Two related questions regarding address objects and current limits....
1) Is there a command to see the number of address objects currently on a specific firewall (whether they're local objects or Panorama objects)? I'm familiar with how to view address object limits for a particular platform (show system state | match address)...but would like to see how many address objects are currently on a given firewall.
2) Will there be any future enhancement to Panorama such that address objects not in use in a policy do not get downloaded to all firewalls in a given device group? As this would certainly lessen the number of address objects on any Panorama-managed firewall. And if there will be such a feature, will there also be a provision to go back and remove address objects not used in policies but that live on device today?
Thanks and regards,
Regarding the first question -As far as I know there is no such command that says how many of the objects are present on the firewall and out of them how many belong to panorama. The work around would be to check this from the XML configuration file. I have opened my config file in the xml tool and navigated to address objects section and I can see how many of them are configured on the firewall as below.
As u can see i have 31 of them. I know this is a hardway, thought this might help. Again this will not give any info pushed from the panorama as the panorama objects will not show up in the firewall config file. Do not know if is a better way.
Thanks for the reply sdurga...
Yes, as you say Panorama objects do not show up in XML config file on firewall...I wonder if there is a hidden command from CLI to see them? I wouldn't be surprised...
Yep, I know you can see them on Web-UI of device and just count them...but was looking for another method for box to give me total #... thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!