Prisma Access Agent Known Issues

An issue exists where certificate authentication fails on Windows devices when certificates are stored in the machine certificate store. This impacts Prisma Access Agent functionality for Windows users attempting to authenticate using machine-level certificates.

Workaround: Import the client certificate from the machine store to the user's personal certificate store. The Prisma Access Agent is able to recognize and use client certificate credentials when they are located in the user store, even if it can’t access them in the machine store.

As ring mappings for Prisma Access Agents are calculated during configuration time, the ring mappings might not always be accurate. Some potential causes are new agent enrollments, changes in directory binding, or host operating system updates.

Workaround: Before initiating a staged upgrade rollout of the agent, perform a commit push. This action ensures all agents are correctly mapped to their designated upgrade rings. If new agents are enrolled after you run the commit push, the new agents are always mapped to the default ring until the next commit push.

The ConnectPre-logon option is present in the Prisma Access Agent Settings page for Panorama Managed Prisma Access and NGFW deployments, even though it's not functional.

Workaround: Ignore this option as it won’t work.

An issue exists where newly added internal gateways are not visible in existing Prisma Access Agent settings. This affects the ability to update agent configurations with recently added internal gateways.

This occurs when you select WorkflowsPrisma Access AgentSetupPrisma Access Agent and create an agent setting with external and internal gateways. Then, if you add additional internal gateways from the Infrastructure page, the added internal gateways don't appear in the previous agent setting.

Workaround: Create a new agent setting to see and utilize the newly added internal gateways.