There is no hard technical limit, but large policies affect negatively both MGMT and GW performance. Depending on the needs, you could run reasonably well with 3-5k rules, but in my personal book even that is way too long.
In my performance optimization series, I have a real world example of a policy that had 2k rules, that were optimised into less than 300, and I have see quite a few cases like that in the field over 20 years.
Having more than 500 is already hard to manage, and when your policy grows over 1k, it is a sign of issues with security management definitions and audit. In many cases, large policies are created when security management is outsourced to a third party, which then never clean up obsolete rules.
Do you best to keep it economical, review policies regularly and clean up them as part of routine management procedures.