system : resource-limits
 
resource-limits
Use this command to configure resource limits that will apply to all VDOMs. When you set a global resource limit, you cannot exceed that resource limit in any VDOM. For example, enter the following command to limit all VDOMS to 100 VPN IPSec Phase 1 Tunnels:
config global
config system resource-limits
set ipsec-phase1 100
end
end
With this global limit set you can only add a maximum of 100 VPN IPSec Phase 1 Tunnels to any VDOM.
You can also edit the resource limits for individual VDOMs to further limit the number of resources that you can add to individual VDOMs. See system vdom-property.
A resource limit of 0 means no limit. No limit means the resource is not being limited by the resource limit configuration. Instead the resource is being limited by other factors. The FortiGate unit limits dynamic resources by the capacity of the FortiGate unit and can vary depending on how busy the system is. Limits for static resources are set by limitations in the FortiGate configuration as documented in the FortiGate Maximum Values Matrix document.
The default maximum value for each resource depends on the FortiGate model. Dynamic resources (Sessions, Dial-up Tunnels, and SSL VPN) do not have default maximums so the default maximum for dynamic resources is always 0 (meaning unlimited). Static resources may have a limit set or many be set to 0 meaning they are limited by the resource limit configuration.
 
If you set the maximum resource usage for a VDOM you cannot reduce the default maximum global limit for all VDOMs below this maximum.
This command is available only when VDOMs are enabled.
Syntax
config global
config system resource-limits
set custom-service <max_int>
set dialup-tunnel <max_int>
set firewall-address <max_int>
set firewall-addrgrp <max_int>
set firewall-policy <max_int>
set ipsec-phase1 <max_int>
set ipsec-phase2 <max_int>
set log-disk-quota <max_int>
set onetime-schedule <max_int>
set proxy <max_int>
set recurring-schedule <max_int>
set service-group <max_int>
set session <max_int>
set sslvpn <max_int>
set user <max_int>
set user-group <max_int>
end
end
Variable
Description
Default
custom-service <max_int>
Enter the maximum number of firewall custom services.
 
dialup-tunnel <max_int>
Enter the maximum number of dialup-tunnels.
 
firewall-address <max_int>
Enter the maximum number of firewall addresses.
 
firewall-addrgrp <max_int>
Enter the maximum number of firewall address groups.
 
firewall-policy <max_int>
Enter the maximum number of firewall policies.
 
ipsec-phase1 <max_int>
Enter the maximum number of IPSec phase1 tunnels.
 
ipsec-phase2 <max_int>
Enter the maximum number of IPSec phase2 tunnels.
 
log-disk-quota <max_int>
Enter the maximum amount of log disk space available in MBytes for global log messages. The range depends on the amount of hard disk space available.
 
onetime-schedule <max_int>
Enter the maximum number of onetime schedules.
 
proxy <max_int>
Enter the maximum number of users that can be using the explicit proxy at one time.
How the number of concurrent explicit proxy users is determined depends on their authentication method:
For session-based authenticated users, each authenticated user is counted as a single user. Since multiple users can have the same user name, the proxy attempts to identify users according to their authentication membership (based upon whether they were authenticated using RADIUS, LADAP, FSSO, local database etc.). If a user of one session has the same name and membership as a user of another session, the explicit proxy assumes this is one user.
For IP Based authentication, or no authentication, or if no explicit proxy security policy has been added, the source IP address is used to determine a user. All sessions from a single source address are assumed to be from the same user.
 
recurring-schedule <max_int>
Enter the maximum number of recurring schedules.
 
service-group <max_int>
Enter the maximum number of firewall service groups.
 
session <max_int>
Enter the maximum number of sessions.
 
sslvpn <max_int>
Enter the maximum number of sessions.
 
user <max_int>
Enter the maximum number of users.
 
user-group <max_int>
Enter the maximum number of user groups.