The company have many PA-500 in HA configuration across the globe, configured by the U.S. team. After upgrade to PanOS 8.0.4, 2 of them are sending alerts like "SYSTEM ALERT : high : User Group count of 16## exceededs threshold of 1000", each of different country and small difference in user group count.
I checked the "Group Mapping Settings", it's using the LDAP Lookup method for the User Identification. It's the same config with another one that doesn't send Alerts. So I am a bit confused what to do to stop that 2 sending Alerts.
Anyone experienced same issue - same hardware, same OS version, same config but few gives Alert? I have seen https://live.paloaltonetworks.com/t5/General-Topics/SYSTEM-ALERT-high-User-Group-count-of-2358-excee... but we are with different environment.
Email body from Alert:
domain: 1 receive_time: 2017/09/18 10:26:50 serial: x_redacted_x seqno: 210806 actionflags: 0x8000000000000000 type: SYSTEM subtype: userid config_ver: 0 time_generated: 2017/09/18 10:26:50 dg_hier_level_1: 0 dg_hier_level_2: 0 dg_hier_level_3: 0 dg_hier_level_4: 0 vsys_name: device_name: x_redacted_x vsys_id: 0 vsys: eventid: user-group-count object: fmt: 0 id: 0 module: general severity: high opaque: User Group count of 1662 exceededs threshold of 1000
By the way, why is it "exceededs"?
Appreciate any suggestions.
VM-50, VM-100, VM-300, PA-200, PA-220, PA-500, PA-800 Series, PA-3020, and PA-3050 firewalls are all restricted to 1,000 AD groups.
Basically means you can't have more than a 1000 groups imported from AD into the PAN-OS.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!