Appendix B: Maximum configuration values
 
Appendix B: Maximum configuration values
These tables show the maximum number of configuration objects or limits that vary by them, and are not a guarantee of performance. For values such as hardware specifications that do not vary by software version or configuration, see your model’s QuickStart Guide.
Table 71: Maximum number of ADOMs per FortiWeb
Model
Max ADOMs
FortiWeb 100D, FortiWeb 400B, FortiWeb 400C, FortiWeb 1000B, FortiWeb 1000C,
FortiWeb 3000C/CFsx,
FortiWeb 4000C
32
FortiWeb-VM, FortiWeb 1000D, FortiWeb 3000D/DFsx, FortiWeb 4000D
64
The below values are per ADOM. For example, the maximum number of server policies is 256 on a FortiWeb 4000D. Each additional ADOM can have an additional 256 server policies. However, due to the performance impact relative to each model's RAM constraints, maximizing the number of objects in all ADOMs is obviously not recommended.
Table 72: Maximum policies (physical appliances)
FortiWeb model
Policies per appliance
FortiWeb 100D
32
FortiWeb 400B
32
FortiWeb 400C
64
FortiWeb 1000B
64
FortiWeb 1000C
128
FortiWeb 1000D
256
FortiWeb 3000C
256
FortiWeb 3000CFsx
256
FortiWeb 3000D
512
FortiWeb 3000DFsx
512
FortiWeb 4000C
512
FortiWeb 4000D
1024
Table 73: Maximum configuration objects
Web UI item
Main table
Sub-table
System
Network
Interface
32 (total physical interfaces and VLAN subinterfaces)
N/A
Certificates
Local
255
N/A
SNI
255
255
CA
255
N/A
CA Group
255
255
Intermediate CA
255
N/A
Intermediate CA Group
255
255
CRL
255
N/A
Certificate Verify
255
N/A
Policy
Server Policy
See Table 72 “Maximum policies (physical appliances),” on page 756
Web Protection Profile
Inline Protection Profile
255
N/A
Offline Protection Profile
255
N/A
Server Objects
Server
Virtual Server
255
N/A
Server Pool
255
1024
Health Check
256 (excludes predefined rules)
16
Persistence
255
N/A
HTTP Content Routing
255
255
Protected Hostnames
255
64
Service
Predefined
255
N/A
Custom
255
N/A
Global
Custom Global White List
No limit
N/A
X- Forwarded-For
255
255
Error Page
255
The size of the uploaded file cannot exceed 1 MB.
N/A
Application Delivery
URL Rewriting Policy
Policy
255
255
Rule
255
10
Authentication Policy
Policy
255
255
Rule
255
255
Site Publish
Policy
255
255
Rule
255
N/A
Compression
File Compress Policy
255
255
File Uncompress Policy
255
255
Exclusion Rule
255
255
Caching
Web Cache Policy
255
255
Web Cache Exception
255
255
Web Protection
Known Attacks
Signatures/Exceptions
32
Enabled main classes: 64
Disabled sub- classes: 255
Disabled signatures: 2048
Filters:10240
Custom Signature Group
255
64
Custom Signature
255
255
Advanced Protection
Custom Policy
255
255
Custom Rule
255
255
Padding Oracle Protection
255
255
Input Validation
Parameter Validation Policy
255
255
Parameter Validation Rule
1024
1024
Hidden Fields Policy
255
255
Hidden Fields Rule
255
32
File Upload Restriction Policy
255
255
File Upload Restriction Rule
255
255
Protocol
HTTP Protocol Constraints
255
255
HTTP Constraints Exception
255
32
Access
Brute Force
255
255
URL Access Policy
255
255
URL Access Rule
255
32
Page Access
255
16
Start Pages
255
32
Allow Method Policy
255
255
Allow Method Exceptions
255
32
IP List
255
255
Geo IP
255
255
Geo IP Exceptions
255
255
Web Anti-Defacement
Anti Defacement
200
N/A
Anti-Defacement File Filter
255
255
DoS Protection
Application
HTTP Access Limit
255
N/A
Malicious IPs
255
N/A
HTTP Flood Prevention
255
N/A
Network
TCP Flood Prevention
255
N/A
Syn Cookie
255
N/A
Dos Protection Policy
255
N/A
IP Reputation
IP Reputation
Exceptions
255
N/A
Auto Learn
Auto Learn Profile
255
N/A
Report
The number of Auto Learn reports which FortiWeb has learned.
For each report, the maximum node number of the report tree is16384.
N/A
Predefined Pattern
Data Type Group
255
512
Data Type
None
N/A
URL Pattern
1 (one)
N/A
Suspicious URL
255
512
Custom Pattern
Data Type
255
N/A
Suspicious URL Policy
255
64
Suspicious URL Rule
255
N/A
Application Templates
Application Policy
25
255
URL Replacer
255
N/A
Web Vulnerability Scan
Web Vulnerability Scan
Web Vulnerability Scan Policy
255
N/A
Web Vulnerability Scan Profile
255
N/A
Web Vulnerability Scan Schedule
255
N/A
Maximum values on FortiWeb-VM
FortiWeb-VM has 4 virtual network interfaces (vNICs, or virtual ports).
The maximum number of server policies initially varies by the maximum amount of virtual memory (vRAM) available to FortiWeb-VM in VMware, up to a hard limit. FortiWeb-VM allows up to 20 policies for the first 1 GB of vRAM, then an additional 15 policies per additional 1 GB of vRAM, up to a maximum of 255 server policies.
In other words, at first, the server policy limit increases linearly with vRAM. But after 7 GB of vRAM, further increasing the vRAM no longer has an affect. 8 GB or more vRAM allows up to 255 server policies. (Keep in mind that increasing the vRAM may still benefit performance.)
Data analytics maximums
The capability of each model’s hardware determines the capacity of the data analytics database.
Max. Number Records per Table — The maximum number of data records that each table in the data analytics database can contain.
Max. Number Tables — The maximum number of database tables that the model can store.
Max. Tables Searched per Query — The maximum number of database tables that FortiWeb searches per query.
Table 74: Maximum storage and queries for data analytics
Model
Max. Number Records per Table
Max. Number Tables
Max. Tables Searched per Query
FortiWeb 400B
1,000,000
20
1
FortiWeb 400C
1,000,000
20
1
FortiWeb-VM
1,000,000
20
1
FortiWeb 1000B
1,000,000
100
2
FortiWeb 1000C
1,000,000
100
2
FortiWeb 1000D
1,000,000
100
2
FortiWeb 3000C/CFsx
1,000,000
200
3
FortiWeb 3000D/DFsx
1,000,000
200
3
FortiWeb 4000C
1,000,000
300
4
FortiWeb 4000D
1,000,000
300
4