Hi all,
Need help on FG401E and Fortimanger on the address object limitation and address manage.
Once the individual Fortigate firewall is integrated to FortiManager, how will the object being managed and will the limit depends on FortiManager or individual FortiGate firewall?
For example, firewall A have 10k objects, firewall B have 10 k objects. Assuming that none of the objects in Firewall A and B is the same. Both firewalls are then onboarded to FortiManager. Will the object count be accumulated and now each firewall sees 20 k objects which is their limit?
What is the limit of object the fortimanager can store?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
FortiManager maintains a master database of things like address objects etc. No limits.
Each FortiGate has its own limit of these objects, as you already know.
If A and B have 10k unique objects then there is no problem. FMG will have 20k objects in its database but you will have two distinct policy packages one for FGT A and one for B with 10k objects each. No problem.
But if you take an object that is used in policy package for FGT B and reference it in FGT A's policy package well that will cause a problem because that'll be the 10,001th object on FGT A.
FortiManager maintains a master database of things like address objects etc. No limits.
Each FortiGate has its own limit of these objects, as you already know.
If A and B have 10k unique objects then there is no problem. FMG will have 20k objects in its database but you will have two distinct policy packages one for FGT A and one for B with 10k objects each. No problem.
But if you take an object that is used in policy package for FGT B and reference it in FGT A's policy package well that will cause a problem because that'll be the 10,001th object on FGT A.
Created on 04-16-2023 09:14 PM Edited on 04-17-2023 12:51 AM
Hi Graham,
Thanks.
For migration from other products to FortiGate, if the import object limit exceeded 20k for FG401E. The leftover 2k objects can it be imported into the fortimanager separately? Any administrator guide or technical guide I can refer to?
You can import all of the objects into FMG using a script. This will save the objects in the policy package database for use on the FortiGate.
https://docs.fortinet.com/document/fortimanager/7.2.2/administration-guide/990788/scripts
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.