Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
AlexC-FTNT
Staff
Staff

Created on ‎08-04-2022 04:55 AM Edited on ‎08-10-2025 11:08 AM By Moderator

Article Id 219723

Technical Tip: Maximum number of entries has been reached

Description

 

This article describes how to explain error:'Maximum number of entries has been reached' and what can be done in this situation.

The error will prevent from saving certain elements (either policy, DHCP entry, certificates, etc) and cannot be bypassed.

 

Scope

 

FortiGate, FortiOS (7.0 and newer).

 

Solution

 

The FortiOS system is very flexible across multiple hardware platforms and the limitations that come with the different hardware must be reflected in the firmware.

For this reason, only a certain number of maximum entries can be defined for each element.

 

Needless to say, this number is generally higher on the high-end models and lower on low-end platforms.

In other cases, due to the software architecture, this number is constant across all FortiGate platforms and all hardware devices.

 

The maximum number of entries can be verified in two ways:

  • At the Maximum Values Table, which also allows comparing different hardware.
  • Directly on the FortiGate command line: print tablesize.

 

One aspect that is not covered by this max values table is the server certificates entries.

This option has been introduced starting with FortiOS 7.0: Define multiple certificates in an SSL profile in replace mode

 

While an SSL-SSH profile is normally used with only one Server certificate, it can accommodate up to 10 certificates when 'Protect SSL server' is used.

 

Any attempt to add a new one will present the error:

'Too many server certificate entries. Maximum number of entries: 10'.

 

AlexCFTNT_0-1659606993214.png

 

This is a limit that is not present in the Max Values table, and at the moment it exists on all FortiGate platforms.

 

When creating a VLAN interface or any other configuration object in FortiGate, the error 'Maximum number of entries has been reached' may not always indicate that the primary resource (for example, the VLAN interface itself) has reached its limit.

 

In many cases, the failure occurs because one or more associated sub-resources, such as Address Objects or DHCP Server entries-have already reached their maximum allowed number.

 

For example:

  • If Create address object matching subnet is enabled when adding a new VLAN interface, FortiOS will automatically attempt to create a new Address Object. If the maximum Address Object limit has been reached, the VLAN creation will fail with the same error.

  • If DHCP Server is enabled for the new VLAN and the maximum DHCP Server count is already reached, the VLAN creation will also fail.

Recommended actions in this scenario:

  1. Temporarily disable Create address object matching subnet when creating the VLAN.

  2. Temporarily disable the DHCP Server on the VLAN during creation.

  3. Review the current count of related sub-resources (Address Objects, DHCP Servers, etc.)

This behavior can apply to many types of objects in FortiOS. If this error is encountered, all sub-resources created alongside the primary configuration should be checked to ensure they have not exceeded platform limits.

23475
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.