Global resource settings
Global Resources apply to the whole FortiGate unit. They represent all of the hardware capabilities of your unit. By default the values are set to their maximum values. These values vary by your model due to each model having differing hardware capabilities.
It can be useful to change the maximum values for some resources to ensure there is enough memory available for other resources that may be more important to your configuration.
To use the earlier example, if your FortiGate unit is protecting a number of web servers and other publicly accessible servers you would want to maximize the available sessions and proxies while minimizing other settings that are unused such as user settings, VPNs, and dial-up tunnels.
Global Resources are only configurable at the global level, and only the admin account has access to these settings.
Note that global resources, such as the log disk quote resource, will only be visible if your FortiGate unit hardware supports those resources, such as having a hard disk to support the log disk resource.
To view global resource settings - web-based manager
Select Global > VDOM > Global Resources.
The following information is displayed:
Edit | Select to edit the Configured Maximum value for a single selected Resource. If multiple Resources are selected, Edit is not available. |
Reset to default value | Select to return one or more selected Resources to factory default settings. |
Checkbox | Select a Resource for editing or resetting to default values. |
Resource | The name of the available global resources. |
Configured Maximum | The currently configured maximum for this resource. This value can be changed by selecting the Resource and editing it. |
Default Maximum | The factory configured maximum value for this resource. You cannot set the Configured Maximum higher than the Default Maximum. |
Current Usage | The amount of this resource that is currently being used. This value is useful for determining when and if you may need to adjust Configured Maximum values for some resources on your FortiGate unit. |
See also
To view global resource settings - CLI
config global
config system resource-limits
get
When viewing the global resource limits in the CLI, the output appears similar to:
FGT1000A (global) # config system resource-limits
FGT1000A (resource-limits) # get
session : 0
ipsec-phase1 : 10000
ipsec-phase2 : 10000
dialup-tunnel : 0
firewall-policy : 100000
firewall-address : 20000
firewall-addrgrp : 10000
custom-service : 0
service-group : 0
onetime-schedule : 0
recurring-schedule : 0
user : 0
user-group : 0
sslvpn : 0
proxy : 2000
| For explicit proxies, when configuring limits on the number of concurrent users, you need to allow for the number of users based on their authentication method. Otherwise you may run out of user resources prematurely. • Each session-based authenticated user is counted as a single user using their authentication membership (RADIUS, LDAP, FSAE, local database etc.) to match users in other sessions. So one authenticated user in multiple sessions is still one user. • For all other situations, the source IP address is used to determine a user. All sessions from a single source address are assumed to be from the same user. |
