Description
This article explains the FortiGate command 'print tablesize'. Every FortiGate model has a different maximum values table, making it more accurate to check on a specific unit to find the values.
Scope
FortiGate.
Solution
The partial output of the command 'print tablesize' on a FortiGate 100D is given below:
print tablesize
system.vdom: 0 0 10
system.accprofile: 0 16 0
system.vdom-link: 0 0 0
system.switch-interface: 0 256 512
system.switch-interface:span-source-port: 0 0 0
...
system.snmp.community: 0 0 3
system.snmp.community:hosts: 16 0 0
system.snmp.community:hosts6: 16 0 0
system.snmp.user: 0 0 32
system.session-ttl:port: 0 512 0
system.dhcp.server: 0 256 0
system.dhcp.server:ip-range: 3 0 0
system.dhcp.server:vci-string: 0 0 0
system.vdom: 0 0 10
system.accprofile: 0 16 0
system.vdom-link: 0 0 0
system.switch-interface: 0 256 512
system.switch-interface:span-source-port: 0 0 0
...
system.snmp.community: 0 0 3
system.snmp.community:hosts: 16 0 0
system.snmp.community:hosts6: 16 0 0
system.snmp.user: 0 0 32
system.session-ttl:port: 0 512 0
system.dhcp.server: 0 256 0
system.dhcp.server:ip-range: 3 0 0
system.dhcp.server:vci-string: 0 0 0
...
There are 3 numbers associated with each table value:
- The first number refers to the maximum number allowed for the child table in its parent entry.
- The second number refers to the maximum number allowed per VDOM limit.
- The third number refers to the system's global limit.
All objects in the maximum values table have either a global limit, which applies to the entire FortiGate configuration, or a VDOM limit, which applies only to a single VDOM. For objects that have only a VDOM limit, the global limit is equal to the VDOM limit multiplied by the number of VDOMs for that unit.
For example, the FortiGate 100D can have 10 VDOMs and has a VDOM limit of 256 DHCP servers. This means that the global limit is 2560.
However, the switch interface for FortiGate 100D can have a maximum of 256 switch interfaces per VDOM, but the global limit is only 512. This means it cannot have more than 512 switch interfaces on all of the VDOMs.
The subcommand 'system.dhcp.server:ip-range' for 'system.dhcp.server' can only have a maximum of 3 IP ranges for each DHCP server.
For example, the FortiGate 100D can have 10 VDOMs and has a VDOM limit of 256 DHCP servers. This means that the global limit is 2560.
However, the switch interface for FortiGate 100D can have a maximum of 256 switch interfaces per VDOM, but the global limit is only 512. This means it cannot have more than 512 switch interfaces on all of the VDOMs.
The subcommand 'system.dhcp.server:ip-range' for 'system.dhcp.server' can only have a maximum of 3 IP ranges for each DHCP server.
In FortiOS version 7.6.0 a new feature is introduced in which the administrator can view the current usage. A fourth column was added to the output of the 'print tablesize' to view the current usage as well. Below is a sample output from 7.6.0 FortiGate.
print tablesize
system.vdom: 0 0 10 1
system.datasource: 0 0 0 3
system.timezone: 0 0 0 597
system.accprofile: 0 0 18 4
system.vdom: 0 0 10 1
system.datasource: 0 0 0 3
system.timezone: 0 0 0 597
system.accprofile: 0 0 18 4
The four columns are:
- The maximum number allowed for the child-table in its parent entry.
- The maximum number allowed per VDOM.
- The system global limit.
- The current object usage.
Note: In FortiOS 7.6.0, print tablesize command must be manually written to be executed. If not, this command will not be auto-completed by using the tab key:
Maximum values tables are published in the Fortinet Document Library at Fortinet Docs.
To view this information in the GUI, navigate to FortiOS, select the firmware version the unit is using, and navigate to Reference Manuals -> Maximum Values.
- Go to https://docs.fortinet.com/max-value-table.
- Select the firmware version of FortiOS.
- Select the FortiGate model number.
- Proceed by selecting GO.
- To search for a specific object such as IPsec, SSL VPN, or SD-WAN, write it in the search bar.
- The table row will provide the maximum value.
- Any object in the column presented in black or grey is the global configuration maximum or the VDOM configuration maximum, respectively.
