- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-05-2018 11:59 PM
While pushing policy from PAN to PA220 Firewall running 8.0.3
I am getting attached Error. We have around 6kplus object in that specific template.
As per PA support, 8.0.X pan version comes with a precheck that will not allow commit till the object count be below 2500 value for PA220.
My Query...
1. Does all objects get pushed from PAN irrespectively whether it's used or not,
or only those objects are pushed which are part of security Policies?
2. I got the above error when pushing policy from PAN to PA 220 FW running 8.0.3
However, When i did a push from PAN to PAN220 running 8.0.7 i didn't receive same error.
3. Best way to clean up unused object without breaking anything?
06-06-2018 02:59 AM - edited 06-06-2018 03:01 AM
There is a script somewhere that parses the config to find objects that are not used in rules. Do a search and you will come across it..
Edit:::
06-06-2018 06:58 AM
If you aren't using the object you can always modify the 'Share Unused Address and Service Objects with Devices' option so that it only passes what's actively being used in policy. Really though you need to take some time to clean up these objects and do some maintenance. As @RobinClayton mentioned using the provided script is a good way of going about that.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!