Panorama Commit Error: Number of Services (x) Exceeds Platform Capacity (y)

Panorama Commit Error: Number of Services (x) Exceeds Platform Capacity (y)

55043
Created On 09/26/18 13:54 PM - Last Modified 05/26/20 21:48 PM


Symptom


Attempting a commit on a device group or Template from Panorama causes the following error:

Error: Number of services (xxxx) exceeds platform capacity (yyyy)
 (Module: device)
 Commit failed

Where xxxx exceeds yyyy.

Environment


  • Panorama managing connected Firewalls.
  • PAN-OS 7.1 and above.

Cause


Error due to limit on services/address on the firewall. This error is reported by Panorama during the commit push.

Resolution


Under Panorama > Setup > Management > Panorama Settings, disable "Share Unused Address and Service Objects with Devices" to prevent the unnecessary sharing of unused service objects on the devices.

Note: If all the service objects created on the M-100 or Panorama is being utilized by all managed devices, then some service objects need to be aggregated

 

Additional Information


The maximum number of supported services by a Palo Alto Networks Firewall device can be found with the following CLI command:

> show system state | match cfg.general.max-service
Also refer: How to Limit the Number of Shared Objects Panorama Pushes to the Managed Device.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000Cm0D&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkCSArticleDetail

Choose Language