About PK-GHL

Hi all,   The company have many PA-500 in HA configuration across the globe, configured by the U.S. team. After upgrade to PanOS 8.0.4, 2 of them are sending alerts like "SYSTEM ALERT : high : User Group count of 16## exceededs threshold of 1000", each of different country and small difference in user group count.   I checked the "Group Mapping Settings", it's using the LDAP Lookup method for the User Identification. It's the same config with another one that doesn't send Alerts. So I am a bit confused what to do to stop that 2 sending Alerts.   Anyone experienced same issue - same hardware, same OS version, same config but few gives Alert? I have seen https://live.paloaltonetworks.com/t5/General-Topics/SYSTEM-ALERT-high-User-Group-count-of-2358-exceededs-threshold/m-p/174373#M54804 but we are with different environment.   Email body from Alert: domain: 1 receive_time: 2017/09/18 10:26:50 serial: x_redacted_x seqno: 210806 actionflags: 0x8000000000000000 type: SYSTEM subtype: userid config_ver: 0 time_generated: 2017/09/18 10:26:50 dg_hier_level_1: 0 dg_hier_level_2: 0 dg_hier_level_3: 0 dg_hier_level_4: 0 vsys_name: device_name: x_redacted_x vsys_id: 0 vsys: eventid: user-group-count object: fmt: 0 id: 0 module: general severity: high opaque: User Group count of 1662 exceededs threshold of 1000 By the way, why is it "exceededs"?   Appreciate any suggestions. Patrick. ... View more