Commit Failure with "Error: Number of security rules exceeds platform capacity"

Commit Failure with "Error: Number of security rules exceeds platform capacity"

4148
Created On 06/23/22 06:04 AM - Last Modified 10/22/24 13:00 PM


Symptom


The commit job fails after adding new security rules:

Commit job 12 is in progress. Use Ctrl+C to return to command prompt
..........55%.
vsys1
    Error: Number of security rules (40023) exceeds platform capacity (40000)
    Error: Failed to parse security policy
(Module: device)
Commit failed


 

Environment


  • PA-Series Next-Generation Firewall
  • PAN-OS 8.1 or later

Cause


There is a limit to the number of security rules for each platform.
This limit can be checked from the CLI with the "show system state filter cfg.general.max-policy-rule" command.

> show system state filter cfg.general.max-policy-rule
cfg.general.max-policy-rule: 40000


If the limit of the number of security rules is exceeded, the following error message will be output and the commit job will fail.

Error: Number of security rules (40023) exceeds platform capacity (40000)

Resolution


Delete the security rules as necessary so that the number of security rules is less than the capacity of the platform.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wkl4CAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language