Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Address object limits / Panorama ...

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Address object limits / Panorama ...

L1 Bithead

Heya,

Two related questions regarding address objects and current limits....

1) Is there a command to see the number of address objects currently on a specific firewall (whether they're local objects or Panorama objects)?  I'm familiar with how to view address object limits for a particular platform (show system state | match address)...but would like to see how many address objects are currently on a given firewall.

2) Will there be any future enhancement to Panorama such that address objects not in use in a policy do not get downloaded to all firewalls in a given device group?  As this would certainly lessen the number of address objects on any Panorama-managed firewall.  And if there will be such a feature, will there also be a provision to go back and remove address objects not used in policies but that live on device today?

Thanks and regards,

- Dave

5 REPLIES 5

L6 Presenter

Regarding the first question -As far as I know there is no such command that says how many of the objects are present on the firewall and out of them how many belong to panorama. The work around would be to check this from the XML configuration file. I have opened my config file in the xml tool and navigated to address objects section and I can see how many of them are configured on the firewall as below.

111Capture.PNG112Capture.PNG

As u can see i have 31 of them. I know this is a hardway, thought this might help. Again this will not give any info pushed from the panorama as the panorama objects will not show up in the firewall config file. Do not know if is a better way.

Oops you can find the number of objects on the device from the web-ui itself,  I missed that part.

Thanks for the reply sdurga...

Yes, as you say Panorama objects do not show up in XML config file on firewall...I wonder if there is a hidden command from CLI to see them?  I wouldn't be surprised...

Yep, I know you can see them on Web-UI of device and just count them...but was looking for another method for box to give me total #...   thanks.

- Dave

What is this "XML tool" ?

never heard of it.

Can you share some details about this tool ?

Any XML editor to display the Config XML file in the organised way. I use XML marker which is a free tool . available at the following link XML Marker Free XML Editor and Json Editor - XML Marker

  • 5103 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!