malicious-ip icon indicating copy to clipboard operation
malicious-ip copied to clipboard
verified publisher icon romainmarcoux

FortiGate global limit 300k

Open zoriax opened this issue 1 year ago β€’ 6 comments

Hi @romainmarcoux ,

First of all, many thanks for your project ! It's just amazingly useful πŸ’•

I just need to confirm something with you. According to FortiOS documentation (https://docs.fortinet.com/document/fortigate/7.4.0/new-features/677896) the 300k limit is global (and shared between vdom). So when you add a second 300k file, the result is an empty threat feed. Depending to you environment, especially if you have other IP Address Threat Feed, the 40k seems to be the solution.

Someone can add more than 300k entries on a FortiGate ?

Thanks

zoriax avatar Dec 09 '24 12:12 zoriax

No, unfortunately. I am currently negotiating with Fortinet to review the distribution to increase the number of IP addresses.

romainmarcoux avatar Dec 09 '24 14:12 romainmarcoux

Ok thanks @romainmarcoux,

I think for know you already have done the job for us πŸ™ with the 40k list !

zoriax avatar Dec 09 '24 14:12 zoriax

Good news! A user reported this change to me in the 7.6.3 documentation: https://docs.fortinet.com/document/fortigate/7.6.3/administration-guide/9463 If you scroll down the page, you'll see the new limits for threat feed IP addresses:

  • 300k for entry-level devices (90G and below)
  • 1M for Mid-Range devices (between 100F and 900G)
  • 5M for High-End devices (1000F and above)

It remains to be seen if Fortinet will backport this change to 7.4.8, which is expected to be released in May!

romainmarcoux avatar May 06 '25 12:05 romainmarcoux

In addition in the release notes: https://docs.fortinet.com/document/fortigate/7.6.3/fortios-release-notes/626946/changes-in-table-size Bug ID : 1129770 On mid-range FortiGate models, increase the number of IP addresses from 300,000 to 1,000,000. On high-end FortiGate models, increase the number of IP addresses from 300,000 to 5,000,000. πŸΎπŸŽ‰πŸ₯³πŸŽŠ

romainmarcoux avatar May 06 '25 13:05 romainmarcoux

Hi @romainmarcoux !

It's a really good news ! I hope version 7.4.8 comes with new limits too. Let's wait and see πŸ™

Thanks for your followup

zoriax avatar May 06 '25 13:05 zoriax

According to my information, there would be no backport to the 7.4 branch, I will campaign for this to be done.

romainmarcoux avatar May 06 '25 13:05 romainmarcoux

This change will hopefully be pushed to 7.4.9, which is expected to be released in July! Thanks to all the users on my FortiGate and my contacts at Fortinet for helping me push this change to 7.4! Wait and see!

romainmarcoux avatar May 19 '25 15:05 romainmarcoux

Hello, 7.4.9 has been a long time coming, but what a pleasure to read this in the 7.4.9 Release Notes: "1129770 On High-End and Mid-Range FortiGate models, increase the number of IP addresses from 300,000 to 5,000,000 for High-End models and to 1,000,000 for Mid-Range models."

You can now enjoy my entire malicious IP list again!

romainmarcoux avatar Sep 26 '25 15:09 romainmarcoux