autocommit fail : Total NAT DIPP exceed

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

autocommit fail : Total NAT DIPP exceed

L3 Networker

Hi all, I found the issue after upgrade Palo alto from PAN-OS 5.0-6.1.0  when to 6.1.0 auto-commit faile and show messages "Total NAT DIPP translated IP 804 exceeds the capacity of 800 " My model PA-5050 so, I would like to know this issue occur? 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Hi

 

Are you sure your system is a PA-5050? The PA-5050 has a DIPP capacity for 2000 rules, the PA-5020 has a capacity of 800

anyway, this means you configured too many DIPP rules and need to combine/prune policies to come within the system's capacity

 

Please also upgrade to 6.1.19 at your earliest convenience as this is the recommended release for PAN-OS 6.1

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

Hi

 

Are you sure your system is a PA-5050? The PA-5050 has a DIPP capacity for 2000 rules, the PA-5020 has a capacity of 800

anyway, this means you configured too many DIPP rules and need to combine/prune policies to come within the system's capacity

 

Please also upgrade to 6.1.19 at your earliest convenience as this is the recommended release for PAN-OS 6.1

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaperOhhh sorry Model Pa-5020 I would like to know whether this case autocommit fail 6.1.0 can upgrade to 6.1.19 from your recommend will not issue occur ?

It will keep occuring until you adjust the configuration to fall below the maximum supported number of DIPP rules, unfortunately

 

This is a system limitation

 

upgrading to 6.1.19 just ensures you don't run into any other issues 🙂

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper Thank you for advice to me 

  • 1 accepted solution
  • 3632 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!