Cloud NGFW for AWS Known Issues
Table of Contents
Expand all | Collapse all
-
- About Cloud NGFW for AWS
- Getting Started from the AWS Marketplace
- Cloud NGFW for AWS Pricing
- Cloud NGFW for AWS Free Trial
- Cloud NGFW for AWS Limits and Quotas
- Subscribe to Cloud NGFW for AWS
- Cross-Account Role CFT Permissions for Cloud NGFW
- Invite Users to Cloud NGFW for AWS
- Manage Cloud NGFW for AWS Users
- Deploy Cloud NGFW for AWS with the AWS Firewall Manager
- Enable Programmatic Access
- Terraform Support for Cloud NGFW AWS
- Provision Cloud NGFW Resources to your AWS CFT
- Usage Explorer
Cloud NGFW for AWS Known Issues
The following known issues have been
identified in the Cloud NGFW for AWS.
ID | Description |
---|---|
FWAAS-8622 | Cloud NGFW for AWS rulestack might become stuck in precommit state
when the Validate button is used before the
first commit.Workaround : Do not validate your rulestack configuration
changes; instead, Commit without
validation. |
FWAAS-5842 | You cannot display individual cloud device group logs sent to CDL using the Monitor tab in
Panorama. Logs for all cloud device groups are displayed. |
FWAAS-6542 | Template stack fails to update when applying it to a different device
group. |
FWAAS-6540 | An existing device group erroneously allows you to apply
a different template stack after creating it. You cannot associate a
different template stack for the same device group across
tenants. |
FWAAS-6536 | Cloud NGFW fails to display all cloud device groups when
you select All on the Tenants page. If you select an
individual tenant, all cloud device groups appear in the list. |
FWAAS-3009 | Cloud NGFW allows you to use an S3 bucket as a logging
destination for the NGFW resources. In AWS regions outside the US, Cloud
NGFW expects you to use the S3 buckets created in the same AWS region,
where you deploy the NGFW resources. |
FWAAS-2589 | When you onboard an AWS account to your
Cloud NGFW tenant, you choose one of these two endpoint creation
modes - customer-managed vs. service-managed. Cloud NGFW will not
allow you to switch modes after completing the account onboarding
process. |
FWAAS-1501 | Cloud NGFW uses the native AWS Route 53
Resolver for resolving FQDNs you configure in your rules. When used,
the AWS Route 53 Resolver may resolve an FQDN to an IP address,
different than what you may see when you use the Route 53 Resolver
in your VPCs. |
FWAAS-6503 | Modifying a cloud device group, then committing the
change may generate an error message but completes the commit action.
However, pushing the change to the cloud device group fails. |
FWAAS-6380 | An error message may appear when pushing an uncommitted
change to a cloud device group. Commit your changes before
pushing. |
FWAAS-5823 | When creating a new cloud device group, you cannot select
which certificates are used for forward trust or forward
untrust . |
FWAAS-5817 | The Panorama UI does not display any error message when
cloud manager or cloud NGFW service push fails. You will only know about
push failure when the firewall commit fails. |
FWAAS-6961 | On the Panorama AWS Plugin for Cloud NGFW service, the
first time tenant linked to Panorama will not be able to see any VPCs
under the Discovered VPC tab. Workaround: The first time tenant must
click Refresh Vpc button under Discover VPC tab to get
a list of VPCs. |
FWAAS-7721 | In a scaled environment, the AWS plugin user interface
crashes when displaying IP address-to-tags payload in the Monitoring
Definition dashboard.Workaround : Use the Panorama CLI
to run command: show plugins aws
details-dashboard . |
FWAAS-7766 | The Discovered VPC page on Cloud NGFW UI does not
show the failure reason if the Monitoring Status is Failed for a
discovered VPC. |