Known Issues in VM-Series Plugin 1.0.2
Table of Contents
Expand all | Collapse all
-
-
-
-
- Features Introduced in Zero Touch Provisioning 2.0
- Known Issues in the Zero Touch Provisioning 2.0.4 Release
- Known Issues in the Zero Touch Provisioning 2.0.3 Release
- Known Issues in the Zero Touch Provisioning 2.0.2 Release
- Known Issues in the Zero Touch Provisioning 2.0.1 Release
- Known Issues in the Zero Touch Provisioning 2.0.0 Release
- Limitations
-
-
Known Issues in VM-Series Plugin 1.0.2
The following list describes known issues in the VM-Series
Plugin 1.0.2.
PLUG-1854
(PAN-OS
9.0.2 and later releases on AWS and GCP only) You cannot swap
the management interface.
PLUG-1827
(Microsoft Azure only) The firewall drops packets
due to larger than expected packet sizes when Accelerated networking
is enabled on the firewall (SettingsNetworking).
PLUG-1709
(Microsoft Azure only) There is an intermittent
issue where the secondary IP address becomes associated with the
passive firewall after multiple failovers.
This issue is addressed in VM-Series plugin 1.0.3.
Workaround: Reassign IP addresses to the active and passive
firewalls in Azure as needed.
PLUG-1694
PLUG-1694
(PAYG licenses only) Your pay-as-you-go (PAYG)
license is not retained when you upgrade from PAN-OS version 8.1
to PAN-OS 9.0.X.
(This issue is fixed in VM-Series plugin 1.0.8)
To fix this issue, upgrade to PAN-OS 9.0.4 or later and VM-Series
plugin 1.0.8. With this fix, the PAYG license is retained.
PLUG-1681
If you bootstrap a PAN-OS 9.0.1 image while using VM-Series
plugin 1.0.0, the firewall will not apply the capacity license.
To downgrade the VM-Series plugin from version 1.0.2 to 1.0.0, first
bootstrap the PAN-OS 9.0.1 image and then downgrade the plugin.
PLUG-1503
When a VM-Series firewall on AWS running on a C5 or
M5 instance experiences a high availability (HA) failover, the dataplane
interfaces from the previously active firewall are not moved to
the newly active (previously passive) peer.
This issue is addressed in VM-Series plugin 1.0.3.
Workaround: Check for the latest VM-Series plugin version
and install the VM-Series plugin 9.0.0 version; the built-in version
is 9.0.0-c29.
PLUG-1074
On the VM-Series firewall on AWS, when you change the
instance type, the firewall no longer has a serial number or a license.
Additionally, if you manage this firewall using Panorama, it is
no longer connected to Panorama.
PLUG-380
When you rename a device group, template, or template
stack in Panorama that is part of a VMware NSX service definition,
the new name is not reflected in NSX Manager. Therefore, any ESXi
hosts that you add to a vSphere cluster are not added to the correct
device group, template, or template stack and your Security policy
is not pushed to VM-Series firewalls that you deploy after you rename
those objects. There is no impact to existing VM-Series firewalls.