Configuration Capacity Improvements

For some firewall models, PAN-OS® 8.1 supports more address objects, address groups, service objects, service groups, zones, security rules, FQDN address objects, and DHCP relay agents.
Various firewall models support larger configuration capacities in PAN-OS® 8.1 than in earlier PAN-OS releases. These increases ease your migration to Palo Alto Networks® firewalls and your deployment growth. The increased capacities are:
Capacity Description
All Firewall Models
Characters per Rule Name
63
PA-220 firewalls support more Security policy rules:
Capacity Description
PA-220
Security Policy
500
PA-3000 Series firewalls support the following capacities:
Capacity Description
PA-3020
PA-3050
PA-3060
Address Groups
750
1,500
1,500
Service Groups
375
375
375
Service Entries per Service Group
1,000
1,000
1,000
Zones
40
40
60
PA-5220 firewalls support the following increased capacities:
Capacity Description
PA-5220
DHCP Relay Agents
2,048
(On the PA-5220 firewall, you can have a maximum of 500 DHCP servers; the maximum number of DHCP relay agents is 2,048 minus the number of configured DHCP servers.)
FQDN Address Objects
6,144
Zones
2,500
PA-5250, PA-5260, and PA-7000 Series firewalls support the following increased capacities:
Capacity Description
PA-5250 and PA-5260
PA-7000 Series
Address Objects
160,000
160,000
Address Groups
80,000
80,000
Service Objects
12,000
12,000
Service Groups
6,000
6,000
Service Entries per Service Group
2,500
2,500
FQDN Address Objects
6,144
6,144
Zones
17,000
4,000
Security Policy
65,000
65,000
Tunnel Inspection Policy
8,500
8,500
DHCP Relay Agents
4,096*
4,096*
* On these models, you can have a maximum of 500 DHCP servers; the maximum number of DHCP relay agents is 4,096 minus the number of configured DHCP servers.
PA-820 and PA-850 firewalls support the following increased capacities:
Capacity Description
PA-820
PA-850
Maximum SSL Inbound Certificates
75
100
SSL Certificate Cache Entries
1,000
2,000

Related Documentation