Technical Tip: Unable to locate the maximum of explicit proxy user limit in table size

duenlim · ‎02-25-2024

Description

When running the command 'print tablesize' on a FortiGate, it is not possible to view the maximum explicit proxy user limit in table size.

The partial output of the command 'print tablesize' on a FortiGate VM is given below:

print tablesize
system.vdom: 0 0 10
system.datasource: 0 0 0
system.accprofile: 0 0 18
...
web-proxy.profile: 0 256 512
web-proxy.profile:headers: 0 0 0
web-proxy.profile:headers:dstaddr: 0 0 0
web-proxy.profile:headers:dstaddr6: 0 0 0
web-proxy.global:learn-client-ip-srcaddr: 0 256 512
web-proxy.global:learn-client-ip-srcaddr6: 0 256 512
web-proxy.explicit:pac-policy: 0 256 512
web-proxy.explicit:pac-policy:srcaddr: 0 0 0
web-proxy.explicit:pac-policy:srcaddr6: 0 0 0
web-proxy.explicit:pac-policy:dstaddr: 0 0 0
web-proxy.forward-server: 0 256 512
web-proxy.forward-server-group: 0 256 512
web-proxy.forward-server-group:server-list: 0 0 0
web-proxy.debug-url: 0 256 512
web-proxy.wisp: 0 256 512
web-proxy.url-match: 0 256 512

Scope

Explicit Proxy in FortiGate.

Solution

Check the maximum user limit in the following CLI commands:

(global) # config sys resource-limits
(resource-limits) # get
session : 0
ipsec-phase1 : 2000
ipsec-phase2 : 2000
ipsec-phase1-interface: 0
ipsec-phase2-interface: 0
dialup-tunnel : 0
firewall-policy : 41024
firewall-address : 42048
firewall-addrgrp : 10692
custom-service : 0
service-group : 0
onetime-schedule : 0
recurring-schedule : 0
user : 0
user-group : 0
sslvpn : 0
proxy : 128000 ---------> maximum user limits
log-disk-quota : 16125

Note:

The above CLI commands appear if VDOM is enabled.

Alternatively, call the Fortinet support hotline http://www.fortinet.com/support/contact_support.html