Active Directory & OpenLDAP Synchronization
Following are the Active Directory (AD) and OpenLDAP synchronization ranges and limitations.
Feature | Limit |
|---|---|
Primary/Secondary Directory Name | 255 characters |
Authentication Agent URL | 1,023 characters |
Directory Server Address | 1,023 characters |
Port | 0 - 65535 |
Bind DN | 255 characters |
Bind Password | 255 characters |
Base DN | 1,023 characters |
User Login | 255 characters |
User Full Name | 255 characters |
User Search Filter | 1,023 bytes |
Department Membership | 255 characters |
Group Name | 255 characters |
Group Membership (AD only) | 255 characters |
Group Search Filter | 1,023 bytes |
Group Base DN (OpenLDAP only) | 255 characters |
User Attribute (OpenLDAP only) | 255 characters |
User Membership (OpenLDAP only) | 255 characters |
User Entry | 1,023 characters |
Users/Groups/Departments Search (Synchronization Results) | 255 characters |
User Authentication Filter | 1,023 bytes |
Test User Login | 255 characters |
Test User Password | 255 characters |
Departments
Following are the department ranges and limitations.
Feature | Limit |
|---|---|
Departments per Organization | 140,000 departments |
Department Name | 128 characters |
Comments | 10,240 KB |
Imported Departments per CSV file | 3,000 entries |
Data Loss Prevention
Following are the Data Loss Prevention (DLP) ranges and limitations.
Feature | Limit |
|---|---|
Custom DLP Dictionaries | 160 dictionaries |
Custom DLP Engines | 47 engines |
EUNs
Following are the EUN ranges and limitations.
Feature | Limit |
|---|---|
Custom Redirect URL | 1,023 characters |
Notification Message | 15,000 bytes |
AUP Message | 30,000 bytes |
URL Categorization Notification | 15,000 bytes |
Security Violation Notification | 15,000 bytes |
DLP Violation Notification | 15,000 bytes |
Caution Notification Text | 15,000 bytes |
Support Phone Number | 20 characters |
Policy Link | 1,023 characters |
IT Support Email | 254 characters |
Groups
Following are the group ranges and limitations.
Feature | Limit |
|---|---|
Group Name | 128 characters |
Comments | 10,240 bytes |
Imported Groups per CSV file | 3,000 entries |
Network Services Groups | 121 groups |
Network Applications Groups | 126 groups |
Source IP Address Groups | 4,000 groups |
Destination Groups (Destination IP or FQDN Groups) | 4,000 groups |
FQDNs or IP Addresses per Group | 8,000 addresses |
Locations
Following are the location ranges and limitations.
Feature | Limit |
|---|---|
Locations & Sub-locations per Organization | 32,000 locations |
Sub-locations per Location | 2,000 sub-locations |
IP Address Ranges per Sub-location | 2,000 IP address ranges |
Location Name | 128 characters |
Location State | 128 characters |
Location Groups per Organization | 256 groups |
Locations & Sub-locations per Group | 32,000 locations |
Imported Locations per CSV file | 1,000 entries |
NSS
Following are the NSS filter feed ranges and limitations.
Feature | Limit |
|---|---|
NSS Users per Feed | 1,024 users |
NSS Departments per Feed | 1,024 departments |
NSS Locations per Feed | 1,024 locations |
NSS Clients per Feed | 1,024 clients |
NSS Threat Names per Feed | 1,024 threat names |
Organization
Following are the organization ranges and limitations.
Feature | Limit |
|---|---|
Address Line 1 | 10,240 bytes |
Address Line 2 | 10,240 bytes |
City/State/ZIP | 1,024 bytes |
Name/Title/Phone/Alternate Phone | 1,024 bytes |
Admin Users per Organization | 10,000 admins |
Admin User Login ID | 128 characters |
Admin User Email | 254 characters |
Admin User Name | 256 characters |
Admin User Comments | 10,240 bytes |
Admin User Password | 100 characters |
ADP Clients | 16 clients |
Admin Roles | 64 roles |
Identity Providers | 16 identity providers |
Other
Following are other ranges and limitations.
Feature | Limit |
|---|---|
Source IP and Destination Groups | 4,000 groups |
IP Addresses or FQDNs per Group | 8,000 addresses |
IP Addresses per Organization | 16,000 addresses |
Predefined Bandwidth Classes | 8 classes |
Custom Bandwidth Classes | 17 classes |
Bandwidth Class Name | 128 characters |
Time Intervals | 64 intervals |
GRE Tunnels per ZIA Public Service Edge (both private deployment and cloud) | 800 tunnels |
Virtual Service Edge Nodes or VZENs per Cluster | 16 nodes |
Exported Transactions | 100,000 entries |
Admin Role Name | 128 characters |
SAML Certificate Filename | 128 characters |
SAML Certificate Key Name | 1,024 characters |
Alerts | 128 alerts |
Alert Definition Comments | 10,240 bytes |
Alert Subscription Email | 254 characters |
Restore Point Name | 128 characters |
Restore Point Description | 10,240 bytes |
ICAP Name | 128 characters |
ICAP Receiver URL | 1,024 characters |
Firewall Network Services | 832 services |
Network Service Name | 255 characters |
Network Service Description | 1,024 bytes |
Auditor Email | 254 characters |
Admin Audit Log | 1,000 entries |
SCIM Servers | 5 requests/second |
PAC File
Following are the PAC file ranges and limitations.
Feature | Limit |
|---|---|
Name | 255 characters |
Description | 255 characters |
File Size | 256 KB |
Non-ASCII Characters | The file can contain up to 12% of non-ASCII characters (binary). |
Reporting
Following are the reporting ranges and limitations.
Feature | Limit |
|---|---|
Interactive Report Name | 50 characters |
Widget Name | 50 characters |
Widgets | 20 widgets |
Favorites per User | 50 favorites |
Scheduled Report Recipient (i.e., Email address) | 254 characters |
Export to CSV (Web, Mobile, Firewall, DNS, and Tunnel Insights Logs) | 20 requests/hour |
Policies
Following are the policy & rule ranges and limitations.
Feature | Limit | Comments |
|---|---|---|
Bandwidth Control Policy Rules per Organization | 125 rules |
|
Cloud App Control Policy Rules (per Cloud app Category) per Organization | 127 rules |
|
DNS Control Policy Rules per Organization | 1,020 rules |
|
NAT Control Policy Rules per Organization | 1,023 rules |
|
Firewall Filtering Policy Rules (including DNAT) per Organization | 1,021 rules |
|
Source IP/Destination Groups IP Addresses and FQDNs per Organization | 16,000 addresses |
|
Destination Groups FQDNs per Organization | 5,000 addresses (16,000 addresses with Advanced Cloud Firewall) |
|
Source IP Groups IP Addresses per Rule | 8,000 addresses |
|
Destination Groups IP Addresses and FQDNS per Rule | 8,000 addresses |
|
Source IP/Destination Groups per Rule | 1,000 groups |
|
Service Groups/Application Groups per Rule | 1,000 groups |
|
Destination Groups FQDNs per Rule | 5,000 addresses |
|
Destination Groups IP Addresses and FQDNs per Group | 8,000 addresses |
|
Destination Groups FQDNs per Group | 100 addresses (8,000 addresses with Advanced Cloud Firewall) |
|
URL Filtering Policy Rules | 1,000 rules |
|
Forwarding Policy Rules per Organization | 1,023 rules |
|
Third-Party Proxies Rules per Organization | 8 rules |
|
Gateways for Third-Party Proxies Rules per Organization | 8 rules |
|
ZPA Gateways Rules per Organization | 32 rules |
|
All Other Policy Rules (i.e., DLP Policy, File Type Control Policy, IPS Control Policy, SSL Inspection Policy, etc.) | 127 rules |
|
All Policy Rule Types: |
|
|
Users per Rule | 4 users |
|
Groups per Rule | 8 groups |
|
Departments per Rule | 8 departments |
|
Locations per Rule | 8 locations |
|
Location Groups per Rule | 32 groups |
|
Rule Labels | 1,024 labels |
|
Times per Rule | 8 times |
|
Comments | 10,240 bytes | Some languages use multi-byte characters, so will have fewer characters than bytes. |
URL Filtering & Cloud App Control
Following are the URL filtering and cloud app control ranges and limitations.
Feature | Limit | Comments |
|---|---|---|
Custom Keywords (total) | 2,048 keywords |
|
Custom Keywords per Category | 256 keywords |
|
Keywords retaining parent category per Category | 2,048 keywords |
|
Custom URLs/TLDs | 25,000 URLs/TLDs | Includes:
Duplicate URLs/TLDs are counted once. |
Do Not Scan Content from these URLs | 1,024 URLs |
|
Custom Categories/TLD Categories | 64 categories |
|
URLs | 253 characters |
|
Tenant Profiles per Rule | 16 tenant profiles | Each Cloud App Control Policy rule can have up to 16 tenant profiles associated with it. |
Dropbox Team ID | 100 team IDs | Each team ID can have up to 64 characters. |
Google App Domains | 100 domains | Each domain name can have up to 160 characters. |
Microsoft Login Services Tenant Directory | 250 tenant directories | Each tenant directory can have up to 64 characters. |
Microsoft Login Services Office 365 Tenants | 250 Office 365 tenants | Each Office 365 tenants can have up to 64 characters. |
Slack Your Workspace ID | 100 workspace IDs | Each workspace ID can have up to 64 characters. |
Slack Allowed Workspace ID | 100 workspace IDs | Each workspace ID can have up to 64 characters. |
YouTube Channel ID | 200 channel IDs | Each channel ID can have up to 100 characters. |
YouTube School ID | 100 school IDs | Each school ID can have up to 127 characters. |
Users
Following are the user ranges and limitations.
Feature | Limit |
|---|---|
Users per Organization | 1,400,000 users |
User Name | 128 characters |
User Password | 255 characters |
Groups per User | 127 groups by default |
Comments | 10,240 bytes |
Imported Users per CSV file | 3,000 entries |
User Groups per Organization | 140,000 groups |
User Temporary Authentication Email | 254 characters |
VPN Credentials
Following are the VPN credentials ranges and limitations.
Feature | Limit |
|---|---|
VPN Credentials per Organization | 16,000 credentials |
Imported VPN Credentials per CSV file | 3,000 entries |
User ID (for FQDN and XAUTH authentication types) | 256 characters |
Pre-Shared Key (for FQDN and IP authentication types) | 255 characters |
Comments | 10,240 bytes |
