Ranges and Limitations

Lists of the ranges and limitations for secure access rules, resources, and other features in the Zero Trust Secure Access app.

Table 1. Secure Access Rules

Feature

Limit

Risk Control Rule

  • 500 rules

  • 100 users/groups per rule in classic view

  • 100 users/groups per Users node per rule in playbook view

  • 100 URL categories per rule

  • 100 custom cloud app categories per rule

  • 100 specific actions for supported cloud apps per rule

  • 50 Users node branches per customized rule in playbook view

    Note:

    Customized rules are the rules created from New rule in playbook view.

  • 50 Condition node branches per Users node per customized rule in playbook view

Private Access Rule

  • 2,000 rules

  • 90 users/groups per rule

  • 40 locations per rule

  • 40 internal apps per rule

Internet Access Rule

  • 100 rules
Table 2. Secure Access Resources

Feature

Limit

Device Posture Profile

  • 1,000 device posture profiles

File Profile

  • 100 file profiles

Threat Protection Rule

  • 100 Threat Protection rules

  • File size for File Scanning: 2 GB

  • File compression layers: 20

Data Loss Prevention Rule

  • 100 Data Loss Prevention rules

Custom URL Category

  • 100 custom URL categories

  • 1,000 domain/keyword/URL entries per category

Custom Cloud App Category

  • 200 custom cloud app categories

  • 200 cloud apps per category

IP Address Group

  • 1,000 IP address groups

  • 100 IP addresses per group

Tenancy Restriction Rule

  • 100 Tenancy Restriction rules

  • Applicable domains: 128 characters

  • Header field value: 1,024 characters
Table 3. Private Access Configuration

Feature

Limit

Private Access Connector

  • 20 Private Access Connector groups

  • 10 Private Access Connector virtual appliances per group

Internal app

  • 1,000 internal apps

  • 1,000 app group tags

  • 500 internal apps per app group tag

  • 1,000 internal apps in the user portal (Browser Access)

Certificate

  • 1,000 server certificates

  • 1,000 enrollment certificates
Table 4. Internet Access Configuration

Feature

List

Internet Access Gateway/location

  • 500 corporate network locations

  • 2,000 public IP addresses for corporate network locations per customer

  • 500 on-premises gateways

PAC file

  • 30 PAC files

HTTPS Inspection Rule

  • 100 HTTPS inspection rules

HTTPS Inspection Exception

  • 1,000 HTTPS inspection exceptions

  • 100 excluded subdomains per exception

  • Domain name: 255 characters

TLS/SSL Certificate

  • 100 trusted root/intermediate certificates

  • 100 untrusted root/intermediate certificates

  • Root/intermediate certificate file size: 1 MB

  • Root/intermediate certificate file format: .pem (Base64 encoding), .p7b (ASCII)

  • 200 server certificates/common names

Allow List/Deny List

  • 1,000 allowed URLs

  • 1,000 denied URLs
Table 5. Customization Settings

Feature

Limit

Page Banner

  • Image format: JPEG, JPG, PNG, SVG

  • Image size: 100 KB

  • Image dimensions: 24 x 24 pixels

Sign In Page

  • 600 characters

User Portal

  • 100 characters

Restricted Access Page

  • Secure Access Module Notification: 160 characters

  • Other restricted access pages: 10,240 characters
Parent topic: Getting Started with Zero Trust Secure Access