system : vdom-property
 
vdom-property
Use this command to enter a description of a VDOM and to configure resource usage for the VDOM that overrides global limits and specifies guaranteed resource usage for the VDOM.
When configuring resource usage for a VDOM you can set the Maximum and Guaranteed value for each resource.
The Maximum value limits the amount of the resource that can be used by the VDOM. When you add a VDOM, all maximum resource usage settings are 0 indicating that resource limits for this VDOM are controlled by the global resource limits. You do not have to override the maximum settings unless you need to override global limits to further limit the resources available for the VDOM. You cannot set maximum resource usage higher in a VDOM than the corresponding global resource limit. For each resource you can override the global limit to reduce the amount of each resource available for this VDOM. The maximum must the same as or lower than the global limit. The default value is 0, which means the maximum is the same as the global limit.
 
Use the command system resource-limits to set global resource limits.
The Guaranteed value represents the minimum amount of the resource available for that VDOM. Setting the guaranteed value makes sure that other VDOMs do not use all of a resource. A guaranteed value of 0 means that an amount of this resource is not guaranteed for this VDOM. You only have to change guaranteed settings if your FortiGate may become low on resources and you want to guarantee that a minimum level is available for this VDOM. For each resource you can enter the minimum amount of the resource available to this VDOM regardless of usage by other VDOMs. The default value is 0, which means that an amount of this resource is not guaranteed for this VDOM.
Syntax
config global
config system vdom-property
edit <vdom_name>
set custom-service <max_int> [<guaranteed_int>]
set description <description_str>
set dialup-tunnel <max_int> [<guaranteed_int>]
set firewall-policy <max_int> [<guaranteed_int>]
set firewall-profile <max_int> [<guaranteed_int>]
set firewall-address <max_int> [<guaranteed_int>]
set firewall-addrgrp <max_int> [<guaranteed_int>]
set ipsec-phase1 <max_int> [<guaranteed_int>]
set ipsec-phase2 <max_int> [<guaranteed_int>]
set log-disk-quota <max_int>
set onetime-schedule <max_int> [<guaranteed_int>]
set recurring-schedule <max_int> [<guaranteed_int>]
set service-group <max_int> [<guaranteed_int>]
set session <max_int> [<guaranteed_int>]
set user <max_int> [<guaranteed_int>]
set user-group <max_int> [<guaranteed_int>]
set web-proxy <max_int>
end
end
Variable
Description
Default
edit <vdom_name>
Select the VDOM to set the limits for.
 
custom-service <max_int> [<guaranteed_int>]
Enter the maximum and guaranteed number of firewall custom services.
0 0
description <description_str>
Enter a description of the VDOM. The description can be up to 63 characters long.
 
dialup-tunnel <max_int> [<guaranteed_int>]
Enter the maximum and guaranteed number of dialup-tunnels.
0 0
firewall-policy <max_int> [<guaranteed_int>]
Enter the maximum and guaranteed number of firewall policies.
0 0
firewall-profile <max_int> [<guaranteed_int>]
Enter the maximum and guaranteed number of firewall profiles.
0 0
firewall-address <max_int> [<guaranteed_int>]
Enter the maximum and guaranteed number of firewall addresses.
0 0
firewall-addrgrp <max_int> [<guaranteed_int>]
Enter the maximum and guaranteed number of firewall address groups.
0 0
ipsec-phase1 <max_int> [<guaranteed_int>]
Enter the maximum and guaranteed number of IPSec phase1 tunnels.
0 0
ipsec-phase2 <max_int> [<guaranteed_int>]
Enter the maximum and guaranteed number of IPSec phase2 tunnels.
0 0
log-disk-quota <max_int>
Enter the maximum amount of log disk space available in MBytes for log messages for this VDOM. The range depends on the amount of hard disk space available.
0 0
onetime-schedule <max_int> [<guaranteed_int>]
Enter the maximum and guaranteed number of onetime schedules.
0 0
recurring-schedule <max_int> [<guaranteed_int>]
Enter the maximum and guaranteed number of recurring schedules.
0 0
service-group <max_int> [<guaranteed_int>]
Enter the maximum and guaranteed number of firewall service groups.
0 0
session <max_int> [<guaranteed_int>]
Enter the maximum and guaranteed number of sessions.
0 0
user <max_int> [<guaranteed_int>]
Enter the maximum and guaranteed number of users.
0 0
user-group <max_int> [<guaranteed_int>]
Enter the maximum and guaranteed number of user groups.
0 0
web-proxy <max_int>
Enter the maximum number of users that can be using the explicit web proxy at one time from this VDOM.
How the number of concurrent explicit proxy users is determined depends on their authentication method:
For session-based authenticated users, each authenticated user is counted as a single user. Since multiple users can have the same user name, the proxy attempts to identify users according to their authentication membership (based upon whether they were authenticated using RADIUS, LADAP, FSSO, local database etc.). If a user of one session has the same name and membership as a user of another session, the explicit proxy assumes this is one user.
For IP Based authentication, or no authentication, or if no web-proxy firewall policy has been added, the source IP address is used to determine a user. All sessions from a single source address are assumed to be from the same user.
0 0