Description
This article explains the FortiGate command 'print tablesize'. Every FortiGate model has a different maximum values table, making it more accurate to check on a specific unit to find the values.
Scope
FortiGate.
Solution
The partial output of the command "print tablesize" on a FortiGate 100D is given below:
# print tablesize
system.vdom: 0 0 10
system.accprofile: 0 16 0
system.vdom-link: 0 0 0
system.switch-interface: 0 256 512
system.switch-interface:span-source-port: 0 0 0
...
system.snmp.community: 0 0 3
system.snmp.community:hosts: 16 0 0
system.snmp.community:hosts6: 16 0 0
system.snmp.user: 0 0 32
system.session-ttl:port: 0 512 0
system.dhcp.server: 0 256 0
system.dhcp.server:ip-range: 3 0 0
system.dhcp.server:vci-string: 0 0 0
system.vdom: 0 0 10
system.accprofile: 0 16 0
system.vdom-link: 0 0 0
system.switch-interface: 0 256 512
system.switch-interface:span-source-port: 0 0 0
...
system.snmp.community: 0 0 3
system.snmp.community:hosts: 16 0 0
system.snmp.community:hosts6: 16 0 0
system.snmp.user: 0 0 32
system.session-ttl:port: 0 512 0
system.dhcp.server: 0 256 0
system.dhcp.server:ip-range: 3 0 0
system.dhcp.server:vci-string: 0 0 0
...
There are 3 numbers associated with each table value:
1) The first number refers to the maximum number allowed for the child table in its parent entry.
2) The second number refers to maximum number allowed per VDOM limit.
3) The third number refers to the system global limit.
All objects in the maximum values table have either a global limit, which applies to the entire FortiGate configuration, or a VDOM limit, which applies only to a single VDOM. For objects that have only a VDOM limit, the global limit is equal to the VDOM limit multiplied by the number of VDOMs for that unit.
For example, the FortiGate 100D can have 10 VDOMs and has a VDOM limit of 256 DHCP servers. This means that the global limit is 2560.
However, the switch interface for FortiGate 100D can have maximum of 256 switch interfaces per VDOM, but the global limit is only 512. This means it cannot have more than 512 switch interfaces on all of the VDOMs.
The subcommand 'system.dhcp.server:ip-range' for 'system.dhcp.server' can only have a maximum of 3 IP-ranges for each DHCP server.
Maximum values tables are published in the Fortinet Document Library at https://docs.fortinet.com/
For example, the FortiGate 100D can have 10 VDOMs and has a VDOM limit of 256 DHCP servers. This means that the global limit is 2560.
However, the switch interface for FortiGate 100D can have maximum of 256 switch interfaces per VDOM, but the global limit is only 512. This means it cannot have more than 512 switch interfaces on all of the VDOMs.
The subcommand 'system.dhcp.server:ip-range' for 'system.dhcp.server' can only have a maximum of 3 IP-ranges for each DHCP server.
Maximum values tables are published in the Fortinet Document Library at https://docs.fortinet.com/
To view this information in the GUI, navigate to FortiOS, select the firmware version the unit is using and navigate to Reference Manuals -> Maximum Values.
1) Go to https://docs.fortinet.com/max-value-table
2) Select the firmware version of FortiOS
3) Select the FortiGate model number
4) Proceed by selecting GO.
5) To search for a specific object such as IPsec, SSLVPN, SDWAN, write it in the search bar.
6) The table row will provide the maximum value.
7) Any object in the column is presented in black or grey is the global configuration maximum or the VDOM configuration maximum, respectively.
