02-04-2013 02:28 PM
In Panorama Version 5 it can be configured that address and service objects are only applied to firewalls which actually need these objects because they are used in the policy. Unused objects are not pushed to the firewall. However we found out this only applies to address and service objects (as the setting "Share Unused Address and Service Objects with Devices" mentions - we disabled it to not overload small device models). Shared Application Groups are still being pushed to all connected firewalls even if they are not used there. Is there any limit on Application Groups that can be configured per device model (I could not find anything in the documentation)? When Palo Alto Networks introduced the option regarding address and service objects, why did they not include Application Groups to this logic as well?
02-04-2013 02:45 PM
Currently there is no limit on the number of application-groups that can be built for a platform, and I believe it is for the same reason the option that you are looking for is not included in the Panorama.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
