How to troubleshoot the capacity issue of Virtual Systems configured on the Firewall
10939
Created On 04/18/23 06:19 AM - Last Modified 09/15/23 07:03 AM
Objective
- To Check the maximum capacity of the Firewall in the number of Virtual Systems.
- To Check the current number of configured Virtual Systems in the Firewall.
- To Determine the amount Virtual Systems license available in the Firewall.
- To Increase the Virtual System License
Environment
- Palo Alto Firewalls
- Supported PAN-OS
- Virtual Systems
Procedure
Attention Strata Cloud Manager Users: If you've been redirected to this knowledge article, please skip ahead and start with Step 2.
- Check the maximum capacity of Virtual Systems for your Firewall.
- Use Firewall CLI:
> show system state filter cfg.general.max* | match vsys
Note: In case the value is listed in hexadecimal format 0x then it needs to be converted to decimal. Most recent platforms and PAN-OS versions will list the value in decimal.
- Use the Product Selection web page click Show More under your platform name to find the maximum Security rules.
- Check the current number of Virtual Systems from GUI: Device > Virtual Systems
- Check on the current number of Virtual Systems license from GUI: Device > Licenses
- Using the information obtained from Steps 1 and 3, if the Virtual Systems license amount is less than the value of cfg.general.max-vsys (obtained from Step1); Contact Palo Alto Networks Sales team to inquire about obtaining additional Virtual Systems add-on licenses. This will ensure that the network has the necessary licenses to meet its virtual system requirements.
- If the current firewall has reached its maximum capacity and it is not possible to upgrade the license, it may be worth considering upgrading to a higher capacity platform.