FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
opocta
Staff
Staff

Description

The message "Policy XX is too big for the system, it's installed partially." can appear after an upgrade to FortiOS v5.2 from FortiOS v5.0 or when creating a new policy.


Scope

FortiOS v5.2.0 to v5.2.4.


Solution

The reason for this message is that there are probably too many objects in the policy (policies) and it cannot be installed to the kernel. There is a memory limit for each policy, which permits to use of less than 8000 objects in one policy in FortiOS versions v5.2.0 to v5.2.4.

Higher FortiOS versions (v5.2.5 and v5.4) have the limit increased to approximately 9000+ objects.

The workaround for this issue is to split the policy into 2 policies and thereby split the used objects in half.
Contributors