ADOM limits for managed FortiGates
The following table identifies the FortiManager per ADOM limits for managed FortiGates.
Per ADOM (Policy Package) limit means the maximum number of same category entries per ADOM (or per Policy Package). 0 means unlimited. |
Table |
Per ADOM limit |
---|---|
antivirus mms-checksum | 1000 |
antivirus notification | 1000 |
antivirus profile | 1000 |
application categories | 0 |
application custom | 18000 |
application group | 512 |
application list | 2000 |
authentication rule | 2560 (256) |
authentication scheme | 512 |
authentication setting | 0 |
cifs domain-controller | 512 |
cifs profile | 512 |
credential-store domain-controller | 512 |
dlp data-type | 512 |
dlp dictionary | 512 |
dlp filepattern | 25000 |
dlp profile | 3000 |
dlp sensitivity | 256 |
dlp sensor | 3000 |
dnsfilter domain-filter | 2000 |
dnsfilter profile | 40000 |
emailfilter block-allow-list | 8000 |
emailfilter bwl | 8000 |
emailfilter bword | 4000 |
emailfilter dnsbl | 4000 |
emailfilter fortishield | 0 |
emailfilter iptrust | 4000 |
emailfilter mheader | 4000 |
emailfilter options | 0 |
emailfilter profile | 1000 |
endpoint-control fctems | 7 |
extender-controller dataplan | 512 |
extender-controller extender | 81920 |
extender-controller extender-profile | 512 |
extension-controller dataplan | 512 |
extension-controller extender | 512 |
extension-controller extender-profile | 512 |
file-filter profile | 3000 |
firewall DoS-policy | 10240 |
firewall DoS-policy6 | 2560 (256) |
firewall access-proxy | 512 |
firewall access-proxy-virtual-host | 512 |
firewall access-proxy6 | 512 |
firewall acl | 2560 (256) |
firewall acl6 | 2560 (256) |
firewall address | 400000 |
firewall address6 | 400000 |
firewall address6-template | 512 |
firewall addrgrp | 60000 |
firewall addrgrp6 | 16384 |
firewall carrier-endpoint-bwl | 512 |
firewall central-snat-map | 300000 (30000) |
firewall consolidated policy | 2000000 (200000) |
firewall decrypted-traffic-mirror | 512 |
firewall gtp | 20000 |
firewall hyperscale-policy | 20000 (2000) |
firewall hyperscale-policy46 | 20000 (2000) |
firewall hyperscale-policy6 | 20000 (2000) |
firewall hyperscale-policy64 | 20000 (2000) |
firewall identity-based-route | 512 |
firewall interface-policy | 2560 (256) |
firewall interface-policy6 | 2560 (256) |
firewall internet-service | 0 |
firewall internet-service-addition | 1024 |
firewall internet-service-custom | 512 |
firewall internet-service-custom-group | 512 |
firewall internet-service-group | 512 |
firewall internet-service-name | 16384 |
firewall ippool | 65536 |
firewall ippool6 | 512 |
firewall ippool_grp | 512 |
firewall ldb-monitor | 1024 |
firewall local-in-policy | 2560 (256) |
firewall local-in-policy6 | 2560 (256) |
firewall mms-profile | 1000 |
firewall multicast-address | 8192 |
firewall multicast-address6 | 8192 |
firewall multicast-policy | 5120 (2560) |
firewall multicast-policy6 | 2560 (256) |
firewall network-service-dynamic | 512 |
firewall policy | 2000000 (200000) |
firewall policy46 | 1000000 (100000) |
firewall policy6 | 1000000 (100000) |
firewall policy64 | 1000000 (100000) |
firewall profile-group | 40000 |
firewall profile-protocol-options | 1000 |
firewall proxy-address | 16384 |
firewall proxy-addrgrp | 8192 |
firewall proxy-policy | 2000000 (200000) |
firewall schedule group | 512 |
firewall schedule onetime | 10000 |
firewall schedule recurring | 2048 |
firewall security-policy | 2000000 (200000) |
firewall service category | 20000 |
firewall service custom | 65536 |
firewall service group | 20000 |
firewall shaper per-ip-shaper | 1000 |
firewall shaper traffic-shaper | 5000 |
firewall shaping-policy | 2560 (256) |
firewall shaping-profile | 512 |
firewall ssh local-ca | 200 |
firewall ssl-ssh-profile | 1000 |
firewall traffic-class | 512 |
firewall vip | 65536 |
firewall vip46 | 65536 |
firewall vip6 | 65536 |
firewall vip64 | 65536 |
firewall vipgrp | 1000 |
firewall vipgrp46 | 1000 |
firewall vipgrp6 | 1000 |
firewall vipgrp64 | 1000 |
firewall wildcard-fqdn custom | 400000 |
firewall wildcard-fqdn group | 400000 |
gtp apn | 100000 |
gtp apngrp | 512 |
gtp ie-white-list | 512 |
gtp message-filter-v0v1 | 512 |
gtp message-filter-v2 | 512 |
gtp tunnel-limit | 512 |
icap profile | 0 |
icap server | 512 |
ips custom | 18000 |
ips global | 0 |
ips sensor | 2000 |
ips settings | 0 |
log custom-field | 2000 |
log npu-server | 0 |
log threat-weight | 0 |
router access-list | 200 |
router access-list6 | 512 |
router aspath-list | 512 |
router bgp | 0 |
router community-list | 4096 |
router prefix-list | 4096 |
router prefix-list6 | 512 |
router route-map | 512 |
ssh-filter profile | 512 |
switch-controller custom-command | 512 |
switch-controller dsl policy | 512 |
switch-controller dynamic-port-policy | 512 |
switch-controller fortilink-settings | 512 |
switch-controller lldp-profile | 512 |
switch-controller mac-policy | 2000 |
switch-controller managed-switch | 600 |
switch-controller qos dot1p-map | 512 |
switch-controller qos ip-dscp-map | 512 |
switch-controller qos qos-policy | 512 |
switch-controller qos queue-policy | 512 |
switch-controller security-policy 802-1X | 512 |
switch-controller switch-interface-tag | 512 |
switch-controller traffic-policy | 512 |
switch-controller vlan-policy | 512 |
system custom-language | 1024 |
system dhcp server | 8384 |
system external-resource | 1024 |
system fortiguard | 0 |
system geoip-country | 0 |
system geoip-override | 1024 |
system ips | 0 |
system npu | 0 |
system object-tagging | 8192 |
system replacemsg-group | 400 |
system replacemsg-image | 64 |
system sdn-connector | 512 |
system sdwan | 0 |
system sms-server | 1024 |
system virtual-wan-link | 0 |
system virtual-wire-pair | 512 |
user adgrp | 160000 |
user certificate |
512 |
user device | 0 |
user device-access-list | 512 |
user device-category | 0 |
user device-group | 0 |
user domain-controller | 512 |
user exchange | 512 |
user fortitoken | 0 |
user fsso | 100 |
user fsso-polling | 200 |
user group | 10000 |
user krb-keytab | 512 |
user ldap | 128 |
user local | 10000 |
user nac-policy | 10000 (1000) |
user password-policy | 512 |
user peer | 120000 |
user peergrp | 10000 |
user pop3 | 20 |
user radius | 1000 |
user saml | 100 |
user security-exempt-list | 512 |
user tacacs+ | 20 |
videofilter profile | 512 |
videofilter youtube-channel-filter | 512 |
voip profile | 512 |
vpn certificate ca | 1000 |
vpn certificate ocsp-server | 512 |
vpn certificate remote | 512 |
vpn ipsec fec | 512 |
vpn ipsec phase1-interface | 0 |
vpn ipsec phase2-interface | 0 |
vpn ssl web host-check-software | 512 |
vpn ssl web portal | 5200 |
vpn ssl web realm | 512 |
waf main-class | 1024 |
waf profile | 512 |
waf signature | 8192 |
waf sub-class | 1024 |
wanopt auth-group | 256 |
wanopt peer | 512 |
wanopt profile | 512 |
web-proxy forward-server | 512 |
web-proxy forward-server-group | 512 |
web-proxy profile | 512 |
web-proxy wisp | 512 |
webfilter categories | 0 |
webfilter content | 4000 |
webfilter content-header | 512 |
webfilter ftgd-local-cat | 104 |
webfilter ftgd-local-rating | 24000 |
webfilter profile | 70000 |
webfilter urlfilter | 70000 |
wireless-controller access-control-list | 0 |
wireless-controller address | 2048 |
wireless-controller addrgrp | 2048 |
wireless-controller apcfg-profile | 128 |
wireless-controller arrp-profile | 64 |
wireless-controller ble-profile | 256 |
wireless-controller bonjour-profile | 512 |
wireless-controller hotspot20 anqp-3gpp-cellular | 32 |
wireless-controller hotspot20 anqp-ip-address-type | 32 |
wireless-controller hotspot20 anqp-nai-realm | 32 |
wireless-controller hotspot20 anqp-network-auth-type | 32 |
wireless-controller hotspot20 anqp-roaming-consortium | 32 |
wireless-controller hotspot20 anqp-venue-name | 32 |
wireless-controller hotspot20 anqp-venue-url | 32 |
wireless-controller hotspot20 h2qp-advice-of-charge | 0 |
wireless-controller hotspot20 h2qp-conn-capability | 32 |
wireless-controller hotspot20 h2qp-operator-name | 32 |
wireless-controller hotspot20 h2qp-osu-provider | 32 |
wireless-controller hotspot20 h2qp-osu-provider-nai | 32 |
wireless-controller hotspot20 h2qp-terms-and-conditions | 32 |
wireless-controller hotspot20 h2qp-wan-metric | 32 |
wireless-controller hotspot20 hs-profile | 32 |
wireless-controller hotspot20 icon | 32 |
wireless-controller hotspot20 qos-map | 512 |
wireless-controller mpsk-profile | 0 |
wireless-controller nac-profile | 512 |
wireless-controller qos-profile | 256 |
wireless-controller region | 512 |
wireless-controller setting | 0 |
wireless-controller snmp | 0 |
wireless-controller ssid-policy | 512 |
wireless-controller syslog-profile | 256 |
wireless-controller utm-profile | 256 |
wireless-controller vap | 0 |
wireless-controller vap-group | 2048 |
wireless-controller wag-profile | 512 |
wireless-controller wids-profile | 512 |
wireless-controller wtp | 81920 |
wireless-controller wtp-group | 10240 |
wireless-controller wtp-profile | 2048 |