Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
opocta
Staff
Staff

Created on ‎11-26-2015 05:47 AM Edited on ‎01-04-2022 12:57 PM By Anonymous

Article Id 198101

Technical Note: 'Policy XX is too big for system, it's installed partially.'

Description

The message "Policy XX is too big for the system, it's installed partially." can appear after an upgrade to FortiOS v5.2 from FortiOS v5.0 or when creating a new policy.


Scope

FortiOS v5.2.0 to v5.2.4.


Solution

The reason for this message is that there are probably too many objects in the policy (policies) and it cannot be installed to the kernel. There is a memory limit for each policy, which permits to use of less than 8000 objects in one policy in FortiOS versions v5.2.0 to v5.2.4.

Higher FortiOS versions (v5.2.5 and v5.4) have the limit increased to approximately 9000+ objects.

The workaround for this issue is to split the policy into 2 policies and thereby split the used objects in half.
Labels:
1494
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.