New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

L3 Networker

Dear all,

 

since a couple of days I'm getting alerts like:

Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform. Please consider removing unused configuration

 

I removed all old auto saved configs after upgrades, and the config size looks ok:
> show management-server last-committed config-size
392261 bytes

 

What seems to be strange is the size of the candidate configs;

> show management-server candidate config-size
20213190 bytes

 

Apparently there is no way to delete these, except may be TAC getting root access.

 

Did anyone else see this and found a solution?

 

Regards

   Andreas

48 REPLIES 48


@PaloAltorrr wrote:

Hello,

Is there any solution for that so far?


Yes, the bugfix is:

PAN-281721
Fixed an issue where the firewall generated high-severity system alerts indicating that the configuration size exceeded the maximum recommended size, even when the configuration size was within the expected limits.

 

Upgrade to 11.1.6-h17 or 11.1.10-h4 or something that has this bugfix marked as an Addressed Issue in the release notes.

Community Team Member

Hi @PaloAltorrr ,

 

As per @jasonroy : Yes, I've confirmed 11.1.6-h17 fixes it as advertised. Also 11.1.10-h4.

 

Do you see different behavior ?

Kind regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Yes, both versions I referenced increase the default max-config-size value, which stops the alerts for us as we're 5mb below the new value. I tested 11.1.10-h4 (released Sept 4, 2025) for a few days before moving to 11.1.6-h17 (released Sept 1, 2025). Same results: these versions include the PAN-281721 bugfix which sets the new max-config-size value higher which then stops the alerts. Again, the permanent solution is to look at new releases for your version train released in September 2025 or newer that contain the bugfix PAN-281721.

 

Search at the "PAN-OS 11.1.x[-hxx] Addressed Issues" for the above bugfix:

https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/

 

PA850-Lab-Pri(active)> show system info | match sw-version
sw-version: 11.1.6-h17

PA850-Lab-Pri(active)> show management-server candidate config-size

24847316 bytes

PA850-Lab-Pri(active)> debug management-server max-config-size show

Max config size(Bytes):31457280

 

I've indicated that in these two posts:

 

https://live.paloaltonetworks.com/t5/general-topics/new-periodic-alert-configuration-size-19mb-is-ab...

 

https://live.paloaltonetworks.com/t5/general-topics/new-periodic-alert-configuration-size-19mb-is-ab...

 

L2 Linker

Thank you very much

  • 36254 Views
  • 48 replies
  • 2 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!