Technical Note: 'Policy XX is too big for system, it's installed partially.'
Description
The message "Policy XX is too big for the system, it's installed partially." can appear after an upgrade to FortiOS v5.2 from FortiOS v5.0 or when creating a new policy.
Scope
FortiOS v5.2.0 to v5.2.4.
Solution
The reason for this message is that there are probably too many objects in the policy (policies) and it cannot be installed to the kernel. There is a memory limit for each policy, which permits to use of less than 8000 objects in one policy in FortiOS versions v5.2.0 to v5.2.4.
Higher FortiOS versions (v5.2.5 and v5.4) have the limit increased to approximately 9000+ objects.
The workaround for this issue is to split the policy into 2 policies and thereby split the used objects in half.
Higher FortiOS versions (v5.2.5 and v5.4) have the limit increased to approximately 9000+ objects.
The workaround for this issue is to split the policy into 2 policies and thereby split the used objects in half.