Known Issues in SD-WAN Plugin 3.2
Table of Contents
Expand all | Collapse all
-
-
-
-
-
- Features Introduced in Enterprise Data Loss Prevention 4.0.3
- Known Issues in Enterprise DLP Plugin 4.0.3
- Features Introduced in Enterprise Data Loss Prevention 4.0.2
- Known Issues in Enterprise DLP Plugin 4.0.2
- Features Introduced in Enterprise Data Loss Prevention 4.0.1
- Known Issues in Enterprise DLP Plugin 4.0.1
- Features Introduced in Enterprise Data Loss Prevention 4.0.0
- Known Issues in Enterprise DLP Plugin 4.0.0
-
- Features Introduced in Enterprise Data Loss Prevention 3.0.8
- Features Introduced in Enterprise Data Loss Prevention 3.0.7
- Features Introduced in Enterprise Data Loss Prevention 3.0.6
- Features Introduced in Enterprise Data Loss Prevention 3.0.5
- Features Introduced in Enterprise Data Loss Prevention 3.0.4
- Features Introduced in Enterprise Data Loss Prevention 3.0.3
- Features Introduced in Enterprise Data Loss Prevention 3.0.2
- Features Introduced in Enterprise Data Loss Prevention 3.0.1
- Features Introduced in Enterprise Data Loss Prevention 3.0.0
- Known Issues in Enterprise Data Loss Prevention 3.0.8
- Known Issues in Enterprise Data Loss Prevention 3.0.7
- Known Issues in Enterprise Data Loss Prevention 3.0.6
- Known Issues in Enterprise Data Loss Prevention 3.0.5
- Known Issues in Enterprise Data Loss Prevention 3.0.4
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.3
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.0
-
- Features Introduced in Enterprise Data Loss Prevention 1.0.8
- Features Introduced in Enterprise Data Loss Prevention 1.0.3
- Features Introduced in Enterprise Data Loss Prevention 1.0.1
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.8
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.7
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.6
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.4
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.3
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.2
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.1
- Features Introduced in the Enterprise Data Loss Prevention (DLP) Cloud Service
- Limitations
-
-
Known Issues in SD-WAN Plugin 3.2
Known issues in SD-WAN 3.2.
The following list includes all known issues that impact an SD-WAN 3.2
release. This list includes both outstanding issues and issues that are addressed, as
well as known issues that apply more generally or that are not identified by a specific
issue ID. Refer to PAN-OS Release Notes for additional known
issues affecting SD-WAN Plugin 3.2.
PAN-236767
Description of PAN-236767.
The web interface won't throw any warning or error if it encounters a failure in
importing a certificate. Check the syslog and configd log files for more
information.
Ensure the following before importing a certificate:
- Certificate must be .PKCS12 format.
- When you bulk import the certificates, the size of the archive(.tar) file should be less than 10MB.
PAN-220919
Description of PAN-220919.
Auto VPN creates a virtual SD-WAN interface named sdwan.901 for direct internet access
(DIA) and creates a virtual SD-WAN interface named sdwan.9xx for VPN tunnels. When you
enable Auto VPN, the SD-WAN plugin creates the SD-WAN interfaces automatically. Hence,
it's not necessary for you to create SD-WAN interfaces manually. The SaaS quality
profile works only with one DIA interface that is sdwan.901.
Auto VPN also creates its own default route that uses the sdwan.901 interface as its
egress interface and uses a low metric of 5, so that the sdwan.901 interface is
preferred over the default route you created.
There might be scenarios where you want to create an SD-WAN interface manually (other
than what the SD-WAN plugin creates automatically) like the following:
- Configuring SD-WAN direct internet access (DIA) links only and no VPN connections between the hub and branch locations
- (Not recommended) Deploying SD-WAN manually between SD-WAN sites without Panorama management server
In such cases, you must configure the manually created SD-WAN interface outside of the
SDWAN.9xx range containing a route with a metric higher than the default value.
PAN-215897
Description of PAN-215897.
In a Panorama high availability (HA) deployment, the SD-WAN interface goes down and all
the tunnel interfaces disappear from the tab when you push the configuration changes from the secondary
Panorama.
Network
IPSec Tunnels
Workaround
: If you have set up a HA pair in Panorama, don't push the configuration
from the secondary Panorama when the primary Panorama is active. Always push the
configuration changes from the primary Panorama when it's active.PLUG-11223
Description of PLUG-11223.
In a high availability (HA) deployment, the SD-WAN tunnel will go down due to a key ID
mismatch when the following events occur in sequence:
- An HA failover
- The SD-WAN plugin cache removes the current HA pair relation from the database whendebug plugins sd_wan drop-config-cache allcommand is executed
- A commit and push fails on either the hub or a branch active node
In certain scenarios, replacing one of the HA devices during the RMA process can cause
the SD-WAN tunnel to go down due to a key ID mismatch. For more details, refer to Replace an SD-WAN Device.
Workaround
: Resolve the Key ID mismatch by ensuring that the Peer
Identification
of the hub firewall matches with the Local
Identification
of the branch firewall and the Local
Identification
of the hub firewall matches with the Peer
Identification
of the branch firewall.- Log in to the hub or a branch firewall where the SD-WAN tunnel is down due to Key ID mismatch and select.NetworkNetwork ProfilesIKE Gateways
- Select the IKE gateway of the hub firewall and clickOverrideat the bottom of the screen.
- Copy theLocal Identificationvalue from the hub firewall to thePeer Identificationvalue in the branch firewall.
- Copy thePeer Identificationvalue from the hub firewall to theLocal Identificationvalue in the branch firewall.
- ClickOKandCommityour changes.
This issue is addressed in SD-WAN plugin 2.2.5
,
3.1.3
.