Some of our smaller PAs are starting to have their commits fail do to the number of profiles configured in Panorama. The error I receive is "Total number of profiles (xx) exceeds platform capacity (xx)". I followed this link but it does not seem to have helped: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm0DCAS
This had me disable the "Share Unused Address and Service Objects with Devices". Even though this has been disabled all of the unused security profiles are still applied to my firewalls where they are not needed. Is there something else that can be done to remove the unused security profiles?
So profile is actually every policy in your entire rulebase; Security, NAT, QoS, PBF, Decryption, Tunnel Inspection, Application Override, Atuh, and DoS Protection. Remove any policies that you aren't actually using on the device and you'll be good to go.
View Max Profiles on device.
'show system state filter cfg.general.max* | match profile'
So profile is actually every policy in your entire rulebase; Security, NAT, QoS, PBF, Decryption, Tunnel Inspection, Application Override, Atuh, and DoS Protection.
@BPry are you sure? Doesn't this mean security profiles like url, antivirus, anrispyware, vulnerability? Because these profiles are still shared with the firewalls even if you have the option "share unused ..." disabled (this option is only for address-, addressgroup-, service- and servicegroupobjects)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!