Using virtual domains Configuring VDOM resource limits
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 173
http://docs.fortinet.com/ • Feedback
• The number of SSL VPN user sessions that can be started in a VDOM. When this limit
is reached the VDOM displays a system busy message instead of the login page when
a user attempts to login to start an SSL VPN session.
Static resources are controlled by limits in the FortiGate configuration. These limits vary by
model and are listed in the FortiGate Maximum Values Matrix. Limiting static resources
does not limit the amount of traffic that the VDOM process. Instead limiting static
resources controls the number of configuration elements that can be added to a VDOM.
You can set the following static resource limits:
• The number of VPN IPSec Phase 1 and Phase 2 tunnels that can be added to a VDOM
configuration. The number of tunnels is limited by the maximum values for the
FortiGate model.
• The number of Firewall policies, Protection Profiles, Firewall Addresses, Firewall
Address Groups, Firewall Custom Services, Firewall Service Groups, Firewall
One-Time Schedules, and Firewall Recurring Schedules that can be added to a VDOM
configuration.
• The number of local users and user groups that can be added to a VDOM
configuration.
Setting VDOM global resource limits
Use global resource limits to configure resource limits that will apply to all VDOMs. When
you set a global resource limit, you cannot exceed that resource limit in any VDOM. For
example, if you want to limit all VDOMS to 100 VPN IPSec Phase 1 Tunnels, go to System
> VDOM > Global Resources and edit the VPN IPsec Phase1 Tunnels resource limit and
set the global resource limit to 100. With this global limit set you can only add a maximum
of 100 VPN IPSec Phase 1 Tunnels to any VDOM.
You can also edit the resource limits for individual VDOMs to further limit the number of
resources that you can add to individual VDOMs. See “Configuring resource usage for
individual VDOMs” on page 174.
A resource limit of 0 means no limit. No limit means the resource is not being limited by
the resource limit configuration. Instead the resource is being limited by other factors. The
FortiGate unit limits dynamic resources by the capacity of the FortiGate unit and can vary
depending on how busy the system is. Limits for static resources are set by limitations in
the FortiGate configuration as documented in the FortiGate Maximum Values Matrix
document.
To Next Page
Loading...
Need help?
General