ADOM limits for managed FortiGates
The following table identifies the FortiManager per ADOM limits for managed FortiGates.
Per ADOM (Policy Package) limit means the maximum number of same category entries per ADOM (or per Policy Package). 0 means unlimited. |
Table |
Per ADOM limit |
---|---|
antivirus mms-checksum | 1000 |
antivirus notification | 1000 |
antivirus profile | 1000 |
application categories | 0 |
application custom | 18000 |
application group | 512 |
application list | 2000 |
authentication rule | 2560 (256) |
authentication scheme | 512 |
authentication setting | 0 |
cifs domain-controller | 512 |
cifs profile | 512 |
credential-store domain-controller | 512 |
dlp filepattern | 25000 |
dlp fp-sensitivity |
256 |
dlp sensitivity | 256 |
dlp sensor | 3000 |
dnsfilter domain-filter | 2000 |
dnsfilter profile | 40000 |
emailfilter bwl | 8000 |
emailfilter bword | 4000 |
emailfilter dnsbl | 4000 |
emailfilter fortishield | 0 |
emailfilter iptrust | 4000 |
emailfilter mheader | 4000 |
emailfilter options | 0 |
emailfilter profile | 1000 |
endpoint-control profile | 0 |
extender-controller dataplan | 512 |
extender-controller extender | 81920 |
file-filter profile | 3000 |
firewall DoS-policy | 10240 |
firewall DoS-policy6 | 2560 (256) |
firewall address | 400000 |
firewall address6 | 400000 |
firewall address6-template | 512 |
firewall addrgrp | 60000 |
firewall addrgrp6 | 16384 |
firewall carrier-endpoint-bwl | 512 |
firewall central-snat-map | 300000 (30000) |
firewall consolidated policy | 2000000 (200000) |
firewall decrypted-traffic-mirror | 512 |
firewall gtp | 20000 |
firewall hyperscale-policy | 20000 (2000) |
firewall hyperscale-policy46 | 20000 (2000) |
firewall hyperscale-policy6 | 20000 (2000) |
firewall hyperscale-policy64 | 20000 (2000) |
firewall identity-based-route | 512 |
firewall interface-policy | 2560 (256) |
firewall interface-policy6 | 2560 (256) |
firewall internet-service | 0 |
firewall internet-service-addition | 1024 |
firewall internet-service-custom | 512 |
firewall internet-service-custom-group | 512 |
firewall internet-service-group | 512 |
firewall internet-service-name | 16384 |
firewall ippool | 65536 |
firewall ippool6 | 512 |
firewall ippool_grp | 512 |
firewall ldb-monitor | 1024 |
firewall local-in-policy | 2560 (256) |
firewall local-in-policy6 | 2560 (256) |
firewall mms-profile | 1000 |
firewall multicast-address | 8192 |
firewall multicast-address6 | 8192 |
firewall multicast-policy | 2560 (256) |
firewall multicast-policy6 | 2560 (256) |
firewall policy | 2000000 (200000) |
firewall policy46 | 1000000 (100000) |
firewall policy6 | 1000000 (100000) |
firewall policy64 | 1000000 (100000) |
firewall profile-group | 40000 |
firewall profile-protocol-options | 1000 |
firewall proxy-address | 16384 |
firewall proxy-addrgrp | 8192 |
firewall proxy-policy | 2000000 (200000) |
firewall schedule group | 512 |
firewall schedule onetime | 10000 |
firewall schedule recurring | 2048 |
firewall security-policy | 2000000 (200000) |
firewall service category | 20000 |
firewall service custom | 65536 |
firewall service group | 20000 |
firewall shaper per-ip-shaper | 1000 |
firewall shaper traffic-shaper | 5000 |
firewall shaping-policy | 2560 (256) |
firewall shaping-profile | 512 |
firewall ssh local-ca | 200 |
firewall ssl-ssh-profile | 1000 |
firewall traffic-class | 512 |
firewall vip | 65536 |
firewall vip46 | 65536 |
firewall vip6 | 65536 |
firewall vip64 | 65536 |
firewall vipgrp | 1000 |
firewall vipgrp46 | 1000 |
firewall vipgrp6 | 1000 |
firewall vipgrp64 | 1000 |
firewall wildcard-fqdn custom | 400000 |
firewall wildcard-fqdn group | 400000 |
gtp apn | 100000 |
gtp apngrp | 512 |
gtp ie-white-list | 512 |
gtp message-filter-v0v1 | 512 |
gtp message-filter-v2 | 512 |
gtp tunnel-limit | 512 |
icap profile | 0 |
icap server | 512 |
ips custom | 18000 |
ips sensor | 2000 |
log custom-field | 2000 |
log npu-server | 0 |
log threat-weight | 0 |
spamfilter bwl |
8000 |
spamfilter bword |
4000 |
spamfilter dnsbl |
4000 |
spamfilter iptrust |
4000 |
spamfilter mheader |
4000 |
spamfilter profile |
1000 |
ssh-filter profile | 512 |
switch-controller lldp-profile | 512 |
switch-controller managed-switch | 600 |
switch-controller qos dot1p-map | 512 |
switch-controller qos ip-dscp-map | 512 |
switch-controller qos qos-policy | 512 |
switch-controller qos queue-policy | 512 |
switch-controller security-policy 802-1X | 512 |
system custom-language | 1024 |
system dhcp server | 8384 |
system external-resource | 1024 |
system fortiguard | 0 |
system geoip-country | 0 |
system geoip-override | 1024 |
system npu | 0 |
system object-tag | 8192 |
system object-tagging | 8192 |
system replacemsg-group | 400 |
system replacemsg-image | 64 |
system sdn-connector | 512 |
system sdwan | 0 |
system sms-server | 1024 |
system virtual-wan-link | 0 |
system virtual-wire-pair | 512 |
user adgrp | 160000 |
user device | 0 |
user device-access-list | 512 |
user device-category | 0 |
user device-group | 0 |
user domain-controller | 512 |
user exchange | 512 |
user fortitoken | 0 |
user fsso | 100 |
user fsso-polling | 200 |
user group | 10000 |
user krb-keytab | 512 |
user ldap | 128 |
user local | 10000 |
user password-policy | 512 |
user peer | 120000 |
user peergrp | 10000 |
user pop3 | 20 |
user radius | 1000 |
user saml | 100 |
user security-exempt-list | 512 |
user tacacs+ | 20 |
voip profile | 512 |
vpn certificate ca | 1000 |
vpn certificate ocsp-server | 512 |
vpn certificate remote | 512 |
vpn ssl web host-check-software | 512 |
vpn ssl web portal | 5200 |
vpn ssl web realm | 512 |
waf main-class | 1024 |
waf profile | 512 |
waf signature | 8192 |
waf sub-class | 1024 |
wanopt auth-group | 256 |
wanopt peer | 512 |
wanopt profile | 512 |
web-proxy forward-server | 512 |
web-proxy forward-server-group | 512 |
web-proxy profile | 512 |
web-proxy wisp | 512 |
webfilter categories | 0 |
webfilter content | 4000 |
webfilter content-header | 512 |
webfilter ftgd-local-cat | 104 |
webfilter ftgd-local-rating | 24000 |
webfilter profile | 70000 |
webfilter urlfilter | 70000 |
wireless-controller apcfg-profile | 128 |
wireless-controller ble-profile | 256 |
wireless-controller bonjour-profile | 512 |
wireless-controller hotspot20 anqp-3gpp-cellular | 32 |
wireless-controller hotspot20 anqp-ip-address-type | 32 |
wireless-controller hotspot20 anqp-nai-realm | 32 |
wireless-controller hotspot20 anqp-network-auth-type | 32 |
wireless-controller hotspot20 anqp-roaming-consortium | 32 |
wireless-controller hotspot20 anqp-venue-name | 32 |
wireless-controller hotspot20 h2qp-conn-capability | 32 |
wireless-controller hotspot20 h2qp-operator-name | 32 |
wireless-controller hotspot20 h2qp-osu-provider | 32 |
wireless-controller hotspot20 h2qp-wan-metric | 32 |
wireless-controller hotspot20 hs-profile | 32 |
wireless-controller hotspot20 qos-map | 512 |
wireless-controller mpsk-profile | 0 |
wireless-controller qos-profile | 256 |
wireless-controller region | 512 |
wireless-controller utm-profile | 256 |
wireless-controller vap | 2048 |
wireless-controller vap-group | 2048 |
wireless-controller wag-profile | 512 |
wireless-controller wids-profile | 512 |
wireless-controller wtp | 81920 |
wireless-controller wtp-group | 10240 |
wireless-controller wtp-profile | 2048 |