What is the Maximum Number of Rule Objects Supported?

Printer Friendly Page

Overview

This document explains the maximum number of rule objects supported on Palo Alto Networks devices.

 

Details

To view the maximum number of values for rule objects, run the following CLI command:

> show system state filter cfg.general.max*

Below is a table that displays the maximum number of security policies per platform:

 

Platform Maximum Number of Security Policies
VM-50 250

VM-100

VM-200

1.500

VM-300

VM-1000-HV

10.000

VM-500

10.000

VM-700

20.000

PA-200

PA-220

250

PA-500

1.000

PA-820

PA-850

1.500
PA-2020 2.500
PA-2050 5.000
PA-3020 2.500

PA-3050

PA-3060

5.000
PA-5020 10.000
PA-5050 20.000
PA-5060 40.000
PA-5220 20.000

PA-5250

PA-5260

40.000

PA-7050

PA-7080

40.000

 

owner: panagent

Tags (6)
Comments

Are these maximums per physical device or per Vsys?

The maximums are per device.

Thank you very much for clarifying. :-)

Is the Pa7050 number correct? I thought it was 80000

Hi, the document was updated to reflect the correct number.  The numbers here should correlate with the information on the Product Selection page on our website. 

Are there any numbers available for the PA-VM-1000-HV ?

How about PA220?

@MinhNguyen updated article to include new models

what happens if the number of policies that Panorama pushes exceeds the threshold that the device can manage? (i.e panorama pushes down more than 1000 security policies to PA-500)

 

 

hi @jintan

The commit will fail