This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Are there performance issues due to object groups?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Are there performance issues due to object groups?

JoHyeonJae
L3 Networker

‎11-22-2022 04:21 PM

Hello all,

As shown in the attached photo below, the limit on the number of members in the address group of PA-3220 is 2500.

1. We are going to apply about 2000 Object Members per address Group to the PA-3220, is there any performance issue? If there were, what performance issues would there be?

2. If 4,000 objects are grouped, is there no problem if you divide 2,000 objects into 2 groups and apply them to one policy?

Screen Shot 2022-11-23 at 9.20.43 AM.png

Thanks and Regards,

0 Likes Likes
5 REPLIES 5

Metgatz
L4 Transporter

‎11-22-2022 10:03 PM

Hello @JoHyeonJae 

 

The limits of each model of firewall palo alto networks, already consider the use or possible use of that group in one or more policies, therefore at performance level there should not be any problem, since it is within the threshold limit for that model.

 

Regards

High Sticker
0 Likes Likes

JoHyeonJae
L3 Networker
In response to Metgatz

‎11-22-2022 10:07 PM

@Metgatz 

Thank you for your update.

Can I understand that there is no performance issue for question number one?
And is there no problem with question number 2?

0 Likes Likes

Metgatz
L4 Transporter
In response to JoHyeonJae

‎11-22-2022 10:10 PM

Hello @JoHyeonJae 

 

Exactly, there are no issues, since it is part of the limits declared for each model.

 

Exactly, in point 2, as long as you do not exceed the total limit of address objects 30.000 30k and do not exceed 2500 2.5k address objects per group, it is correct.

 

Regards

High Sticker
0 Likes Likes

JoHyeonJae
L3 Networker
In response to Metgatz

‎11-22-2022 10:14 PM

@Metgatz 
Thank you for your prompt response!

Is there any documentation related to this subject? (I guess there is no documentation so)

Thanks,

0 Likes Likes

Metgatz
L4 Transporter
In response to JoHyeonJae

‎11-22-2022 10:20 PM

Hey @JoHyeonJae 

There is no documentation as such, since what you indicate is totally valid based on the firewall model and its officially declared limits.

I have done similar things with other models of firewalls bordering the limits and I have not had any problem.

 

Here is a similar thread:

https://live.paloaltonetworks.com/t5/general-topics/address-group-limitation/td-p/44196

 

Greetings

High Sticker
0 Likes Likes
  • 1447 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks