User Group Count Exceeds Threshold
Created On 03/06/20 00:40 AM - Last Modified 09/22/21 21:25 PM
- System logs showing User Group Count of 'xxxx' Exceeds Threshold of 1000
- PAN-OS 8.x and above
- Palo Alto Firewall
- Firewall enforces a limit on the number of groups it queries starting from PAN OS 8.x
- Firewall pulls information from all groups of the directory server when there is no group specified under
- Under Group Mapping, select Group Include List by going to: Device > User Identification >Group Map Settings
- Select the Available Groups you want to appear in policy rules and add them to the Included Groups
- Perform Commit operation.
- Use "show user group-mapping statistics" cli command display the current number of groups. When this value is low, the error message in system log is no longer seen.