Prisma Access
Prisma Access Addressed Issues
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Prisma Access Addressed Issues
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The following topics describe issues that have been addressed in Prisma Access 4.1.
Prisma Access 4.1.0-h83 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-46782 | Fixed an issue where domain names that contained non-ASCII characters and were in the Panorama cache caused errors during the processing of nsupdate commands in the GlobalProtect DDNS feature. |
| CYR-46358 | Fixed an issue where a Failed Plugin validation error occurred on a non-Prisma Access Edition tenant during an upgrade to a Cloud Services plugin that had Colo-Connect changes. |
| CYR-44969 | Fixed an issue where a user that was created using a role-based administrator was not able to see the Cloud Services configuration in the UI. |
| CYR-44496 | Fixed an issue where statistics where not populated in the UK region under PanoramaCloud ServicesStatusMonitorRemote Networks Bandwidth usage. |
| CYR-43473 | Fixed an intermittent issue where nsupdate records were not properly deleted from the DNS server for some endpoints configured with the Pre-Logon connect method. |
| CYR-39874 | Fixed an issue where an Explicit Proxy template was created without Explicit Proxy being onboarded, which caused an issue when Explicit Proxy was onboarded later. |
| CYR-34759 | Fixed an issue where, in a multitenant setup, a sub-tenant with a mobile users only license + ADEM AIOPS was not allocating units property in the Allocation tab. |
Prisma Access 4.1.0-h75 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-45874 | Fixed an issue where, in a Panorama managed multitenant mobile user deployment, enabling ADEM prevented local commits from being successful. |
| CYR-45143 | Fixed an issue where CloudBlade integrations were not working in FedRAMP high and FedRAMP moderate environments. |
Prisma Access 4.1.0-h72 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-44354 | Fixed an issue where a Prisma SD-WAN CloudBlade Version 4.0.0 stopped working without a proxy. |
Prisma Access 4.1.0-h70 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-43237 | Fixed an issue where Panorama Managed Prisma Access deployments that use proxies did not work with Prisma SD-WAN deployments using Prisma Access CloudBlade Integration Release 4.0.0. |
| CYR-43132 | Fixed an issue where, during sub-tenant creation on Panorama, the user could not configure units for either Remote Networks or Mobile Users. You can now configure both units at the same time. |
| CYR-42787 | Fixed an issue where the sub-tenant summary was missing on Panorama Status page when the response from Prisma Access backend was not fetched successfully. |
| CYR-42499 | Fixed an issue where, in a new multitenant deployment that didn't have any existing configuration, administrators were not allowed to enter the sub-tenant name manually. |
Prisma Access 4.1.0-h60 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-41857 | Fixed an issue where if the user did not configure QoS profiles under NetworksQoS Profile, the local commit validation on Panorama plugin was getting skipped. |
| CYR-41569 | Fixed an issue where, when only one region was onboarded in a Mobile Users—GlobalProtect deployment, removing a location in that region resulted in a plugin validation error. |
| CYR-41472 | Fixed an issue in a multitenant environment where, if users did not provide units for Remote Networks or Mobile User in the sub-tenant creation tab, the error message displayed Please specify a bandwidth for your Clean Pipe deployment instead of Please specify a bandwidth for your Remote Networks/Mobile Users. |
| CYR-39874 | Fixed an issue where an Explicit Proxy template was created without Explicit Proxy being onboarded, which caused an issue when Explicit Proxy was onboarded later. |
Prisma Access 4.1.0-h58 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-41084 | Fixed an issue where, after disabling the Cloud Identity Engine integration with Prisma Access, existing Group Mapping Settings caused an error upon commit. |
| CYR-39553 | Fixed an issue where the Autonomous DEM AIOps Allocated Total number was incorrect for multitenant setups. |
| CYR-38605 | Fixed an issue where the rebranded Cortex Data Lake name of Strata Logging Service was not displaying correctly. |
| CYR-29408 | Fixed an issue where the Cloud Services plugin did not manage SDWAN devices that were deployed in Fedramp environments. |
Prisma Access 4.1.0-h53 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-39795 | Fixed an issue where, after installation of the Cloud Services plugin, an Explicit Proxy Kerberos server profile (default_server_profile) was installed by the __cloud_services user, even though Explicit Proxy was not enabled. |
| CYR-38814 | Fixed an issue where the Wildcard Top Down Match Mode check box did not display in a Panorama that manages Prisma Access in the DeviceSetupManagement area. |
Prisma Access 4.1.0-h49 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-38368 | Fixed an issue where, when you onboard a Service Connection using CLI, it didn't show up in the selection dropdown for the Traffic Steering Target window. |
| CYR-37004 | Fixed an issue where panorama commit was failing with a profiles -> dlp-data-profiles unexpected here error after upgrading the Cloud Services plugin from 3.2.1 to a 4.0.0 or later version. |
| CYR-34770 | Fixed an issue where, if you configured multiple portals in Prisma Access for the Mobile Users—GlobalProtect deployment, you must also configure an authentication profile under Client Authentication on all portals. |
Prisma Access 4.1.0-h46 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-38120 | Fixed an issue where all available locations did not display in the list view in the Mobile Users—Explicit Proxy setup page. |
| CYR-38103 | Fixed an issue where the Backup SC dropdown list did not have selectable options due to a lack of a transport-type configuration in Service Connection entries that were configured using CLI. |
| CYR-37758 | Fixed an issue where the global variable for the super tenant name is not set correctly after migrating from single tenant to multi-tenant, causing the incorrect template suggestions (like the ones for sub-tenants) in unconfigured tabs to show up in the super tenant settings. |
| CYR-37665 | Fixed an issue where, after migrating a tenant to a multi-tenant deployment, the Explicit_Proxy_Template was not created correctly and commit failed for the first tenant that was migrated. |
| CYR-37244 | Fixed an issue where, after upgrading the Panorama that manages Prisma Access to a PAN-OS version of 11.0.0 or later, the Delete button in the Remote Networks onboarding section was not enabled when a Remote Network was selected. |
| CYR-36895 | Fixed an issue where the IPv6 proxy-ID tab was missing when IPv6 was enabled for multi-tenant setups. |
| CYR-34482 | Fixed an issue where two Data Filtering tabs are seen under the Objects tab and one tab is undefined. |
| CYR-24798 | Fixed an issue where in multi-tenant mode, there is no space between the Unallocated" text and the unallocated bandwidth number in the multi-tenant bandwidth allocation window. |
| CYR-22671 | Fixed an issue where, in a multi-tenant deployment, the first tenant (the tenant you migrated) had prefixes appended to the device groups, templates, and template stacks such ar mu-dg, rn-tpl, and so forth. Only the tenants you create after you migrate the first tenant should have prefixes appended. |
Prisma Access 4.1.0-h44 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-37562 | Fixed an issue where, when you disable the multiportal feature flag and the Cloud Services plugin from 3.2.1, 4.0.0, or 4.1.0, you still see the option to enable or disable multiportal from the UI. |
Prisma Access 4.1.0-h38 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-35838 | Fixed an issue where sub-tenants were being inadvertently deprovisioned during a Panorama commit. This fix includes a plugin enhancement where subtenants will need to be explicitly deprovisioned by the Panorama admin to remove them from the Prisma Access infrastructure. |
Prisma Access 4.1.0-h35 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-36213 | Fixed an issue where an internal daemon was restarting, which caused a configuration sync status issue on Panorama. |
|
CYR-35811
|
Fixed an issue where a Commit and Push
operation was failing due to an empty subtenant ID for a newly
added subtenant.
|
| CYR-34966 | Fixed an issue where, when assigning Customize Per Site values for QoS for remote networks, remapped locations could not be selected or customized. |
Prisma Access 4.1.0-h31 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-37003 |
Fixed an issue where, after upgrading the Panorama that manages
Prisma Access to 10.2, multitenant deployments had one or more
sub-tenants deleted after a local commit was performed. Note
that, after you install the plugin that contains this hotfix and
delete a tenant, the tenant is deleted locally on the Panorama
but its configuration remains in the Prisma Access
infrastructure.
It is recommended that you backup your Panorama configuration
before you delete any sub-tenants.
To completely delete the tenant, reach out to your Palo Alto
Networks account representative or partner, who will contact the
SRE team and submit a request to delete the tenant from your
infrastructure.
|
| CYR-36299 | Fixed an issue where the link for Prisma Access App in the PanoramaCloud ServicesZTNA connector tab was broken. With this fix, Use the Prisma Access tab to use ZTNA Connector redirects users to the correct cloud management URL https://stratacloudmanager.paloaltonetworks.com/settings/ztna-connector/overview to access ZTNA connector configurations. |
Prisma Access 4.1.0-h29 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-35811 | Fixed an issue where a Commit and Push operation was failing due to empty subtenant ID for a newly added subtenant. |
| CYR-35531 | Fixed an issue where earlier versions of the 4.1.0 plugin did not successfully complete post-installation operations. |
| CYR-34395 | Fixed an issue where IPSec tunnel configuration was failing from Service Connection onboarding page. |
| CYR-33761 | Fixed an issue where, when clicking the Integrate with SDWAN button under Cloud Services Configuration, the button did not hide even though integration completed successfully. |
| CYR-33526 | Fixed an issue where User Attributes are validated under Group Mapping Settings only if there is a configuration change at the time of Commit and Push. |
Prisma Access 4.1.0-h20 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-35078 | Fixed an issue where an internal DNS domain could not be set and the following message was displayed: Invalid wildcard domain name. The domain name can have only one asterisk in the first position. |
| CYR-34966 | Fixed an issue where remapped compute locations did not display in the QoS settings for remote networks under Customize Per Site. |
| CYR-34745 | Fixed an issue where the Confirm Secret for Connection 2 was missing for Colo-Connect Service Connections. |
| CYR-34616 | Fixed an issue where the PanoramaQoS Statistics page displayed an inflated number of dropped packets. |
| CYR-34615 | Fixed an issue where VLANs that used both Partner and Dedicated Interconnects could be used in the same Colo-Connect service connection. |
| CYR-34504 | Fixed an issue where the BGP BFD value for Colo-Connect connections could not be disabled. |
| CYR-34053 | Fixed an issue where, after a compute location was remapped, remote network QoS settings could not be applied to the remapped compute location. |
Prisma Access 4.1.0-h13 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-34330 | Fixed an issue where the users could manually deselect the Colo-Connect Tenant checkbox during multi-tenancy migration. |
| CYR-34429 | Fixed an issue where local commits were failing after an upgrade to the 4.1.0 Cloud Services plugin. |
| CYR-34328 | Fixed an issue where the Prisma Access UI was loading due to feature flags not being present in the setup. |
| CYR-34201 | Fixed an issue where the Colo-Connect tab was not greyed out for a Clean Pipe tenant. |
| CYR-34192 | Fixed an issue where Colo-Connect subnet that was not in the valid CIDR address range were allowed to be added. |
| CYR-34191 | Fixed an issue where Colo-Connect device groups and templates were not created for multitenant deployments. |
| CYR-34118 | Fixed an issue where, if using Explicit Proxy in multitenant mode and after upgrading to 3.2.0+ plugin, Block Settings and Authentication Settings migrations did not take place. |
| CYR-34082 | Fixed an issue where the Colo-Connect tab was missing in the StatusNetwork Details page for tenants with Evaluation licenses. |
| CYR-34034 | Fixed an issue where users were not able to modify inactivity logout settings for GlobalProtect mobile users due to a validation check. |
| CYR-33969 | Fixed an issue where a Mobile Users—GlobalProtect configuration was deleted without the plugin user having deleted the configuration. |
| CYR-33805 | Fixed an issue where the Remote Networks and Mobile Users text in the Multi Tenant creation window was misaligned and did not properly indicate which component the allocation charts were for. |
| CYR-25509 | Fixed an issue where an unsupported debug command was exposed. |
Prisma Access 4.1 Addressed Issues
| Issue ID | Description |
|---|---|
|
CYR-39553
|
Fixed an issue where the Autonomous DEM AIOps Allocated total
number is incorrect for multitenant setups.
|
| CYR-34482 | Fixed an issue where two Data Filtering tabs are seen under Objects tab and one tab is undefined. |
| CYR-33844 |
Fixed an issue where the following Cloud Services plugin builds
were not compatible with the following M-series Panorama
devices:
|
| CYR-33757 | Fixed an issue in the Traffic Steering Rule Source tab where clicking on a Source Address or Address-Group in the drop-down list causes an incorrect item in the list to be selected. |
| CYR-33066 | Fixed an issue where, when setting up traffic replication, an error was received if the Member/User field was longer than 31 characters. |
| CYR-32888 | Fixed an issue where, on macOS endpoints running Safari and connected to Prisma Access in Tunnel and Proxy mode or proxy mode, browsing through explicit proxy was slow. |
| CYR-32870 | Fixed an issue where, during a commit operation, a spurious no username field is configured in certificate profile. message related to the GlobalProtect gateway was received. |
| CYR-32517 | Fixed an issue where, if you deployed a mobile users location that already has a location deployed in the same compute location, you might have received only one public IP address for the newly-deployed location instead of two. |
| CYR-31417 | Fixed an issue on Panorama Managed Prisma Access multitenant deployments where Prisma SD-WAN integrations with Panorama Integration Container (PIC) registration were failing. |
| CYR-31205 | Fixed an issue where, in mobile user deployments for Tunnel and Proxy mode or proxy mode, you needed to attach either a SAML or Kerberos authentication profile even if you enabled Use Agent Authentication or the commit failed. |