Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-01-2020 10:53 AM
We have a pair of PA-850 firewalls, and we are running into an error when pushing configuration from Panorama that contains 7 GP gateways (6 external and 1 internal), and 6 portals.
. global-protect -> global-protect-gateway -> GlobalProtect AlwaysOn constraints failed : Maximum number of GlobalProtect gateway configuration exceeded
The only related documentation I can find is https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClidCAC, which states that the number of "external" gateways for a PA-850 is limited to 12. We have spoken with support, and they insist that the limit is gateway + portal, even though I can continue to add ports and push the config to our PA-850 with no issues, and that it is in direct contradiction with what the published documentation states. I have also tested by deleting 2 portals (4 remaining) and still cannot add a 6th external gateway, with 1 internal gateway.
We are getting no help from support, and getting frustrated with the lack of a path to resolution. I can accept it if the gateway limit is indeed 6 (or combined limit of 12 for gateway + portal), as long as it is states clearly as such in any published documentation.
Anyone else ran into a similar situation?
07-01-2020 04:00 PM
Hello Peter ,
Hope you are doing good.
I just wanted to update you that I am checking internally regard this issue and I am trying to replicate this problem in my lab device.
I’ll update you as soon as I have further information.
Thank you!
07-06-2020 10:04 AM
Hi Abahrami,
Thank you for looking into this for me.
Peter
07-20-2021 12:15 PM
Did you ever get an answer? I have a case opened today for adding a 7/8th gateway to an 850 running 9.0.12 with the same error message failing.
07-20-2021 12:28 PM
I'll update you on my case status when I get one. As of right now, it noted it *should* be fixed in 9.1.11
PAN-112175
Fix in 9.1.11 ETA 8/5/21
07-27-2021 05:56 AM
Just an update - asked TAC to confirm bugID was correct.
Engineering did duplicate it to previously found PAN-112175.
Fix in 9.1.11 ETA 8/5/21
No plans to backport to 9.0.x yet.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
