Is there a Limit to the Number of Security Profiles and Policies per Device?
Resolution
Yes there is a limit to the number of security profiles as well as security rules that can be configured on the device.
Following is sample output on a PA-4020 that shows the limit to the profiles and security policies
PA-4020> show system state filter cfg.general.max* | match profile
cfg.general.max-profile: 250
PA-4020> show system state filter cfg.general.max* | match rule
cfg.general.max-cp-policy-rule: 1000
cfg.general.max-di-nat-policy-rule: 4000
cfg.general.max-dip-nat-policy-rule: 200
cfg.general.max-dos-policy-rule: 1000
cfg.general.max-nat-policy-rule: 1000
cfg.general.max-oride-policy-rule: 1000
cfg.general.max-pbf-policy-rule: 500
cfg.general.max-policy-rule: 10000
cfg.general.max-qos-policy-rule: 1000
cfg.general.max-si-nat-policy-rule: 1000
cfg.general.max-ssl-policy-rule: 1000
Note: All hardware can have different values, you will need to run these commands on your own hardware to determine the limit.
owner: ppatel