07-01-2024 11:09 PM
hello everyone:
What are the security documents here?
Anything else?
Is there any command to check how many profiles have been configured?
1、url filter
2、antivirus
3、anrispyware
4、vulnerability
5、file block
6、wildfire
7、data filter
8、dos
07-02-2024 03:17 AM - edited 07-02-2024 03:18 AM
log forwarding profiles
QoS profiles
AFAIK there isn't a command to check how many you currently have, would be nice though (or at least an option to list how many are used before bumping into a failed commit)
07-02-2024 07:12 PM
After calculation, the security profiles on both local and panorama are within the limit. Is there anything else I can check? pan-os version is 10.2.9-h1
07-03-2024 01:13 AM
I tested for you.
It counts num. of profiles under "set profiles ...." cmd.
My testbed is PA-VM v11.1.3 and maximum number of profile is 375 (0x177)
===
admin@PA-VM> show system state filter cfg.general.max-profile
cfg.general.max-profile: 0x177
===
TEST Scenario and RESULT
After I configure bunch of dummy anti-virus profile and reaches to 375, add 376th profile and try to commit.
If it fails, the device is counting it as "profile". I marked it as "fail" in the table below
So, you should check following profiles
| # set profiles ? | predefined | custom | add 376th |
| > custom-url-category custom-url-category | 0 | 0 | ok |
| > data-filtering data-filtering | 0 | 0 | fail |
| > data-objects data-objects | 0 | 0 | ok |
| > decryption decryption | 1 | 0 | fail |
| > dos-protection dos protection profile | 0 | 0 | ok |
| > file-blocking file-blocking | 2 | 0 | fail |
| > gtp gtp | 0 | 0 | fail** |
| > hip-objects hip-objects | 0 | 0 | ok |
| > hip-profiles hip profiles | 0 | 0 | fail |
| > sctp sctp | 1 | 0 | fail** |
| > sdwan-error-correction sdwan error correction profile | 0 | 0 | ok |
| > sdwan-path-quality sdwan path quality profile | 20 | 0 | ok |
| > sdwan-saas-quality sdwan saas quality profile | 0 | 0 | ok |
| > sdwan-traffic-distribution sdwan traffic distribution profile | 0 | 0 | ok |
| > spyware spyware | 2 | 1 | fail |
| > url-filtering url-filtering | 1 | 0 | fail |
| > virus virus | 1 | 363 | fail |
| > vulnerability vulnerability | 1 | 1 | fail |
| > wildfire-analysis wildfire-analysis | 1 | 0 | fail |
| TOTAL NUMBER OF PROFILES (all profiles) | 30 | 365 | |
| TOTAL NUMBER OF PROFILES (only with failed profiles) | 10 | 365 | =375 |
** the feature is disabled by default, but predefined profiles are counted.
ADDITIONAL INFO
I could commit followings as 376th profile (means device does not count them as "security profile")
| predefined | custom | add 1 | |
| Profile Group | ok | ||
| Log Forwarding | ok | ||
| Authentication | ok | ||
| Schedule | ok | ||
| SD-WAN Interface Profile | ok |
07-03-2024 01:18 AM
Thank you very much for your test. We have opened the original case and upgraded it to T3 engineers for processing. At present, it seems to be a software problem.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
