Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Who Me Too'd this topic

SYSTEM ALERT : high : User Group count of 2358 exceededs threshold of 1000

L4 Transporter

According to the New Features Guide in 7.1 PAN-OS the User Group Capacity was increased to a max of 3,200 groups IF you are following their note below:


 Do not add entries to the Group Include List or Custom Group list—doing so limits the number of groups that policy rules can reference. Populated lists can have a combined maximum of only 640 groups but, by default, leaving the lists empty enables policy rules to reference up to a maximum of 3,200 groups.


So I have gone into these settings and removed all Custom Group lists and didn't have any Group Include List created.


Select Device > User Identification > Group Mapping Settings and click Add.Enter a unique Name to identify the group mapping configuration.Configure the Server Profile settings:Select the LDAP Server Profile you just created. Select Enabled (default).

Click OK.


I started receiving this alert after upgrading to PAN-OS 8.0.4 and even with all lists cleared out I am still seeing this alert every 10 minutes on a PA-200. I thought, well I'm going to be upgrading those to PA-220's anyway but after researching, the limit is the same on those and even the PA-3020's I have. I am not getting alerts from the PA-3020's after upgrading those to PAN-OS 8.0.4.


Anyone else experienced this? Opening a ticket next week but with a lack of any search results on this error I wanted to get one posted for the next guy upgrading a PA-200 to 8.0.x. in a 'group heavy' environment.

@Wald @rkramer ?



Who Me Too'd this topic