Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

how many IPsec tunnel can be Created!

Hello Experts, 


just to wanted to know how many IPsec tunnel can be established on fortigate? 

is there any way to calculate how much bandwidth , disk , Memory and CPU utilization will be needed to establish each IPsec tunnel? 


I have two Fortigate Virtual machine installed on KVM and fully licensed.

if I want to create multiple IPsec tunnel into my test lab, do i need to install more Fortigate VM to create ipsec tunnel? is there any way i could create multiple IPsec tunnels between two devices?


Hi duahimanshu,

1. I'm not aware of any formula.
When in comes to the max number of the ipsec tunnels you can configure on FGT VM, that's not specified in the sheet. I believe you can configure a pretty big number.
Depending on your VM resources, you might exhaust your cpu/ram/bandwidth way before maxing out the total number of allowed ipsec tunnels.
You'll have to try it out.
For a hardware unit, this it is specified because of the known/limited resources the unit has.

2. You can set up multiple tunnels between the same firewalls, as far as I know.
You'll need to set peerid in order to tell each end to which exact tunnel to connect.

And then you can bundle them into a sdwan interface and use that instead in the policies:

Let me know if this helps.


You can look up limits in the Maximum Values list, which nowadays is interactive:


For example, a VM0 has a max. number of interfaces of 4K, and a max. no. of IPsec tunnels of 2000.

As there are no HW accelerators in a FGT-VM (though, look up "vSPU"), your real limit will be set way lower by the no. of CPU cores, and type of, of your hypervisor. It totally depends on your VM infrastructure. I'd guess you could run a couple of dozens on average HW but don't take my word for it. Test, test, test.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors