Known Issues in SD-WAN Plugin 3.3
Table of Contents
Expand all | Collapse all
-
-
-
-
- Features Introduced in Enterprise Data Loss Prevention 4.0.4
- Known Issues in Enterprise DLP Plugin 4.0.4
- Features Introduced in Enterprise Data Loss Prevention 4.0.3
- Known Issues in Enterprise DLP Plugin 4.0.3
- Features Introduced in Enterprise Data Loss Prevention 4.0.2
- Known Issues in Enterprise DLP Plugin 4.0.2
- Features Introduced in Enterprise Data Loss Prevention 4.0.1
- Known Issues in Enterprise DLP Plugin 4.0.1
- Features Introduced in Enterprise Data Loss Prevention 4.0.0
- Known Issues in Enterprise DLP Plugin 4.0.0
-
- Features Introduced in Enterprise Data Loss Prevention 3.0.9
- Known Issues in Enterprise Data Loss Prevention 3.0.9
- Features Introduced in Enterprise Data Loss Prevention 3.0.8
- Known Issues in Enterprise Data Loss Prevention 3.0.8
- Features Introduced in Enterprise Data Loss Prevention 3.0.7
- Known Issues in Enterprise Data Loss Prevention 3.0.7
- Features Introduced in Enterprise Data Loss Prevention 3.0.6
- Known Issues in Enterprise Data Loss Prevention 3.0.6
- Features Introduced in Enterprise Data Loss Prevention 3.0.5
- Known Issues in Enterprise Data Loss Prevention 3.0.5
- Features Introduced in Enterprise Data Loss Prevention 3.0.4
- Known Issues in Enterprise Data Loss Prevention 3.0.4
- Features Introduced in Enterprise Data Loss Prevention 3.0.3
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.3
- Features Introduced in Enterprise Data Loss Prevention 3.0.2
- Features Introduced in Enterprise Data Loss Prevention 3.0.1
- Features Introduced in Enterprise Data Loss Prevention 3.0.0
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.0
-
- Features Introduced in Enterprise Data Loss Prevention 1.0.8
- Features Introduced in Enterprise Data Loss Prevention 1.0.3
- Features Introduced in Enterprise Data Loss Prevention 1.0.1
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.8
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.7
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.6
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.4
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.3
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.2
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.1
- Features Introduced in the Enterprise Data Loss Prevention (DLP) Cloud Service
- Limitations
-
-
Known Issues in SD-WAN Plugin 3.3
Known issues in SD-WAN 3.3.
The following list includes all known issues that impact an SD-WAN 3.3
release. This list includes both outstanding issues and issues that are addressed, as
well as known issues that apply more generally or that are not identified by a specific
issue ID. Refer to PAN-OS Release Notes for additional known
issues affecting SD-WAN Plugin 3.3.
PLUG-15764
Description of PLUG-15764
SD-WAN internal database-related activities will be impacted if you install the PAN-OS
version before an SD-WAN plugin version. We recommend you to install the compatible
SD-WAN plugin version first and then the corresponding PAN-OS version to avoid any
SD-WAN database-related issues.
Workaround:
If you wish to install the PAN-OS version first followed by the
compatible SD-WAN plugin version, you must execute the following command to avoid any
SD-WAN database-related issues.debug plugins sd_wan manage-visibility-data mode recap
PLUG-15732
Description of PLUG-15732
The exported CSV files from SD-WAN devices won't have the
Upstream
NAT
configurations. Hence, when you import the same CSV file, the
Upstream NAT
configurations would be missing.PLUG-15323
Description of PLUG-15323
The SD-WAN allows you to choose any device group irrespective of the device type (branch
or hub) selected while adding the BGP Security policy. For example, even though you
select the device type as branch, you will be able to choose the hub device group in
addition to the branch device group while adding the BGP policy.
PLUG-15276
Description of PLUG-15276
(
Full mesh topology only
) In the SD-WAN VPN cluster, an SD-WAN branch cannot
create a VPN tunnel with another SD-WAN branch firewall if the branch firewall is
configured behind the NAT device.This issue is addressed in SD-WAN plugin
3.0.7-h2,
3.1.3 , and 3.3.0
.PLUG-15258
Description of PLUG-15258
The SD-WAN monitoring report generation takes more time than expected.
This issue is addressed in SD-WAN plugin .
PLUG-14953
Description of PLUG-14953.
(
HA deployments only
) After an HA failover, the Link Performance summary
displays the previous active device (device that was active before the failover) as the
hostname instead of the current active device. PLUG-14559
Description of PLUG-14559.
A commit failure occurs when you attempt to rename the vsys to a name other than vsys1
for a multi-vsys firewall with private link type (in an
SD-WAN Interface
Profile
). This issue is addressed in SD-WAN plugin 3.0.7
,
3.1.3
, and 3.3.0
.PLUG-14402
Description of PLUG-14402
The return merchandise authentication (RMA) process won't be successful if you delete the
replacement firewall without removing it from the SD-WAN plugin first.
This issue is addressed in SD-WAN plugin 2.2.6
,
3.0.7
, and 3.3.0
. Follow the instructions to replace an SD-WAN
device.PLUG-13536
Description of PLUG-13536.
When you disable ) does not take effect and remains enabled on the branch firewalls. This
issue is seen after upgrading the Panorama management server to 11.0.2 release.
Remove Private AS
option
('remove-private-as
') and attempt to push the configuration
from SD-WAN plugin to the branch firewalls, the changes to the Remove Private
AS
option (SD-WAN
Devices
Branch
BGP
IPV4 BGP
This issue is addressed in SD-WAN plugin 3.1.3
, and 3.3.0
.PLUG-13100
Description of PLUG-13100
On
Prisma Access Onboarding
tab, the aggregated interfaces don't
get listed in the Interface
drop-down.This issue is addressed in SD-WAN plugin 3.0.5
,
3.1.3
, and 3.3.0
.PLUG-12241
Description of PLUG-12241
You won't be able to push the configuration changes (like VPN cluster name) of an already
configured VPN cluster to the Panorama management server.
This issue is addressed in SD-WAN plugin 3.1.3
, and 3.3.0
.PLUG-12156
Description of PLUG-12156
On the
Hub-Spoke
VPN cluster type, if you make any changes to an
existing cluster member configuration or add a new device to the cluster, the push gets
enabled for all the VPN cluster members.This issue is addressed in SD-WAN plugin 2.2.6
,
3.0.7-h2
, and 3.3.0
.PLUG-11223
Description of PLUG-11223.
In a high availability (HA) deployment, the SD-WAN tunnel will go down due to a key ID
mismatch when the following events occur in sequence:
- An HA failover
- The SD-WAN plugin cache removes the current HA pair relation from the database whendebug plugins sd_wan drop-config-cache allcommand is executed
- A commit and push fails on either the hub or a branch active node
In certain scenarios, replacing one of the HA devices during the RMA process can cause
the SD-WAN tunnel to go down due to a key ID mismatch. For more details, refer to Replace an SD-WAN Device.
Workaround
: Resolve the Key ID mismatch by ensuring that the Peer
Identification
of the hub firewall matches with the Local
Identification
of the branch firewall and the Local
Identification
of the hub firewall matches with the Peer
Identification
of the branch firewall.- Log in to the hub or a branch firewall where the SD-WAN tunnel is down due to Key ID mismatch and select.NetworkNetwork ProfilesIKE Gateways
- Select the IKE gateway of the hub firewall and clickOverrideat the bottom of the screen.
- Copy theLocal Identificationvalue from the hub firewall to thePeer Identificationvalue in the branch firewall.
- Copy thePeer Identificationvalue from the hub firewall to theLocal Identificationvalue in the branch firewall.
- ClickOKandCommityour changes.
This issue is addressed in SD-WAN plugin 2.2.5
,
3.0.7-h2
, 3.1.3
, and 3.3.0
. After this fix, the key ID may change after the Panorama commit. Therefore, you
must ensure to commit and push to all the devices in the VPN cluster or
clusters.