- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-20-2024 08:49 AM
Dear all,
since a couple of days I'm getting alerts like:
Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform. Please consider removing unused configuration
I removed all old auto saved configs after upgrades, and the config size looks ok:
> show management-server last-committed config-size
392261 bytes
What seems to be strange is the size of the candidate configs;
> show management-server candidate config-size
20213190 bytes
Apparently there is no way to delete these, except may be TAC getting root access.
Did anyone else see this and found a solution?
Regards
Andreas
07-23-2024 03:01 PM
This isn't saved configurations that you may have on the device, it's regarding the actual size of the configuration file being utilized on the device. Assuming that you utilize Panorama, make sure you aren't pushing unused objects since that's a very quick way to run into this issue. You have to have a relatively large configuration to be at 19MB, and the quickest way to get there is having Panorama pushing unused objects.
07-24-2024 04:57 AM
I'm not sing Panorama.
The firewall is locally managed.
And according to the CLI these are all candidate contigs, but no pending commit.
Regards,
Andreas
07-25-2024 01:24 AM
Hi Andreas,
we're having the same issue with a vm platform (not panorama managed).
Disk space especially root partition is around 30% space left.
I just opened a case with pan.
The Supporter mentioned that a fix will be provided in 11.1.3.
For a workaround you could exclude the alert. From the logs setting > system, you can try to negate keywords. For example, "(severity eq critical) and not (description contains 'Configuration size')".
KR
Max
07-25-2024 03:33 AM
Hi Max,
I'm running 11.1.3-h2 and the issue is not fixed yet.
Regards,
Andreas
08-11-2024 09:55 PM
Hello @M-WBERB , hope you are doing well. Did TAC provide a PAN-ID for the issue?
08-19-2024 12:39 AM
Hi @EdmarFrancis unfortunately not.
TAC only mentioned that this is known internally but sadly was not published as a known Issue with an Issue ID.
KR
10-07-2024 03:12 PM
Same. I upgraded to 11.1.4h1 and opened a tac case, they just replied w/ same which is you must delete policies, nats, url lists or unused items to get below threshold. he said the max is 23MB and said its bigger on newer models. i check data specs and no mention of configuration size and when you google configuration size limit on palo, the response is 23MB for ALL NGFWs. You would think with all these new OS upgrades, they would have increased the size of the configuration space. 23MB ? smh.
10-07-2024 10:58 PM
Yeah, it’s pretty frustrating. You’d expect with all the advancements in the OS, they'd allow for larger config sizes, especially considering how complex setups can get these days. 23MB feels super limiting, and it's not like the hardware can't handle it, especially with newer models. I mean, deleting policies or NATs just to stay under a cap seems like an outdated solution. Hopefully, they address this soon in future updates.
10-08-2024 06:45 AM
just found out from SE, they advise against upgrading to 11.1.4h1 for PA850 due to the size of 11.x OS , it causes a performance hit when it approaches the config size limit since 11.x is bigger. they recommend staying at 10.2 /10.1 series
11-19-2024 08:05 AM
Hi,
I update to 11.1.5-h1 and the issue is still there. Or isn't it an issue at all, only a annoing errror message? Has anyone fixed it?
12-02-2024 03:32 AM
I'm on 11.1.5 and getting this error message on my PA-820.... very frustrating, I've cleared out any unused configuration items and its still the same, I dont believe that our config is particularly complicated either. Naturally I'm not willing to remove any ones that are in operation so what are we to do? I don't see that we should downgrade to V10.2 again utter nonsense so a workaround is needed...
12-05-2024 09:05 AM
Upgraded to 11.1.4-h7 on PA-820 and have this issue, not good.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!