03-31-2021 10:32 AM
I'm working on doing some clean up, and I want to take advantage of dynamic address groups. I have 943 address objects tagged and one dynamic group.
When I monitor the logs, I see some traffic bypassing my rule and going to rules below. I checked the address objects and they are tagged.
As a test I put all 943 address objects into a static group. I created a new tag, tagged the static group, and then create a new dynamic group. I put a new test rule in, and all the traffic now hitting this rule.
I'm not crazy about the solution, because it feels like I just created a group within a group but it's working so far. That's why I wonder if there is a limit with how many objects can be inside a dynamic group.
I'm working with a PA-5260.
