User Group Count Exceeds Threshold

User Group Count Exceeds Threshold

15445
Created On 03/06/20 00:40 AM - Last Modified 09/22/21 21:25 PM


Symptom
  • System logs showing User Group Count of 'xxxx' Exceeds Threshold of 1000       

       User-added image



Environment
  • PAN-OS 8.x and above
  • Palo Alto Firewall


Cause

 

  • Firewall enforces a limit on the number of  groups it queries starting from PAN OS 8.x
  • Firewall pulls information from all groups of the directory server when there is no group specified under 

 



    Resolution
    1. Under Group Mapping, select Group Include List by going to: Device > User Identification >Group Map Settings 
    2. Select the Available Groups you want to appear in policy rules and add them to the Included Groups
    3. Perform Commit operation.
    4. Use "show user group-mapping statistics" cli command display the current number of groups. When this value is low, the error message in system log is no longer seen.


     



    Attachments
    Actions
    • Print
    • Copy Link

      https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POxUCAW&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

    Attachments
    Choose Language