New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

L3 Networker

Dear all,

 

since a couple of days I'm getting alerts like:

Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform. Please consider removing unused configuration

 

I removed all old auto saved configs after upgrades, and the config size looks ok:
> show management-server last-committed config-size
392261 bytes

 

What seems to be strange is the size of the candidate configs;

> show management-server candidate config-size
20213190 bytes

 

Apparently there is no way to delete these, except may be TAC getting root access.

 

Did anyone else see this and found a solution?

 

Regards

   Andreas

19 REPLIES 19

L1 Bithead

Having this issue too for a while and just overnight the pre-defined config grew by 1MB. Based on my investigation the culprit is the Device Dictionary, they keep added more devices/items which is making the Config grow. We don't even have IOT License on the firewall. Very concerning since it threw us closer to the Max. 

 

We have already opened several cases and nothing from TAC on a solution, they threw us in different scenarios just to come back and say there isn't much we can do. Upgrading doesn't leave much of a good taste, since what was recommended to us was a 1410 which its Max config size is 35MB, while yes it bigger but if we are sititng at around 22MB right now.... what doesn't guarantee that in a few years we'll be in the same boat? TAC also can't tell if more pre-defined config will be pushed and that we won't reach the limit on the suggested firewall.

 

It is also expensive, even with credits from our existing subscription, the total for the new 1410 with all same licensing puts us at twice higher price than going with an alternate vendor for Firewalls. 

 

This is madness....

L3 Networker

11.1.4-h7 shows now as a preferred release for the PA-820.

So how can they say one should downgrade to 10.x?

L1 Bithead

Hello,

 

So, I just reached out and opened a new case. We are on 11.1.4-h7 on our PA-850 and the TAC we got assigned reviewed in detail our ticket/issue and returned with a command we had to run on our firewall which expanded the maximum size, he explained there was a fix that was done and this command is needed to expand the maximum config size, otherwise if it is not done and left as is, then you can have the problems of slowness/crashes. 

 

I've asked for more detail and if this was ever made publicly/article where they mention this fix & the command that needs to be done to expand it. 

 

They also confirmed with this, we shouldn't have any further issues & even compared to other cases & they can confirm it has been fixed.

L1 Bithead

Hi,
and thanks for sharing. We only got the information that this is a known issue but only internally and therefore it does not have an issue ID.

Right now we are at 21MB of 23MB. Hope this will have a good end. Creating a filter supressing the error messages can't be the solution.

L3 Networker

Hello,

 

I also opened a new case and referenced this discussion.

Initially I got the standard answer but after referencing the post from DZamudio they came back with the command to run in order to expand the allowed config size.

I also asked them if I can post the command here but didn't receive an answer.

I then asked them to update this discussion with the solution.

I was told they will do that but didn't say when.

 

Regards,

   Andreas

  • 7698 Views
  • 19 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!