What is the Command to Display System Limits?

What is the Command to Display System Limits?

55262
Created On 09/25/18 19:48 PM - Last Modified 06/09/23 07:37 AM


Resolution


Details

Run the following CLI command to view the system limits on a Palo Alto Networks device:

> show system state filter cfg.general.max*

 

Sample output from a PA-4020 firewall:

> show system state filter cfg.general.max*

cfg.general.max-address: 10000

cfg.general.max-address-group: 1000

cfg.general.max-address-per-group: 500

cfg.general.max-appid-pkts: 65536

cfg.general.max-appinfo2ip-entry: 8192

cfg.general.max-arp: 20480

cfg.general.max-blacklist: 25000

cfg.general.max-cert-cache-entries: 0x100

cfg.general.max-cp-policy-rule: 1000

cfg.general.max-ctd-session: 524288

cfg.general.max-di-nat-policy-rule: 4000

cfg.general.max-dip-nat-policy-rule: 200

cfg.general.max-dos-policy-rule: 1000

cfg.general.max-fibinstance: 255

cfg.general.max-fibtrie-buf: 12582912

cfg.general.max-ha-aa-vaddresses: 128

cfg.general.max-hip: 32

cfg.general.max-ifnet: 2048

cfg.general.max-ipfrags: 28672

cfg.general.max-mac: 20480

cfg.general.max-mroute: 4000

cfg.general.max-nat-policy-rule: 1000

cfg.general.max-neigh: 2000

cfg.general.max-oride-policy-rule: 1000

cfg.general.max-pbf-policy-rule: 500

cfg.general.max-policy-rule: 10000

cfg.general.max-profile: 250

cfg.general.max-proxy-mem: 0xae4000

cfg.general.max-proxy-reverse_keys: 0x19

cfg.general.max-proxy-session: 7936

cfg.general.max-proxy-timer-chunks: 0x4000

cfg.general.max-qos-policy-rule: 1000

cfg.general.max-qosbw: 1000

cfg.general.max-qosif: 12

cfg.general.max-qosnet: 32

cfg.general.max-regions: 1024

cfg.general.max-registered-ip-address: 0x1388

cfg.general.max-return-address: 0x20

cfg.general.max-route: 16384

cfg.general.max-schedule: 256

cfg.general.max-service: 2000

cfg.general.max-service-group: 250

cfg.general.max-service-per-group: 500

cfg.general.max-session: 524288

cfg.general.max-shared-gateway: 4

cfg.general.max-si-nat-policy-rule: 1000

cfg.general.max-signature: 6000

cfg.general.max-ssh-proxy-session: 512

cfg.general.max-ssl-policy-rule: 1000

cfg.general.max-ssl-portal: 26

cfg.general.max-ssl-sess-cache-size: 2000

cfg.general.max-ssl-tunnel: 5000

cfg.general.max-tcp-segs: 32768

cfg.general.max-threat-signature: 3000

cfg.general.max-tunnel: 2048

cfg.general.max-url-pattern: 25000

cfg.general.max-vlan: 4096

cfg.general.max-vrouter: 20

cfg.general.max-vsys: 21

cfg.general.max-vwire: 12

cfg.general.max-whitelist: 25000

cfg.general.max-zone: 80

 

Sample output from a PA-5050 firewall:

> show system state filter cfg.general.max*

cfg.general.max-address: 40000

cfg.general.max-address-group: 2500

cfg.general.max-address-per-group: 500

cfg.general.max-appid-pkts: 98304

cfg.general.max-appinfo2ip-entry: 65536

cfg.general.max-arp: 32000

cfg.general.max-blacklist: 50000

cfg.general.max-cert-cache-entries: 0x400

cfg.general.max-cp-policy-rule: 2000

cfg.general.max-ctd-session: 2097152

cfg.general.max-di-nat-policy-rule: 4000

cfg.general.max-dip-nat-policy-rule: 250

cfg.general.max-dos-policy-rule: 1000

cfg.general.max-fibinstance: 255

cfg.general.max-fibtrie-buf: 0x2000000

cfg.general.max-ha-aa-vaddresses: 256

cfg.general.max-hip: 63

cfg.general.max-ifnet: 4096

cfg.general.max-ipfrags: 28672

cfg.general.max-mac: 32000

cfg.general.max-mroute: 4000

cfg.general.max-nat-policy-rule: 4000

cfg.general.max-neigh: 5000

cfg.general.max-oride-policy-rule: 2000

cfg.general.max-pbf-policy-rule: 2000

cfg.general.max-policy-rule: 20000

cfg.general.max-profile: 500

cfg.general.max-proxy-mem: 0x2e00000

cfg.general.max-proxy-reverse_keys: 0x12c

cfg.general.max-proxy-session: 23808

cfg.general.max-qos-policy-rule: 2000

cfg.general.max-qosbw: 10000

cfg.general.max-qosif: 12

cfg.general.max-qosnet: 64

cfg.general.max-regions: 1024

cfg.general.max-registered-ip-address: 0x61a8

cfg.general.max-return-address: 0x30

cfg.general.max-route: 32768

cfg.general.max-schedule: 256

cfg.general.max-service: 2000

cfg.general.max-service-group: 250

cfg.general.max-service-per-group: 500

cfg.general.max-session: 2097152

cfg.general.max-shared-gateway: 8

cfg.general.max-si-nat-policy-rule: 4000

cfg.general.max-signature: 6000

cfg.general.max-ssh-proxy-session: 1024

cfg.general.max-ssl-policy-rule: 2000

cfg.general.max-ssl-portal: 131

cfg.general.max-ssl-sess-cache-size: 6000

cfg.general.max-ssl-tunnel: 10000

cfg.general.max-tcp-segs: 32768

cfg.general.max-threat-signature: 3000

cfg.general.max-tsagents: 1000

cfg.general.max-tunnel: 4096

cfg.general.max-url-pattern: 50000

cfg.general.max-vlan: 4096

cfg.general.max-vrouter: 125

cfg.general.max-vsys: 126

cfg.general.max-vwire: 12

cfg.general.max-whitelist: 50000

cfg.general.max-zone: 500

 

Some of the above values given in "0x" format are hexadecimal values. Convert them to a decimal to find out the real value.

 

For example, on a PA-200:

cfg.general.max-zone: 0xa

 

0xa is hexadecimal for 10, thus the maximum number of zones supported on PA-200 is 10.

 

owner: tindla
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldiCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language