Cloud-Delivered Firewall Management Center host limit
Cloud-Delivered Firewall Management Center host limit describes the storage capacity that
-
allows the system to store a maximum of 600,000 hosts in its host database
-
automatically adds a host to the network map when activity is detected for an IP address in your monitored network, and
-
controls host visibility and contextual data access based on network map inclusion.
Host limit recommendations
The system can store up to 600,000 hosts but we recommend limits based on the number of devices managed.
|
Number of devices managed by Security Cloud Control |
Recommended number of hosts |
|---|---|
|
1-50 |
100,000 |
|
51-300 |
300,000 |
|
301-1000 |
600,000 |
You cannot view contextual data for hosts not in the network map. However, you can perform access control. For example, you can perform application control on traffic to and from a host not in the network map, even though you cannot use a compliance allow list to monitor the host's network compliance.
Note | The system counts MAC-only hosts separately from hosts identified by both IP addresses and MAC addresses. All IP addresses associated with a host are counted together as one host. |
Reaching the Host Limit and Deleting Hosts
When you reach the host limit, the network discovery policy controls what happens when you detect a new host. You can drop the new host, or replace the host that has been inactive for the longest time. You can also set the period after which the system removes a host from the network map due to inactivity. Although you can manually delete a host, an entire subnet, or all of your hosts from the network map, if the system detects activity associated with a deleted host, it re-adds the host.