Skip to main content
JukkaH
JukkaH
New Member
September 15, 2014
Question

Fortigate virtual appliance restrictions

  • September 15, 2014
  • 5 replies
  • 17628 views
I was testing Fortigate VM virtual appliance and did notice that it doesn' t support more than SIX firewall rules! Is it purposely made like that? Datasheet says that only restrictions in trial mode is low encryption and firmware cannot be updated. But it seems that policy implementation is also restricted.... Anyone else noticed that? Comments?

    5 replies

    emnoc
    emnoc
    New Member
    September 15, 2014
    I never heard that. What happen when you tried to add 6+ fwpolicies? Also have you been in touch with your partner and validated the license.lic fileor whatever it' s called? Remember the demo is full feature minus the time duration and low encryption and that you can' t upgrade the vAppliance.
    netmin
    netmin
    New Member
    September 15, 2014
    I can confirm this for the 5.0.x version we had tested. Here are some more limits listed (select VM eval version): http://docs-legacy.fortinet.com/fgt/handbook/50/5-0-5/max-values/max-values.html
    JukkaH
    JukkaHAuthor
    New Member
    September 16, 2014
    In fact the VM version in trial mode will refuse all firewall policies after 6th. From CLI you can have a message like " maximum value is 5, policy rejected" so the actual value is 5 plus implicit deny. And this is the situation when you will download Fortigate virtual appliance with 15days trial (no different evaluation license requested). Max-values sheet tells that with IPv6 there is actually the limit of 5 firewall policies but nothing mentioned about IPv4... Weird.
    netmin
    netmin
    New Member
    September 16, 2014
    It is a bit hidden, but there:
    JukkaH
    JukkaHAuthor
    New Member
    September 16, 2014
    True! :) There it is, thanks! Really have to read these max-values a bit more carefully.
    TheUnF
    TheUnF
    New Member
    November 11, 2018

    I have a Tip, applicable to Lab only, of course.

     

    If you create more than 5 rules on the Fortigate, than import it on Fortimanager with it's rules and objects, you will be able to manage lots and lots of rules on Fortimanager trial.

     

    I created 200 objects and then 200 rules, imported that gateway on Fortimanager and then were able to create new objects, new rules and push the policy to the gateway.

     

    Strangelly that if you clone that policy package and set the installation target to a new gateway, with no policy, it will accept lots of rules as well.

     

    Version 5.4.3 on Gateways and 5.4.5 on Fortimanager were used on this Lab.

    Terms & ConditionsAccessibility statement