FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
AlexC-FTNT
Staff
Staff
Article Id 219723
Description

 

This article describes how to explain error:'Maximum number of entries has been reached' and what can be done in this situation.

The error will prevent from saving certain elements (either policy, DHCP entry, certificates, etc) and cannot be bypassed.

 

Scope

 

FortiGate, FortiOS (7.0 and newer).

 

Solution

 

The FortiOS system is very flexible across multiple hardware platforms and the limitations that come with the different hardware must be reflected in the firmware.

For this reason, only a certain number of maximum entries can be defined for each element.

 

Needless to say, this number is generally higher on the high-end models and lower on low-end platforms.

In other cases, due to the software architecture, this number is constant across all FortiGate platforms and all hardware devices.

 

The maximum number of entries can be verified in two ways:

- At https://docs.fortinet.com/max-value-table which also allows to compare different hardware.

- Directly on FortiGate command line: print tablesize.

 

One aspect that is not covered by this max values table is the server certificates entries.

This option has been introduced starting with FortiOS 7.0

 

While an SSL-SSH profile is normally used with only one Server certificate, it can accomodate up to 10 certificates when 'Protect SSL server' is used.

 

Any attempt to add a new one will present the error:

'Too many server certificate entries. Maximum number of entries: 10'.

 

AlexCFTNT_0-1659606993214.png

 

This is a limit that is not present in the Max Values table, and at the moment it exists on all FortiGate platforms.

Contributors