Professional Documents
Culture Documents
Technical Documentation
docs.fortinet.com
Knowledge Base
kb.fortinet.com
support.fortinet.com
Training Services
training.fortinet.com
FortiGuard
fortiguard.com
Document Feedback
techdocs@fortinet.com
Table of Contents
Change Log....................................................................................................... 4
About This Document ...................................................................................... 5
About maximum values ........................................................................................... 5
About interface maximum values ...................................................................... 5
Device categories used in this document................................................................
Desktop..............................................................................................................
1U.......................................................................................................................
2U.......................................................................................................................
High-End ............................................................................................................
6
6
6
6
6
Exceptions ............................................................................................................... 6
Page 3
Change Log
Date
Change Description
2012-11-02
Initial Release.
2012-11-07
2012-11-08
2012-11-14
Corrected Managed Wireless APs, DLP Sensors per VDOM, Virtual IP section values.
2012-11-19
Updated User AD Group and SSL Portals. Added Device section to User & Device.
2012-11-22
2013-01-02
2013-01-30
2013-04-23
2013-05-07
Added Router/Community List and more 5.0.2 updates (DHCP, VIP, IPS, Multicast, URL Filter)
2013-06-24
2013-07-15
Renamed Maximum Values Table chapter to Maximum Values Table: FortiGate/FortiWiFi and
added Maximum Values Table: FortiGate VM chapter. Updated Managed Wireless APs.
2013-07-30
2013-08-14
5.0.4 updates.
Page 4
The maximum values in this document are the maximum configurable values and are not a
promise of performance.
Page 5
Desktop
Units with model numbers less than 100. Most of the FortiWifi units are in this category.
FGT_20C, FGT_20C_ADSL, FGT_40C, FGT_60C, FGT_60C_POE, FGT_80C, FGT_80CM
FWF_20C, FWF_20C_ADSL, FWF_40C, FWF_60C, FWF_60CM, FWF_60CX_A, FWF_80CM,
FWF_81CM
1U
Units with model numbers from 100 to 800.
FGT_100D, FGT_110C, FGT_111C, FGT_200B, FGT_200B_POE, FGT_300C, FGT_310B,
FGT_310B_DC, FGT_311B, FGT_600C, FGT_620B, FGT_620B_DC, FGT_621B, FGT_800C
2U
Units with model numbers from 1000 up to 3900.
FGT_1000C, FGT_1240B, FGT_3016B, FGT_3040 B, FGT_3040B_DC, FGT_3040B_LENC,
FGT_3140B, FGT_3140B_DC, FGT_3140B_LENC, FGT_3810A
High-End
Units with model numbers above 3900.
FGT_3950B, FGT_3951B, FGT_5001A, FGT_5001B, FGT_5101C
FSW_5203B
Exceptions
Some models have certain values that are higher than others in their category. Such exceptions
are noted in the table by an asterisk ( * ), and an explanation at the right.
*300+: 5000 means that all models in that category with a model number including or higher
than 300 have a maximum value of 5000 in that feature as opposed to the number listed for
others in that category. So 300+ means that the 300C, 310B, and so on up to the 800C have
the exceptions listed value.
The above list is in increasing order of model number, so consult it if you are unsure which
models are included.
Page 6
2U
(1000-3900)
Access Profiles
16
64
64
Admin Accounts
300
300
300
550
Feature
High-End
(3900+)
Desktop
(<100)
FortiGate/FortiWiFi Model
Notes and
Exceptions
System
Admin
ARP
ARP Proxy
200
2000
10240
16
32
256
1024
256
4096*
8192
32
IPv6 tunnels
200
200
15
4192
8192
30
30
256
256
*300+: 8192
32
32
Session-TTL ports
16
SNMP
16
200
GRE tunnels
Messages
16834
IPv6
16834
32
512
SIT tunnels
SNMP Communities
SNMP Users
32
Page 7
TOS-based priority
High-End
(3900+)
2U
(1000-3900)
Feature
1U
(100-800)
Desktop
(<100)
FortiGate/FortiWiFi Model
Notes and
Exceptions
16
VDOM link
256
20
50*
200
500
32
100
100
100
128
256
256
512
*300+: 100
*620+: 200
Router
Access List Access List Entries
Access List Rules per Entry
BGP
Authentication Paths
N/A
Aggregate Addresses
N/A
Confederation Peers
N/A
Neighbors
1000
1000
5000
Networks
N/A
Keychain
100
Community Lists
64
512
2048
2048
Keychain entries
16
16
100
100
20
Areas
N/A
Area Range
N/A
Distribute Lists
10
Filter Lists
N/A
Interfaces
N/A
Neighbors
10
Networks
N/A
Passive Interfaces
N/A
100
Summary Addresses
10
Virtual Links
N/A
Policy routes
Fortinet Technologies Inc.
5000
100
Page 8
100*
250
2048
*300+: 250
RIP
32
100
100
100
64
Distances
100
Distribute Lists
100
Interfaces
32
Neighbors
100
Networks
100
Offset Lists
32
Passive Interfaces
Routes
High-End
(3900+)
2U
(1000-3900)
Prefix List
1U
(100-800)
Feature
Desktop
(<100)
FortiGate/FortiWiFi Model
256
300
300
100
Route Map
100
Route Rules
20
Static Routes
300
100
500
10000
10000
500
500
500
Address Groups
2500
2500
8192
8192
Addresses
5000
10000
40000
40000
Notes and
Exceptions
Firewall
Addresses
300
1024
1024
10000
10000
1024
1024
1024
4096
32
32*
1024
1024
ISF ACL
IPv6
*300+: 512
*800+: 1024
N/A
IP Pools
512
512*
2048
32768
2500
8192
8192
8192
IPv6 Addresses
5000
10000
40000
40000
IPv6 Policies
5000
10000 100000
100000
Page 9
*300+: 2048
2U
(1000-3900)
High-End
(3900+)
1U
(100-800)
Feature
Desktop
(<100)
FortiGate/FortiWiFi Model
256
256
256
512
300
Multicast Addresses
512
1024
4096
4096
Multicast Policies
32
64*
128
256
One-time Schedules
Policies
Policies
5000
10000 100000
100
500
800
800
Predefined Services
500
500
500
500
32
32*
20000
20000
32
32
500
500
*300+: 500
*800+: 20000
256
Service Groups
500
500
500
1000
256
1000
1000
1000
32
32*
500
500
*300+: 500
Traffic Shapers
32
32*
500
500
*300+: 500
128
512
2048
2048
Virtual IPs
512
2048
10000
10000
32
32
Virtual IP servers
Virtual IP groups
100000
64
Profile Groups
Virtual IP
*300+: 128
256
Traffic
Shaping
Notes and
Exceptions
500
Page 10
High-End
(3900+)
2U
(1000-3900)
Feature
1U
(100-800)
Desktop
(<100)
FortiGate/FortiWiFi Model
Notes and
Exceptions
Security
AntiSpam
10
10*
*300+: 50000
2000
*300+: 1000
250000
*300+: 50000
10
10*
1000
2000
*300+: 1000
Filter Profiles
32
32*
500
500
*300+: 500
500000
*300+: 100000
4000
*300+: 2000
250000
*300+: 50000
2000
*300+: 1000
250000
*300+: 50000
20*
2000
10*
1000
10
10*
1000
2000
*300+: 1000
10
10*
1000
2000
*300+: 1000
500
*300+: 500
128
32
32*
250000
DNS Blacklists
IP Black/White Lists
Data Leak
Prevention
1000
AntiVirus
500
20
10
64
1000
1000
200
1000
5000
12500
250000
100
2000
10000
50000
25
64
1000
1500
128
128
128
128
Page 11
*300+: 50000
Intrusion
Protection
256
DoS sensors
32
IPS sensors
10
Quarantined IPs
Netscan
64
200
High-End
(3900+)
1000
1000*
10*
10*
FortiGuard Warning
1000
1000
2000
65535
*300+: 2000
2000
*800+: 1000
250000
*300+: 50000
2000
*300+: 1000
250000
*300+: 50000
10
10
52
2000
12000
12000
12000
50
200*
400
400
*300+: 400
10000
*300+: 10000
64
1000
Notes and
Exceptions
2U
(1000-3900)
Feature
1U
(100-800)
Desktop
(<100)
FortiGate/FortiWiFi Model
1000
4000*
10000
*300+: 50000
**5000+: 500000
10
32
1000
1000
Webfilter Overrides
50
200*
400
400
*300+: 400
Webfilter Profiles
32
32*
20000
20000
*300+: 20000
Page 12
High-End
(3900+)
2U
(1000-3900)
Feature
1U
(100-800)
Desktop
(<100)
FortiGate/FortiWiFi Model
Notes and
Exceptions
VPN
Certificates CA Certificates
200
CRL Certificates
200
Local Certificates
IPSec
200
200*
IPSec Concentrators
500
100
300
300
300
5050
2000
2000
2000
IPSec Phase 1
N/A
200
2000
10000
10000
N/A
IPSec Phase 2
200
2000
10000
*300+: 500
500
SSL
1000
10000
N/A
SSL Portals
1*
50
256
256
128
Page 13
256
*60+: 5
1U
(100-800)
2U
(1000-3900)
256
256
1024
8192
FortiTokens
100
1000
1000
5000
Feature
High-End
(3900+)
Desktop
(<100)
FortiGate/FortiWiFi Model
Notes and
Exceptions
FSSO Servers
Guest Users
500
500
LDAP Servers
500
1024
10
Local Users
500
1000
1000
5000
350
350
350
350
Peers
500
1000
1000
5000
RADIUS Servers
10
SMS Providers
10
TACACS+ Servers
10
User Groups
100
500
800
800
Device
Devices
200*
2000
8000
8000
*20C-40C: 10
Endpoint
32
WAN Optimization
Note: WAN optimization is supported only on FortiGate models with internal storage.
Authentication groups
16
32*
64
128
*300+: 64
Peers
32
64*
256
256
*300+: 128
Profiles
32
64*
256
256
*300+: 128
SSL servers
32
64*
128
256
*300+: 128
256
Wireless Controller
Page 14
32*
256
1024
High-End
(3900+)
2U
(1000-3900)
SSIDs
1U
(100-800)
Feature
Desktop
(<100)
FortiGate/FortiWiFi Model
1024
Notes and
Exceptions
*20C: 0
16
256
Custom AP Profiles
128
Logging
Logs
Reports
50
256
Chart Mapping
Charts
256
256*
320
320
*800+: 320
Datasets
256
256*
320
320
*800+: 320
32
Layouts
16
16*
32
32
*800+: 32
Styles
128
128*
256
256
*800+: 256
Summaries
16
16*
32
32
*800+: 32
Themes
8*
16
16
*800+: 16
Page 15
Feature
System
Admin
ARP
Access Profiles
16
16
16
16
64
Admin Accounts
300
300
300
300
550
10240
16834
ARP Proxy
200
IPv6
Messages
10240
10240
16
200
256
256
256
256
4192
4096
8192
8192
8192
8192
15
30
256
256
200
500
32
IPv6 tunnels
200
200
15
15
32
256
256
512
SIT tunnels
SNMP Communities
16
SNMP Users
32
TOS-based priority
16
256
Zones
15
32
Session-TTL ports
SNMP
10240
50
Page 16
100
200
FortiGate-VM Model
Feature
Router
Access List Access List Entries
BGP
100
256
256
256
256
512
Neighbors
1000
1000
1000
1000
5000
Keychain
OSPF
Community Lists
512
512
512
512
2048
Keychain entries
16
16
16
16
100
250
2048
500
10000
20
Neighbors
10
Summary Addresses
25
Distribute Lists
10
100
Policy routes
Prefix List
RIP
Routes
100
250
250
100
64
Distances
100
Distribute Lists
100
Interfaces
32
Neighbors
100
Networks
100
Offset Lists
32
Passive Interfaces
300
100
Route Map
100
Route Rules
20
Static Routes
500
100
500
500
500
Page 17
FortiGate-VM Model
Feature
Firewall
Addresses
Address Groups
2500
2500
2500
2500
8192
Addresses
10000
10000
10000
10000
40000
1024
10000
300
1024
1024
IPv6
Custom Services
1024
1024
1024
4096
4096
DNS Translations
32
512
512
512
1024
ISF ACL
512
IP Pools
512
1024
2048
2048
32768
40000
8192
IPv6 Addresses
10000
10000
10000
10000
IPv6 Policies
10000
10000
10000
10000 100000
256
256
256
512
1024
1024
1024
1024
4096
64
128
128
256
256
256
Policies
10000
10000
10000
10000 100000
64
500
500
Predefined Services
500
500
800
500
Profile Groups
32
500
20000
20000
20000
32
500
500
500
500
500
1000
Recurring Schedules
256
Service Groups
500
512
300
One-time Schedules
Policies
1024
500
500
1000
Page 18
FortiGate-VM Model
Feature
Traffic
Shaping
Virtual IP
32
500
500
500
500
Traffic Shapers
32
500
500
500
500
512
512
512
512
2048
Virtual IPs
2048
2048
2048
2048
10000
32
Virtual IP servers
Virtual IP groups
500
Page 19
FortiGate-VM Model
Feature
Security
AntiSpam
10
1000
1000
2000
2000
20
2000
2000
4000
4000
32000
50000
DNS Blacklists
10
1000
1000
2000
2000
Filter Profiles
32
500
500
500
500
20
2000
2000
32000
50000
10
1000
1000
32000
50000
10
1000
1000
2000
2000
10
1000
1000
2000
2000
500
500
AntiVirus
500
Data Leak
Prevention
500
20
64
64
64
1000
1000
1000
1000
1000
12500
32000
50000
2000
2000
2000
2000
50000
64
64
64
64
1500
128
256
DoS sensors
32
IPS sensors
Netscan
2000
64
Intrusion
Protection
2000
4000
128
32
4000
64
64
64
64
1000
Quarantined IPs
4000
4000
15000
40000
40000
1000
2000
2000
2000
65535
Page 20
FortiGate-VM Model
Feature
Web Filter
10
10
10
32000
50000
10
1000
1000
32000
50000
1000
1000
1000
2000
2000
52
200
400
400
400
400
10000
10000
64
4000
10000
10000
32000
50000
32
32
32
32
1000
Webfilter Overrides
200
400
400
400
400
Webfilter Profiles
32
20000
20000
20000
20000
Page 21
FortiGate-VM Model
Feature
VPN
Certificates CA Certificates
200
CRL Certificates
200
Local Certificates
IPSec
SSL
200
500
500
IPSec Concentrators
500
300
2000
1000
1000
IPSec Phase 1
2000
2000
2000
2000
10000
IPSec Phase 2
2000
2000
2000
2000
10000
50
50
50
50
256
SSL Portals
SSL Web Bookmarks per Portal
256
128
256
1024
1024
8192
8192
FortiTokens
1000
1000
1000
5000
5000
1024
1024
5000
5000
5000
5000
FSSO Servers
Guest Users
500
500
LDAP Servers
500
10
Local Users
1000
1000
1000
350
1000
1000
1000
RADIUS Servers
10
SMS Providers
10
TACACS+ Servers
10
User Groups
500
500
500
500
800
Device
Devices
2000
2000
2000
2000
8000
Endpoint
32
Page 22
FortiGate-VM Model
Feature
WAN Optimization
Authentication groups
32
64
64
128
128
Peers
64
128
128
256
256
Profiles
64
128
128
256
256
SSL servers
64
128
128
256
256
256
Wireless Controller
SSIDs
32
256
256
256
1024
32
256
256
256
3045
256
256
256
256
1024
16
256
Custom AP Profiles
128
Logging
Logs
50
Page 23
FortiGate-VM Model
Feature
Reports
256
Chart Mapping
Charts
256
256
320
320
320
Datasets
256
256
320
320
320
32
Layouts
16
16
32
32
32
Styles
128
128
256
256
256
Summaries
16
16
32
323
32
Themes
16
16
16
Page 24