https://live.paloaltonetworks.com/t5/general-topics/multiple-pa-500-with-panos-8-0-4-some-system-alert-high-user/m-p/177614#M55372 <P><SPAN>VM-50, VM-100, VM-300, PA-200, PA-220, PA-500, PA-800 Series, PA-3020, and PA-3050 firewalls are all restricted to 1,000 AD groups.</SPAN></P><P>&nbsp;</P><P><SPAN>Basically means you can't have more than a 1000 groups imported from AD into the PAN-OS.&nbsp;</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Tue, 19 Sep 2017 14:41:21 GMT RichColeman 2017-09-19T14:41:21Z https://live.paloaltonetworks.com/t5/general-topics/multiple-pa-500-with-panos-8-0-4-some-system-alert-high-user/m-p/176879#M55247 <P>Hi all,</P><P>&nbsp;</P><P>The company&nbsp;have many PA-500 in HA configuration across the globe, configured by the U.S. team. After upgrade to PanOS 8.0.4, 2 of them are sending alerts like "<STRONG>SYSTEM ALERT : high : User Group count of 16##&nbsp;exceededs threshold of 1000</STRONG>", each of different country and small difference in user group count.</P><P>&nbsp;</P><P>I checked the "Group Mapping Settings", it's using the LDAP Lookup method for the <STRONG>User Identification</STRONG>. It's the same config with another one that doesn't send Alerts. So I am a bit confused what to do to stop that 2 sending Alerts.</P><P>&nbsp;</P><P>Anyone experienced same issue - same hardware, same OS version, same config but&nbsp;few&nbsp;gives Alert? I have seen&nbsp;<A title="SYSTEM ALERT : high : User Group count of 2358 exceededs threshold of 1000" href="https://live.paloaltonetworks.com/t5/General-Topics/SYSTEM-ALERT-high-User-Group-count-of-2358-exceededs-threshold/m-p/174373#M54804" target="_self">https://live.paloaltonetworks.com/t5/General-Topics/SYSTEM-ALERT-high-User-Group-count-of-2358-exceededs-threshold/m-p/174373#M54804</A>&nbsp;but we are with different&nbsp;environment.</P><P>&nbsp;</P><P><U>Email&nbsp;body from Alert</U>:</P><PRE>domain: 1 receive_time: 2017/09/18 10:26:50 serial:&nbsp;x_redacted_x seqno: 210806 actionflags: 0x8000000000000000 type: SYSTEM subtype: userid config_ver: 0 time_generated: 2017/09/18 10:26:50 dg_hier_level_1: 0 dg_hier_level_2: 0 dg_hier_level_3: 0 dg_hier_level_4: 0 vsys_name: device_name:&nbsp;x_redacted_x vsys_id: 0 vsys: eventid: user-group-count object: fmt: 0 id: 0 module: general severity: high opaque: User Group count of 1662 exceededs threshold of 1000</PRE><P>By the way, why is it "<EM>exceededs</EM>"?</P><P>&nbsp;</P><P>Appreciate any suggestions.</P><P>Patrick.</P> Mon, 18 Sep 2017 00:42:19 GMT https://live.paloaltonetworks.com/t5/general-topics/multiple-pa-500-with-panos-8-0-4-some-system-alert-high-user/m-p/176879#M55247 PK-GHL 2017-09-18T00:42:19Z https://live.paloaltonetworks.com/t5/general-topics/multiple-pa-500-with-panos-8-0-4-some-system-alert-high-user/m-p/177614#M55372 <P><SPAN>VM-50, VM-100, VM-300, PA-200, PA-220, PA-500, PA-800 Series, PA-3020, and PA-3050 firewalls are all restricted to 1,000 AD groups.</SPAN></P><P>&nbsp;</P><P><SPAN>Basically means you can't have more than a 1000 groups imported from AD into the PAN-OS.&nbsp;</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Tue, 19 Sep 2017 14:41:21 GMT https://live.paloaltonetworks.com/t5/general-topics/multiple-pa-500-with-panos-8-0-4-some-system-alert-high-user/m-p/177614#M55372 RichColeman 2017-09-19T14:41:21Z