64 object limit for IP group

mMontana

Hello to everyone,

today I discovered that there's this limit of 64 entries for Address group, and it hit me in two ways.

1: the limit is present on ZLD 4.x device like USG40.
2: the limit is also present on a ZLD 5.x device, like USG Flex 50 (or as it was born… USG 20 VPN.
3: the limit is not present on a ZLD 5.x device like USG Flex 100.

64 objects is not exacly a small limitation, but it's neither that big. It's a binary number, so makes sense to a computer in some way or another.

So, the questions.

1: on ZLD 5.x this limit can be moved to a bigger number, like 128? (I'm aware that ZLD 4.x devices are no more a thing)
2: is this limit device based or software based?
3: is there any object number limit for any category? Is reported in any manual?
4: I worked around this limit using a second group and a second firewall rule and this works… however I'm questioning myself if it's more efficient, as computational power, process more rules or use more memory allocation for a bigger group…

For who's interested why I need "more than 64" IP objects into a group: I use a "cloud" tool for verify the internet availability of the devices and this "look for" https port (non standard) to understand if the security device is actually on and available.
For allowing the USG to be found and answer the request, I have to allow the IPs of the service. IP address list already has been narrowed down to subnets if possible to reduce the object number entries.

PeterUK

One way around it is to group more then one in one group

On FLEX100 to FLEX500 its Maximum Address Object In One Group is 128 and FLEX700 is 256