These tables provide the maximum number of configuration objects and data analytics capacity for FortiWeb products. They are not a guarantee of performance. For values such as hardware specifications that do not vary by software version or configuration, see your model’s QuickStart Guide.
| FortiWeb model |
Maximum ADOMs | Maximum server policies | Maximum server pools |
|---|---|---|---|
| FortiWeb 100D | 32 | 32 | 256 |
| FortiWeb 400B | 32 | 32 | 256 |
| FortiWeb 400C | 32 | 64 | 256 |
| FortiWeb 400D | 32 | 64 | 256 |
| FortiWeb 600D | 32 | 96 | 384 |
| FortiWeb 1000B | 32 | 64 | 256 |
| FortiWeb 1000C | 32 | 128 | 256 |
| FortiWeb 1000D | 64 | 256 | 512 |
| FortiWeb 2000E | 64 | 256 | 512 |
| FortiWeb 3000C | 32 | 256 | 256 |
| FortiWeb 3000CFsx | 32 | 256 | 256 |
| FortiWeb 3000D | 64 | 512 | 512 |
| FortiWeb 3000DFsx | 64 | 512 | 512 |
| FortiWeb 3000E | 64 | 512 | 512 |
| FortiWeb 3010E | 64 | 512 | 512 |
| FortiWeb 4000C | 32 | 512 | 256 |
| FortiWeb 4000D | 64 | 1024 | 1024 |
| FortiWeb 4000E | 64 | 1024 | 1024 |
| FortiWeb-VM | 64 | See Maximum values on FortiWeb-VM | 256 |
Due to resource constraints, the maximums for certain objects apply to each appliance globally and you cannot increase them by adding ADOMs. The maximums for other objects apply at the ADOM level only, so you can add objects beyond the maximum by adding ADOMs. For example, for a FortiWeb 1000D, you can configure up to 1024 URL Access polices for each of the 32 possible ADOMs because the limit applies to each ADOM, not the appliance. However, because the limit for server policies is a global one that applies to the appliance, you can configure only 256 server policies, regardless of how many ADOMs you use.
Depending on the RAM available, adding the maximum number of objects to multiple ADOMs can have an impact on your FortiWeb's performance. Fortinet recommends that you do not add the maximum number of objects in all ADOMs.
| Web UI item | Main table | Sub-table | |
|---|---|---|---|
| System | |||
| Network | Policy Route | 255 | N/A |
| Static Route | 255 | N/A | |
| Certificates | Local | 255 | N/A |
| SNI | 255 | 255 | |
| CA | 255 | N/A | |
| CA Group | 255 | 255 | |
| Intermediate CA | 255 | N/A | |
| Intermediate CA Group | 255 | 255 | |
| CRL | 255 | N/A | |
| Certificate Verify | 255 | N/A | |
| Server Objects | |||
| Server | Health Check | 255 (including predefined rules) | N/A |
| Persistence | 255 | N/A | |
| Web UI item | Main table | Sub-table | |
|---|---|---|---|
| System | |||
| Network | Interface | 32 (total physical interfaces and VLAN subinterfaces) | N/A |
| Web Protection Profile | Inline Protection Profile | 255 | N/A |
| Offline Protection Profile | 255 | N/A | |
| Server Objects | |||
| Virtual Server | 255 | N/A | |
| Server Pool | See Maximum ADOMs, policies and server pools (per appliance) | ||
| Health Check | See Per appliance configuration maximums | ||
| Persistence | |||
| HTTP Content Routing | 255 | 255 | |
| Protected Hostnames | 255 | 255 | |
| Service | Predefined | 2 | N/A |
| Custom | 255 | N/A | |
| Global | Known Search Engines | No limit | N/A |
| Predefined Global White List | No limit | N/A | |
| Custom Global White List | 255 | N/A | |
| X- Forwarded-For | 255 | 255 | |
| Application Delivery | |||
| URL Rewriting Policy | Policy | 255 | 255 |
| Rule | 255 | 10 | |
| Authentication Policy | Policy | 255 | 255 |
| Rule | 255 | 255 | |
| Site Publish | Policy | 255 | 255 |
| Rule | 255 | N/A | |
| Keytab File | 255 | N/A | |
| Compression | File Compress Policy | 255 | 255 |
| File Uncompress Policy | 255 | 255 | |
| Exclusion Rule | 255 | 255 | |
| Caching | Web Cache Policy | 255 | 255 |
| Web Cache Exception | 255 | 255 | |
| Web Protection | |||
| Known attacks | Signatures/Exceptions | 64 | Enabled main classes: 64 |
| Disabled sub-classes: 255 | |||
| Disabled signature table: 2048 | |||
| Filter table: 32 | |||
| Alert-only table: 255 | |||
| Disabled False Positive Mitigation table: 255 | |||
| Score grade table: 255 | |||
| Disabled scoring override table: 255 | |||
| Global Disable Signature | 1024 | N/A | |
| Custom Signature Group | 255 | 64 | |
| Custom Signature | 255 | 255 | |
| Advanced Protection | Custom Policy | 1024 | 1024 |
| Custom Rule | 1024 | Source IPv4/IPv6: 255 | |
| URL: 255 | |||
| HTTP Header: 255 | |||
| Access Rate Limit: 1 | |||
| Signature main class: 255 | |||
| Signature sub-class: 255 | |||
| Signature: 10240 | |||
| Custom signature: 1 | |||
| Transaction Timeout: 1 | |||
| Response Code: 255 | |||
| Content Type: 1 | |||
| Packet Interval Timeout: 1 | |||
| Parameter: 255 | |||
| Occurrence: 1 | |||
| Padding Oracle Protection | 255 | 255 | |
| Input Validation | Parameter Validation Policy | 255 | 1024 |
| Parameter Validation Rule | 1024 | 192 | |
| Hidden Fields Policy | 255 | 255 | |
| Hidden Fields Rule | 255 | 32 | |
| File Upload Restriction Policy | 255 | 255 | |
| File Upload Restriction Rule | 255 | 255 | |
| Protocol | HTTP Protocol Constraints | 255 | 255 |
| HTTP Constraints Exception | 255 | 32 | |
| Access | Brute Force | 255 | 255 |
| URL Access Policy | 1024 | 1024 | |
| URL Access Rule | 1024 | 32 | |
| Page Access | 255 | 16 | |
| Start Pages | 255 | 32 | |
| Allow Method Policy | 255 | 255 | |
| Allow Method Exceptions | 255 | 32 | |
| IP List | 255 | 255 | |
| Geo IP | 255 | 255 | |
| Geo IP Exceptions | 255 | 255 | |
| Web Anti-Defacement | Anti Defacement | 256 | N/A |
| Anti-Defacement File Filter | 255 | 255 | |
| DoS Protection | |||
| Application | HTTP Access Limit | 255 | N/A |
| Malicious IPs | 255 | N/A | |
| HTTP Flood Prevention | 255 | N/A | |
| Network | TCP Flood Prevention | 255 | N/A |
| Dos Protection Policy | 255 | N/A | |
| IP Reputation | |||
| Exceptions | 255 | N/A | |
| Auto Learn | |||
| Auto Learn Profile | 255 | N/A | |
| Report | The number of Auto Learn reports which FortiWeb has learned. For each report, the maximum node number of the report tree is 16384 and the node size is 4096 bytes. | N/A | |
| Predefined Pattern | Data Type Group | 255 | 512 |
| Data Type | None | N/A | |
| URL Pattern | None | N/A | |
| Suspicious URL | 255 | 512 | |
| Custom Pattern | Data Type | 255 | N/A |
| Suspicious URL Policy | 255 | 64 | |
| Suspicious URL Rule | 255 | N/A | |
| Application Templates | Application Policy | 255 | 255 |
| URL Replacer | 255 | N/A | |
| Web Vulnerability Scan | |||
| Web Vulnerability Scan | Web Vulnerability Scan Policy | 255 | N/A |
| Web Vulnerability Scan Profile | 255 | N/A | |
| Web Vulnerability Scan Schedule | 255 | N/A | |
FortiWeb-VM has 4 virtual network interfaces (vNICs, or virtual ports).
The maximum number of server policies initially varies by the maximum amount of virtual memory (vRAM) available to FortiWeb-VM in VMware, up to a hard limit. FortiWeb-VM allows up to 20 policies for the first 1 GB of vRAM, then an additional 15 policies per additional 1 GB of vRAM, up to a maximum of 150 server policies.
In other words, at first, the server policy limit increases linearly with vRAM. But after 10 GB of vRAM, further increasing the vRAM no longer has an affect. 11 GB or more vRAM allows up to 150 server policies. (Keep in mind that increasing the vRAM may still benefit performance.)
The capability of each model’s hardware determines the capacity of the data analytics database.
| Model | Max. Number Records per Table | Max. Number Tables | Max. Tables Searched per Query |
|---|---|---|---|
| FortiWeb 100D | 1,000,000 | 20 | 1 |
| FortiWeb 400B | 1,000,000 | 20 | 1 |
| FortiWeb 400C | 1,000,000 | 20 | 1 |
| FortiWeb-VM | 1,000,000 | 20 | 1 |
| FortiWeb 1000B | 1,000,000 | 100 | 2 |
| FortiWeb 1000C | 1,000,000 | 100 | 2 |
| FortiWeb 1000D | 1,000,000 | 100 | 2 |
| FortiWeb 3000C/CFsx | 1,000,000 | 200 | 3 |
| FortiWeb 3000D/DFsx | 1,000,000 | 200 | 3 |
| FortiWeb 3000E | 1,000,000 | 200 | 3 |
| FortiWeb 4000C | 1,000,000 | 300 | 4 |
| FortiWeb 4000D | 1,000,000 | 300 | 4 |
| FortiWeb 4000E | 1,000,000 | 300 | 4 |