Palo Alto Networks Knowledgebase: Is there a Limit to the Number of Security Profiles and Policies per Device?

Is there a Limit to the Number of Security Profiles and Policies per Device?

2376
Created On 02/07/19 23:45 PM - Last Updated 02/07/19 23:46 PM
Policy
Resolution

Yes there is a limit to the number of security profiles as well as security rules that can be configured on the device.

Following is sample output on a PA-4020 that shows the limit to the profiles and security policies

PA-4020> show system state filter cfg.general.max* | match profile

cfg.general.max-profile: 250

PA-4020> show system state filter cfg.general.max* | match rule

cfg.general.max-cp-policy-rule: 1000

cfg.general.max-di-nat-policy-rule: 4000

cfg.general.max-dip-nat-policy-rule: 200

cfg.general.max-dos-policy-rule: 1000

cfg.general.max-nat-policy-rule: 1000

cfg.general.max-oride-policy-rule: 1000

cfg.general.max-pbf-policy-rule: 500

cfg.general.max-policy-rule: 10000

cfg.general.max-qos-policy-rule: 1000

cfg.general.max-si-nat-policy-rule: 1000

cfg.general.max-ssl-policy-rule: 1000

Note: All hardware can have different values, you will need to run these commands on your own hardware to determine the limit.

owner: ppatel



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clr6CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language