User Groups Capacity Increase

You can now configure policies to reference more user groups. This is useful in environments where access control for each application or service is based on membership in a user group, and where the number of applications, services, and groups is increasing.
The number of distinct user groups that each firewall or Panorama can reference across all policies varies by model:
  • VM-50, VM-100, VM-300, PA-200, PA-220, PA-500, PA-800 Series, PA-3020, and PA-3050 firewalls—1,000 groups
  • VM-500, VM-700, PA-5020, PA-5050, PA-5060, PA-5200 Series, and PA-7000 Series firewalls, and all Panorama models—10,000 groups
In this release, you will also find that error alerts for group mapping configurations are improved: the validation process now checks for errors in nested group lists. Nesting in this context describes group lists where individual list entries can also be group lists. The firewall and Panorama can validate group lists that are nested up to ten layers deep.

Related Documentation