Appendix B: Maximum configuration values

These tables provide the maximum number of configuration objects and data analytics capacity for FortiWeb products. They are not a guarantee of performance. For values such as hardware specifications that do not vary by software version or configuration, see your model’s QuickStart Guide.

Maximum ADOMs, policies and server pools (per appliance)
FortiWeb
model
Maximum ADOMs Maximum server policies Maximum server pools
FortiWeb 100D 32 32 256
FortiWeb 400B 32 32 256
FortiWeb 400C 32 64 256
FortiWeb 400D 32 64 256
FortiWeb 600D 32 96 384
FortiWeb 1000B 32 64 256
FortiWeb 1000C 32 128 256
FortiWeb 1000D 64 256 512
FortiWeb 2000E 64 256 512
FortiWeb 3000C 32 256 256
FortiWeb 3000CFsx 32 256 256
FortiWeb 3000D 64 512 512
FortiWeb 3000DFsx 64 512 512
FortiWeb 3000E 64 512 512
FortiWeb 3010E 64 512 512
FortiWeb 4000C 32 512 256
FortiWeb 4000D 64 1024 1024
FortiWeb 4000E 64 1024 1024
FortiWeb-VM 64 See Maximum values on FortiWeb-VM 256

Due to resource constraints, the maximums for certain objects apply to each appliance globally and you cannot increase them by adding ADOMs. The maximums for other objects apply at the ADOM level only, so you can add objects beyond the maximum by adding ADOMs. For example, for a FortiWeb 1000D, you can configure up to 1024 URL Access polices for each of the 32 possible ADOMs because the limit applies to each ADOM, not the appliance. However, because the limit for server policies is a global one that applies to the appliance, you can configure only 256 server policies, regardless of how many ADOMs you use.

Depending on the RAM available, adding the maximum number of objects to multiple ADOMs can have an impact on your FortiWeb's performance. Fortinet recommends that you do not add the maximum number of objects in all ADOMs.

Per appliance configuration maximums
Web UI item Main table Sub-table
System
Network Policy Route 255 N/A
Static Route 255 N/A
Certificates Local 255 N/A
SNI 255 255
CA 255 N/A
CA Group 255 255
Intermediate CA 255 N/A
Intermediate CA Group 255 255
CRL 255 N/A
Certificate Verify 255 N/A
Server Objects
Server Health Check 255 (including predefined rules) N/A
Persistence 255 N/A
Per ADOM configuration maximums
Web UI item Main table Sub-table
System
Network Interface 32 (total physical interfaces and VLAN subinterfaces) N/A
Web Protection Profile Inline Protection Profile 255 N/A
Offline Protection Profile 255 N/A
Server Objects
  Virtual Server 255 N/A
Server Pool See Maximum ADOMs, policies and server pools (per appliance)
Health Check See Per appliance configuration maximums
Persistence
HTTP Content Routing 255 255
Protected Hostnames 255 255
Service Predefined 2 N/A
Custom 255 N/A
Global Known Search Engines No limit N/A
Predefined Global White List No limit N/A
Custom Global White List 255 N/A
X- Forwarded-For 255 255
Application Delivery
URL Rewriting Policy Policy 255 255
Rule 255 10
Authentication Policy Policy 255 255
Rule 255 255
Site Publish Policy 255 255
Rule 255 N/A
Keytab File 255 N/A
Compression File Compress Policy 255 255
File Uncompress Policy 255 255
Exclusion Rule 255 255
Caching Web Cache Policy 255 255
Web Cache Exception 255 255
Web Protection
Known attacks Signatures/Exceptions 64 Enabled main classes: 64
Disabled sub-classes: 255
Disabled signature table: 2048
Filter table: 32
Alert-only table: 255
Disabled False Positive Mitigation table: 255
Score grade table: 255
Disabled scoring override table: 255
Global Disable Signature 1024 N/A
Custom Signature Group 255 64
Custom Signature 255 255
Advanced Protection Custom Policy 1024 1024
Custom Rule 1024 Source IPv4/IPv6: 255
URL: 255
HTTP Header: 255
Access Rate Limit: 1
Signature main class: 255
Signature sub-class: 255
Signature: 10240
Custom signature: 1
Transaction Timeout: 1
Response Code: 255
Content Type: 1
Packet Interval Timeout: 1
Parameter: 255
Occurrence: 1
Padding Oracle Protection 255 255
Input Validation Parameter Validation Policy 255 1024
Parameter Validation Rule 1024 192
Hidden Fields Policy 255 255
Hidden Fields Rule 255 32
File Upload Restriction Policy 255 255
File Upload Restriction Rule 255 255
Protocol HTTP Protocol Constraints 255 255
HTTP Constraints Exception 255 32
Access Brute Force 255 255
URL Access Policy 1024 1024
URL Access Rule 1024 32
Page Access 255 16
Start Pages 255 32
Allow Method Policy 255 255
Allow Method Exceptions 255 32
IP List 255 255
Geo IP 255 255
Geo IP Exceptions 255 255
Web Anti-Defacement Anti Defacement 256 N/A
Anti-Defacement File Filter 255 255
DoS Protection
Application HTTP Access Limit 255 N/A
Malicious IPs 255 N/A
HTTP Flood Prevention 255 N/A
Network TCP Flood Prevention 255 N/A
Dos Protection Policy 255 N/A
IP Reputation
  Exceptions 255 N/A
Auto Learn
Auto Learn Profile 255 N/A
Report The number of Auto Learn reports which FortiWeb has learned. For each report, the maximum node number of the report tree is 16384 and the node size is 4096 bytes. N/A
Predefined Pattern Data Type Group 255 512
Data Type None N/A
URL Pattern None N/A
Suspicious URL 255 512
Custom Pattern Data Type 255 N/A
Suspicious URL Policy 255 64
Suspicious URL Rule 255 N/A
Application Templates Application Policy 255 255
URL Replacer 255 N/A
Web Vulnerability Scan
Web Vulnerability Scan Web Vulnerability Scan Policy 255 N/A
Web Vulnerability Scan Profile 255 N/A
Web Vulnerability Scan Schedule 255 N/A

Maximum values on FortiWeb-VM

FortiWeb-VM has 4 virtual network interfaces (vNICs, or virtual ports).

The maximum number of server policies initially varies by the maximum amount of virtual memory (vRAM) available to FortiWeb-VM in VMware, up to a hard limit. FortiWeb-VM allows up to 20 policies for the first 1 GB of vRAM, then an additional 15 policies per additional 1 GB of vRAM, up to a maximum of 150 server policies.

In other words, at first, the server policy limit increases linearly with vRAM. But after 10 GB of vRAM, further increasing the vRAM no longer has an affect. 11 GB or more vRAM allows up to 150 server policies. (Keep in mind that increasing the vRAM may still benefit performance.)

Data analytics maximums

The capability of each model’s hardware determines the capacity of the data analytics database.

Maximum storage and queries for data analytics
Model Max. Number Records per Table Max. Number Tables Max. Tables Searched per Query
FortiWeb 100D 1,000,000 20 1
FortiWeb 400B 1,000,000 20 1
FortiWeb 400C 1,000,000 20 1
FortiWeb-VM 1,000,000 20 1
FortiWeb 1000B 1,000,000 100 2
FortiWeb 1000C 1,000,000 100 2
FortiWeb 1000D 1,000,000 100 2
FortiWeb 3000C/CFsx 1,000,000 200 3
FortiWeb 3000D/DFsx 1,000,000 200 3
FortiWeb 3000E 1,000,000 200 3
FortiWeb 4000C 1,000,000 300 4
FortiWeb 4000D 1,000,000 300 4
FortiWeb 4000E 1,000,000 300 4