0 |
| firewall internet-service-addition | 1024 |
| firewall internet-service-custom | 512 |
| firewall internet-service-custom-group | 512 |
| firewall internet-service-group | 512 |
| firewall internet-service-name | 16384 |
| firewall ippool | 65536 |
| firewall ippool6 | 512 |
| firewall ippool_grp | 512 |
| firewall ldb-monitor | 1024 |
| firewall local-in-policy | 2560 (256) |
| firewall local-in-policy6 | 2560 (256) |
| firewall mms-profile | 1000 |
| firewall multicast-address | 8192 |
| firewall multicast-address6 | 8192 |
| firewall multicast-policy | 5120 (2560) |
| firewall multicast-policy6 | 2560 (256) |
| firewall network-service-dynamic | 512 |
| firewall policy | 2000000 (200000) |
| firewall policy46 | 1000000 (100000) |
| firewall policy6 | 1000000 (100000) |
| firewall policy64 | 1000000 (100000) |
| firewall profile-group | 40000 |
| firewall profile-protocol-options | 1000 |
| firewall proxy-address | 16384 |
| firewall proxy-addrgrp | 8192 |
| firewall proxy-policy | 2000000 (200000) |
| firewall schedule group | 512 |
| firewall schedule onetime | 10000 |
| firewall schedule recurring | 2048 |
| firewall security-policy | 2000000 (200000) |
| firewall service category | 20000 |
| firewall service custom | 65536 |
| firewall service group | 20000 |
| firewall shaper per-ip-shaper | 1000 |
| firewall shaper traffic-shaper | 5000 |
| firewall shaping-policy | 2560 (256) |
| firewall shaping-profile | 512 |
| firewall ssh local-ca | 200 |
| firewall ssl-ssh-profile | 1000 |
| firewall traffic-class | 512 |
| firewall vip | 65536 |
| firewall vip46 | 65536 |
| firewall vip6 | 65536 |
| firewall vip64 | 65536 |
| firewall vipgrp | 1000 |
| firewall vipgrp46 | 1000 |
| firewall vipgrp6 | 1000 |
| firewall vipgrp64 | 1000 |
| firewall wildcard-fqdn custom | 400000 |
| firewall wildcard-fqdn group | 400000 |
| gtp apn | 100000 |
| gtp apngrp | 512 |
| gtp ie-white-list | 512 |
| gtp message-filter-v0v1 | 512 |
| gtp message-filter-v2 | 512 |
| gtp tunnel-limit | 512 |
| icap profile | 0 |
| icap server | 512 |
| ips custom | 18000 |
| ips global | 0 |
| ips sensor | 2000 |
| ips settings | 0 |
| log custom-field | 2000 |
| log npu-server | 0 |
| log threat-weight | 0 |
| router access-list | 200 |
| router access-list6 | 512 |
| router aspath-list | 512 |
| router bgp | 0 |
| router community-list | 4096 |
| router prefix-list | 4096 |
| router prefix-list6 | 512 |
| router route-map | 512 |
| ssh-filter profile | 512 |
| switch-controller custom-command | 512 |
| switch-controller dsl policy | 512 |
| switch-controller dynamic-port-policy | 512 |
| switch-controller fortilink-settings | 512 |
| switch-controller lldp-profile | 512 |
| switch-controller mac-policy | 2000 |
| switch-controller managed-switch | 600 |
| switch-controller qos dot1p-map | 512 |
| switch-controller qos ip-dscp-map | 512 |
| switch-controller qos qos-policy | 512 |
| switch-controller qos queue-policy | 512 |
| switch-controller security-policy 802-1X | 512 |
| switch-controller switch-interface-tag | 512 |
| switch-controller traffic-policy | 512 |
| switch-controller vlan-policy | 512 |
| system custom-language | 1024 |
| system dhcp server | 8384 |
| system external-resource | 1024 |
| system fortiguard | 0 |
| system geoip-country | 0 |
| system geoip-override | 1024 |
| system ips | 0 |
| system npu | 0 |
| system object-tagging | 8192 |
| system replacemsg-group | 400 |
| system replacemsg-image | 64 |
| system sdn-connector | 512 |
| system sdwan | 0 |
| system sms-server | 1024 |
| system virtual-wan-link | 0 |
| system virtual-wire-pair | 512 |
| user adgrp | 160000 |
|
user certificate |
512 |
| user device | 0 |
| user device-access-list | 512 |
| user device-category | 0 |
| user device-group | 0 |
| user domain-controller | 512 |
| user exchange | 512 |
| user fortitoken | 0 |
| user fsso | 100 |
| user fsso-polling | 200 |
| user group | 10000 |
| user krb-keytab | 512 |
| user ldap | 128 |
| user local | 10000 |
| user nac-policy | 10000 (1000) |
| user password-policy | 512 |
| user peer | 120000 |
| user peergrp | 10000 |
| user pop3 | 20 |
| user radius | 1000 |
| user saml | 100 |
| user security-exempt-list | 512 |
| user tacacs+ | 20 |
| videofilter profile | 512 |
| videofilter youtube-channel-filter | 512 |
| voip profile | 512 |
| vpn certificate ca | 1000 |
| vpn certificate ocsp-server | 512 |
| vpn certificate remote | 512 |
| vpn ipsec fec | 512 |
| vpn ipsec phase1-interface | 0 |
| vpn ipsec phase2-interface | 0 |
| vpn ssl web host-check-software | 512 |
| vpn ssl web portal | 5200 |
| vpn ssl web realm | 512 |
| waf main-class | 1024 |
| waf profile | 512 |
| waf signature | 8192 |
| waf sub-class | 1024 |
| wanopt auth-group | 256 |
| wanopt peer | 512 |
| wanopt profile | 512 |
| web-proxy forward-server | 512 |
| web-proxy forward-server-group | 512 |
| web-proxy profile | 512 |
| web-proxy wisp | 512 |
| webfilter categories | 0 |
| webfilter content | 4000 |
| webfilter content-header | 512 |
| webfilter ftgd-local-cat | 104 |
| webfilter ftgd-local-rating | 24000 |
| webfilter profile | 70000 |
| webfilter urlfilter | 70000 |
| wireless-controller access-control-list | 0 |
| wireless-controller address | 2048 |
| wireless-controller addrgrp | 2048 |
| wireless-controller apcfg-profile | 128 |
| wireless-controller arrp-profile | 64 |
| wireless-controller ble-profile | 256 |
| wireless-controller bonjour-profile | 512 |
| wireless-controller hotspot20 anqp-3gpp-cellular | 32 |
| wireless-controller hotspot20 anqp-ip-address-type | 32 |
| wireless-controller hotspot20 anqp-nai-realm | 32 |
| wireless-controller hotspot20 anqp-network-auth-type | 32 |
| wireless-controller hotspot20 anqp-roaming-consortium | 32 |
| wireless-controller hotspot20 anqp-venue-name | 32 |
| wireless-controller hotspot20 anqp-venue-url | 32 |
| wireless-controller hotspot20 h2qp-advice-of-charge | 0 |
| wireless-controller hotspot20 h2qp-conn-capability | 32 |
| wireless-controller hotspot20 h2qp-operator-name | 32 |
| wireless-controller hotspot20 h2qp-osu-provider | 32 |
| wireless-controller hotspot20 h2qp-osu-provider-nai | 32 |
| wireless-controller hotspot20 h2qp-terms-and-conditions | 32 |
| wireless-controller hotspot20 h2qp-wan-metric | 32 |
| wireless-controller hotspot20 hs-profile | 32 |
| wireless-controller hotspot20 icon | 32 |
| wireless-controller hotspot20 qos-map | 512 |
| wireless-controller mpsk-profile | 0 |
| wireless-controller nac-profile | 512 |
| wireless-controller qos-profile | 256 |
| wireless-controller region | 512 |
| wireless-controller setting | 0 |
| wireless-controller snmp | 0 |
| wireless-controller ssid-policy | 512 |
| wireless-controller syslog-profile | 256 |
| wireless-controller utm-profile | 256 |
| wireless-controller vap | 0 |
| wireless-controller vap-group | 2048 |
| wireless-controller wag-profile | 512 |
| wireless-controller wids-profile | 512 |
| wireless-controller wtp | 81920 |
| wireless-controller wtp-group | 10240 |
| wireless-controller wtp-profile | 2048 |