: Known Issues in Panorama Plugin for VMware NSX 5.0.0
Focus
Focus

Known Issues in Panorama Plugin for VMware NSX 5.0.0

Table of Contents

Known Issues in Panorama Plugin for VMware NSX 5.0.0

The following list describes known issues in the Panorama plugin for VMware NSX 5.0.0.

PLUG-10874

Service chain mapping information sent from the Panorama plugin for VMware NSX is not read correctly by the VM-Series firewall.
Workaround: Upgrade the VM-Series plugin on your VM-Series firewalls to version 2.1.8 and later (for PAN-OS 10.1.x or older) or version 3.0.3 and later (for PAN-OS 10.2.x).

PLUG-7872

An NSX-T Service Definition does not go out-of-sync, as it should, when a steering rule is moved up or down in NSX-T. After performing a config sync, the steering rules move back to their original positions.

PLUG-7560

Fixed in Panorama plugin for VMware NSX 5.0.2.
VM-Series firewalls deployed on NSX-T remain listed on the secondary Panorama after being deleted, deactivated, and removed from the primary Panorama.

PLUG-7030

In the Panorama CLI, there is a specific order of expression arguments that must be followed when defining NSX-T security-centric membership criteria. If you do not follow this order, Panorama returns an error.
Workaround: Use this following order when defining membership criteria through the Panorama CLI.
set plugins vmware_nsx nsx_t membership-criteria SDEF1 dynamic-address-groups DAG1 criteria C1 rule R1 member-type VirtualMachine key Tag operator CONTAINS value ubuntu scope os
Or without scope
set plugins vmware_nsx nsx_t membership-criteria SDEF1 dynamic-address-groups DAG1 criteria C1 rule R1 member-type VirtualMachine key Tag operator CONTAINS value ubuntu