How to mitigate configuration size reaching device capacity limit
68555
Created On 07/19/23 15:58 PM - Last Modified 04/01/26 03:19 AM
Objective
To mitigate High MP Memory issue due to the configuration size reaching device capacity limit. This root cause of high MP Memory would have been determined by noticing that the increase in MP Memory coincided with an increase in Firewall's/Panorama's config size.
Environment
- Palo Alto Firewall
- MP Memory
- Config size
Procedure
- Check the Firewall last committed configuration size and candidate configuration size using CLI command:
show management-server last-committed config-size show management-server candidate config-size - Reduce the number of Address , Address Group , Service , Service Group , FQDN and EDL Objects.
- Delete unused Security policies and NAT policies. Refer to Tips & Tricks: How to Identify Unused Policies on a Palo Alto Networks Device.
- For Panorama VM consider increasing its memory size refer to "Increase CPUs and Memory on the Panorama Virtual Appliance".
- If even after following the recommendation listed above you are unable to reduce the configuration size below the capacity limit of your hardware platform then contact your SE to check with them if you should consider upgrading your platform to a higher capacity platform.
Additional Information
- To check the maximum configuration file size supported by Panorama refer to: Total Configuration Size for Panorama.
To check the maximum configuration file size recommended for firewalls refer to below table. - These limits may increase with newer PAN-OS releases.
- If your configuration requires more space than listed, please contact TAC to verify if a more recent version supports your specific needs.