Cloud NGFW for Azure Known Issues
Table of Contents
Expand all | Collapse all
-
- Cloud NGFW for Azure
- Cloud NGFW Components
- Cloud NGFW for Azure Supported Regions
- Cloud NGFW for Azure Limits and Quotas
- Cloud NGFW for Azure Pricing
- Cloud NGFW for Azure Free Trial
- Cloud NGFW Credit Distribution and Management
- Start with Cloud NGFW for Azure
- Manage Cloud NGFW Roles for Azure Users
- Integrate Single Sign-on
- Monitor Cloud NGFW Health
- Create a Support Case
- Register Your Cloud NGFW Tenant with a Palo Alto Networks Support Account
- Cloud NGFW for Azure Certifications
- Cloud NGFW For Azure Privacy and Data Protection
-
- About Rulestacks and Rules on Cloud NGFW for Azure
- Create a Rulestack on Cloud NGFW for Azure
- Cloud NGFW for Azure Security Rule Objects
- Create a Prefix List on Cloud NGFW for Azure
- Create an FQDN List for Cloud NGFW on Azure
- Add a Certificate to Cloud NGFW for Azure
- Create Security Rules on Cloud NGFW for Azure
- Cloud NGFW for Azure Security Services
- Enable DNS Security on Cloud NGFW for Azure
- Set Up Outbound Decryption on Cloud NGFW for Azure
- Set Up Inbound Decryption on Cloud NGFW for Azure
-
- Panorama Integration
- Panorama Integration Prerequisites
- Link the Cloud NGFW to Palo Alto Networks Management
- Use Panorama for Cloud NGFW Policy Management
- Enable User-ID on the Cloud NGFW for Azure
- Configure Service Routes for On-Prem Services
- Use XFF IP Address Values in Policy
- View Cloud NGFW Logs and Activity in Panorama
- Strata Cloud Manager Policy Management
-
- Configure Logging for Cloud NGFW on Azure
- Cloud NGFW for Azure Traffic Log Fields
- Cloud NGFW for Azure Threat Log Fields
- Cloud NGFW for Azure Decryption Log Fields
- Enable Log Settings
- Disable Log Settings
- Enable Activity Logging on Cloud NGFW for Azure
- Multiple Logging Destinations on Cloud NGFW for Azure
- View the Logs
- View Audit Logs on a Firewall Resource
- View Audit Logs on Resource Groups
- What's New
- Cloud NGFW for Azure Known Issues
- Cloud NGFW for Azure Addressed Issues
Cloud NGFW for Azure Known Issues
Cloud NGFW for Azure known issues.
The following known issues have been identified in the Palo Alto Networks Azure
Cloud NGFW.
ID | Description |
---|---|
FWAAS-10519
|
When multilogging destination is enabled, the logs are seen
on Panorama and syslog server, but no logs are seen on the log
analytics workspace.
Workaround: If you want to use syslog along with log
analytics workspace, change the service route to destination based
instead of service based route.
For Destination Based Routing configuration, select
destination, add your syslog server private IP, and then select
loopback.3 as the source interface.
|
FWAAS-9688
|
Default rules in Panorama are overridden by the Cloud NGFW resource.
Parameters such as Profile and
Action are not retained. For example, if
you configure an action to Allow, it reverts
to Deny; if you configure a logging profile,
it reverts to None.
|
FWAAS-7531
|
A self-signed certificate can erroneously be associated with a
rulestack, despite the absence of a resource name.
|
FWAAS-7542
|
Panorama does not always automatically push content and antivirus
updates to newly created Cloud NGFW for Azure resources.
|
FWAAS-7547
|
QoS profiles (provided by a device template) are not removed when
displayed in the Panorama virtual appliance.
|
FWAAS-7956
|
A rulestack displays incorrect information when it shares the same
name as the firewall.
|
FWAAS-8642
|
Creating a large number of local rules can cause a HTTP error (503
Server Error: Service Unavailable).
|
FWAAS-9086
|
Deployment status information in the Azure portal is truncated
without displaying complete information.
|
FWAAS-10195
|
Firewall creation fails when you enable non-RFC 1918 addresses
without enabling DNS Proxy.
|
PAN-217954
|
When a Cloud NGFW for Azure resource connects to Panorama for the
first time, the template stack associated with the resource's Cloud
Device Group is out of sync.
|
PAN-217459
|
Cloud NGFW resources managed by a Panorama HA pair might be listed in
the cloud device group by its serial number (instead of device name)
on the secondary Panorama. However, on the primary Panorama, the
Cloud NGFW resource is listed by its device name.
|
PAN-217966
|
Configured dynamic address group tags and IP addresses are not listed
in child Cloud Device Groups when the parent device group does not
have a dynamic address group configured.
|