Known Issues in the Panorama Plugin for Azure 4.1.0
Table of Contents
Expand all | Collapse all
-
-
-
-
- Features Introduced in Zero Touch Provisioning 2.0
- Known Issues in the Zero Touch Provisioning 2.0.4 Release
- Known Issues in the Zero Touch Provisioning 2.0.3 Release
- Known Issues in the Zero Touch Provisioning 2.0.2 Release
- Known Issues in the Zero Touch Provisioning 2.0.1 Release
- Known Issues in the Zero Touch Provisioning 2.0.0 Release
- Limitations
-
-
Known Issues in the Panorama Plugin for Azure 4.1.0
The following list describes known issues
in the Panorama plugin for Azure 4.1.0.
PLUG-12401
When public frontend IP is configured on application gateway v2, the Panorama plugin
for Azure 4.1.0 considers it as a public application gateway and creates a static route
towards untrust interface with subnet CIDR as source. The plugin recognizes the
application gateway v2 as an external load balancer because Azure requires a public IP
frontend for the application gateway v2. You can not use the application gateway v2 as
an internal load balancer.
PLUG-11954
When you update the number firewalls
in the Azure Virtual Machine Scale Set (VMSS) and attempting to
redeploy, the deployment status becomes stuck in the Deploying state
and some firewalls are displayed as disconnected. Additionally,
the new number of firewalls is not reflected in the summary. After
30 or more minutes, the firewalls display as Connected and
the correct number of firewalls is displayed.
PLUG-11917
VM-Series firewalls are not cleaned up
from the device summary, templates, and device groups on the secondary
passive Panorama node after undeploy of an upgraded and redeployed
Panorama plugin for Azure 4.1.0 orchestration.
PLUG-11909
After performing an undeploy of a successful
orchestration with the Panorama plugin for Azure 4.1.0, when attempting
to commit a new configuration, you might see device group, template,
or template stack settings from the previous deployment in the commit
list.
PLUG-11906
When deployed in the North Central US
region of Azure, Panorama does not properly handle subnets with
overlapping IP addresses. The plugin is expected to use the next
available subnet IP range but instead returns an error message and
the Azure Orchestrated deployment fails.
PLUG-11905
On a Panorama HA pair, you might see
tracebacks on the new primary firewall in the monitoring logs after
a failover event. Additionally, monitoring fails while the tracebacks
occur.
Workaround: Perform a commit on the primary active node
to recover monitoring.
PLUG-11732
The command debug plugins azure azure-tags dump-all monitoring-definition does
not work in the tags contain ASCII characters.
PLUG-11011
When a proxy configuration is deleted
and committed on Panorama, you might observe logs reaching the proxy
intermittently.
PLUG-10122
When viewed in Mozilla Firefox, the Configuration General tab
of the Panorama plugin for Azure 4.0.0 might appear distorted or
unclickable.
Workaround: Use other browsers such as Google Chrome or
Microsoft Edge.
PLUG-10091
After a successful VM-Series firewall deployment, the
Panorama plugin for Azure displays the status Warning and
the message Deployment succeeded but FWs have yet to
connect with Panorama after 20 min if the configured
PA-VM version is PAN-OS 10.1.x and later.
Workaround: Use CommitPush to Devices to synchronize
the templates.
You can upgrade to PAN-OS 10.2.2 or later to avoid this issue.
PLUG-9994
Static IPs are not recognized when "and"
operators are used with IP CiDr range.