Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JukkaH
New Contributor

Fortigate virtual appliance restrictions

I was testing Fortigate VM virtual appliance and did notice that it doesn' t support more than SIX firewall rules! Is it purposely made like that? Datasheet says that only restrictions in trial mode is low encryption and firmware cannot be updated. But it seems that policy implementation is also restricted.... Anyone else noticed that? Comments?
6 REPLIES 6
emnoc
Esteemed Contributor III

I never heard that. What happen when you tried to add 6+ fwpolicies? Also have you been in touch with your partner and validated the license.lic fileor whatever it' s called? Remember the demo is full feature minus the time duration and low encryption and that you can' t upgrade the vAppliance.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
netmin
Contributor II

I can confirm this for the 5.0.x version we had tested. Here are some more limits listed (select VM eval version): http://docs-legacy.fortinet.com/fgt/handbook/50/5-0-5/max-values/max-values.html
JukkaH
New Contributor

In fact the VM version in trial mode will refuse all firewall policies after 6th. From CLI you can have a message like " maximum value is 5, policy rejected" so the actual value is 5 plus implicit deny. And this is the situation when you will download Fortigate virtual appliance with 15days trial (no different evaluation license requested). Max-values sheet tells that with IPv6 there is actually the limit of 5 firewall policies but nothing mentioned about IPv4... Weird.
netmin
Contributor II

It is a bit hidden, but there:
JukkaH
New Contributor

True! :) There it is, thanks! Really have to read these max-values a bit more carefully.
TheUnF
New Contributor

I have a Tip, applicable to Lab only, of course.

 

If you create more than 5 rules on the Fortigate, than import it on Fortimanager with it's rules and objects, you will be able to manage lots and lots of rules on Fortimanager trial.

 

I created 200 objects and then 200 rules, imported that gateway on Fortimanager and then were able to create new objects, new rules and push the policy to the gateway.

 

Strangelly that if you clone that policy package and set the installation target to a new gateway, with no policy, it will accept lots of rules as well.

 

Version 5.4.3 on Gateways and 5.4.5 on Fortimanager were used on this Lab.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors