PA-5220 Number of security zones capacity increase

PA-5220 Number of security zones capacity increase

21304
Created On 05/08/19 14:40 PM - Last Modified 05/08/19 14:46 PM


Symptom


When migrating from (as example) PA-5060 with more than 80 security zones configured to PA-5220 running PAN-OS 8.0  you will get an error that the number of maximum security zones exceeded.  

*Note: Same can be applicable when upgrading from any firewall that has security zones capacity more than 80 zones.

Cause


On PAN-OS 8.0 PA-5220 had only capacity of 80 security zones:

admin@PA-5220> show system state | match cfg.general.max-zone
cfg.general.max-zone: 80
 

Resolution


This has been increased on PAN-OS 8.1 to 2500 security zones as explained in below article:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-new-features/networking-features/configuration-capacity-improvements

To be able to migrate to PA-5220 then upgrade your PAN-OS on both firewalls to PAN-OS 8.1 and export configuration from the old firewall again and import it to the new firewall.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLvuCAG&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail