提交失败并显示“错误:安全规则数量超出平台容量”

提交失败并显示“错误:安全规则数量超出平台容量”

3328
Created On 06/23/22 06:04 AM - Last Modified 01/03/25 14:55 PM


Symptom


添加新的安全规则后提交作业失败:

Commit job 12 is in progress. Use Ctrl+C to return to command prompt
..........55%.
vsys1
    Error: Number of security rules (40023) exceeds platform capacity (40000)
    Error: Failed to parse security policy
(Module: device)
Commit failed

Environment


  • PA 系列下一代防火墙
  • PAN-OS 8.1 或更高版本

Cause


每个平台的安全规则数量都有限制。
可以使用“show system 状态 filter cfg.general.max-policy-rule”命令从CLI检查此限制。

> show system state filter cfg.general.max-policy-rule
cfg.general.max-policy-rule: 40000


如果超出安全规则数量的限制,则会输出以下错误信息,并且提交作业将失败。

Error: Number of security rules (40023) exceeds platform capacity (40000)

Resolution


根据需要删除安全规则,使安全规则数量小于平台的容量。
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wkl4CAA&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language