This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

GlobalProtect gateway limit

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect gateway limit

Peter_Tan
L1 Bithead

‎07-01-2020 10:53 AM

We have a pair of PA-850 firewalls, and we are running into an error when pushing configuration from Panorama that contains 7 GP gateways (6 external and 1 internal), and 6 portals.

 

. global-protect -> global-protect-gateway -> GlobalProtect AlwaysOn constraints failed : Maximum number of GlobalProtect gateway configuration exceeded

 

The only related documentation I can find is https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClidCAC, which states that the number of "external" gateways for a PA-850 is limited to 12. We have spoken with support, and they insist that the limit is gateway + portal, even though I can continue to add ports and push the config to our PA-850 with no issues, and that it is in direct contradiction with what the published documentation states. I have also tested by deleting 2 portals (4 remaining) and still cannot add a 6th external gateway, with 1 internal gateway.

 

We are getting no help from support, and getting frustrated with the lack of a path to resolution. I can accept it if the gateway limit is indeed 6 (or combined limit of 12 for gateway + portal), as long as it is states clearly as such in any published documentation.

 

Anyone else ran into a similar situation?

2 people had this problem.
(1)
6 REPLIES 6

abahrami
L0 Member

‎07-01-2020 04:00 PM

Hello Peter , 

 

Hope you are doing good.

 

I just wanted to update you that I am checking internally regard this issue and I am trying to replicate this problem in my lab device.

 

I’ll update you as soon as I have further information.

 

Thank you!

0 Likes Likes

Peter_Tan
L1 Bithead
In response to abahrami

‎07-06-2020 10:04 AM

Hi Abahrami,

 

Thank you for looking into this for me. 

 

Peter

0 Likes Likes

Chris_Johnston
L2 Linker

‎07-20-2021 12:15 PM

Did you ever get an answer?  I have a case opened today for adding a 7/8th gateway to an 850 running 9.0.12 with the same error message failing.

0 Likes Likes

Peter_Tan
L1 Bithead

‎07-20-2021 12:25 PM

unfortunately, no. We never got a response/solution out of support. I have tested this again today, and we still have the same limit

0 Likes Likes

Chris_Johnston
L2 Linker

‎07-20-2021 12:28 PM

I'll update you on my case status when I get one.  As of right now, it noted it *should* be fixed in 9.1.11

 

PAN-112175
Fix in 9.1.11 ETA 8/5/21

(1)

Chris_Johnston
L2 Linker

‎07-27-2021 05:56 AM

Just an update - asked TAC to confirm bugID was correct.

 

Engineering did duplicate it to previously found PAN-112175.
Fix in 9.1.11 ETA 8/5/21

 

No plans to backport to 9.0.x yet. 

0 Likes Likes
  • 6088 Views
  • 6 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks