>
    Prisma Access Addressed Issues
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access Release Information
    4. Prisma Access Addressed Issues
    Download PDF
    Prisma Access

    Prisma Access Addressed Issues

    Table of Contents

    Prisma Access Addressed Issues

    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Panorama)
    • Minimum Required Prisma Access Version
       5.0 Preferred or Innovation
    The following topics describe issues that have been addressed in Prisma Access 5.0.

    Prisma Access 5.0.1 Addressed Issues

    Issue ID
    Description
    AIOPS-8130
    Fixed an issue where the Top 5 Prisma Access Location widget showed exorbitant and incorrect numbers for the Bandwidth in the Remote Networks and Service Connections section.
    CYR-38318
    Fixed an issue where the
    Withdraw Static Routes if Service Connection or Remote Networks IPSec tunnel is down
     choice was enabled by default and not configurable.
    CYR-38250
    Fixed an issue where the Mobile Users—Explicit Proxy Users (last 90 days) incorrectly displayed the same users as Mobile Users—GlobalProtect.
    CYR-38191
    Fixed an issue where the Total ZTNA Access Objects" widget incorrectly displayed the number of wildcards in addition to correctly displaying normal FQDN applications, subnet-based applications, and FQDN applications that were discovered as a result of creating a wildcard rule.
    CYR-38034
    Fixed an issue where, if a ZTNA connector was rebooted and if the corresponding connector group contained applications with a
    Probing Type
     of
    icmp ping
     or
    none
    , there could have been an impact on the traffic traversing the rebooted ZTNA Connectors.
    CYR-37171
    Fixed an issue where an evaluation license for the traffic replication feature could not be added on a production tenant.
    CYR-36703
    Fixed an issue where users and user groups that were configured in Traffic Steering rules were not tracked by the Cloud Identity Engine's Directory Sync service.
    CYR-33707
    Fixed an issue where, if you changed Colo-Connect service connection roles (for example, from Active/Active to Active/Backup) and changed the bandwidth on VLANs at the same time, an error displayed after a
    Commit and Push
     operation.
    CYR-32713
    Fixed an issue where ZTNA Connector could fail to retrieve the correct DNS configuration, which causes ZTNA connector traffic to fail, when the following conditions apply:
    • When the first application was onboarded in ZTNA connector-
    • When all applications were removed (deboarded) from ZTNA Connector

    Prisma Access 5.0.0-h33 Addressed Issues

    Issue ID
    Description
    CYR-41857
    Fixed an issue where if the user did not configure QoS profiles under
    Networks
    QoS Profile
    , the local commit validation on Panorama plugin was getting skipped.
    CYR-41569
    Fixed an issue where, when only one region was onboarded in a Mobile Users—GlobalProtect deployment, removing a location in that region resulted in a plugin validation error.
    CYR-41472
    Fixed an issue in a multitenant environment where, if users did not provide units for Remote Networks or Mobile User in the sub-tenant creation tab, the error message displayed
    Please specify a bandwidth for your Clean Pipe deployment
     instead of
    Please specify a bandwidth for your Remote Networks/Mobile Users
    .
    CYR-39874
    Fixed an issue where an Explicit Proxy template was created without Explicit Proxy being onboarded, which caused an issue when Explicit Proxy was onboarded later.

    Prisma Access 5.0.0-h31 Addressed Issues

    Issue ID
    Description
    CYR-41084
    Fixed an issue where, after disabling the Cloud Identity Engine integration with Prisma Access, existing
    Group Mapping Settings
     caused an error upon commit.
    CYR-39553
    Fixed an issue where the Autonomous DEM AIOps Allocated Total number was incorrect for multitenant setups.
    CYR-38605
    Fixed an issue where the rebranded Cortex Data Lake name of Strata Logging Service was not displaying correctly.
    CYR-29408
    Fixed an issue where the Cloud Services plugin did not manage SDWAN devices that were deployed in Fedramp environments.

    Prisma Access 5.0.0-h22 Addressed Issues

    Issue ID
    Description
    CYR-39599
    Fixed an issue where some columns in the Egress IP Allowlist table displayed that were related to IPv6, even though the IPv6 feature had not been enabled.

    Prisma Access 5.0.0-h21 Addressed Issues

    Issue ID
    Description
    ARBI-2272
    Fixed an issue where clicking
    Active Isolated Sessions
     (
    Status
    Remote Browser Isolation
    Active Isolated Sessions
    ) did not open the link in Strata Cloud Manager.
    CYR-39908
    Fixed an issue where multi-tenant deployments could not see the IP Optimization functionality in newly-added tenants.
    CYR-39795
    Fixed an issue where, after installation of the Cloud Services plugin, an Explicit Proxy Kerberos server profile (default_server_profile) was installed by the __cloud_services user, even though Explicit Proxy was not enabled.
    CYR-38814
    Fixed an issue where the
    Wildcard Top Down Match Mode
     check box did not display in a Panorama that manages Prisma Access in the
    Device
    Setup
    Management
     area.

    Prisma Access 5.0.0-h10 Addressed Issues

    Issue ID
    Description
    CYR-38368
    Fixed an issue where, when you onboard a Service Connection using CLI, it didn't show up in the selection dropdown for the Traffic Steering Target window.
    CYR-38120
    Fixed an issue where all available locations did not display in the list view in the Mobile Users—Explicit Proxy setup page.
    CYR-38103
    Fixed an issue where the
    Backup SC
     drop-down list did not have selectable options due to a lack of a transport-type configuration in Service Connection entries that were configured using CLI.
    CYR-37004
    Fixed an issue where panorama commit was failing with a
    profiles -> dlp-data-profiles unexpected here
     error after upgrading the Cloud Services plugin from 3.2.1 to a 4.0.0 or later version.
    CYR-34770
    Fixed an issue where, if you configured multiple portals in Prisma Access for the Mobile Users—GlobalProtect deployment, you must also configure an authentication profile under Client Authentication on all portals.

    Prisma Access 5.0.0 Addressed Issues

    Issue ID
    Description
    CYR-39553
    Fixed an issue where the Autonomous DEM AIOps Allocated total number is incorrect for multitenant setups.
    CYR-38068
    Fixed an issue where an integration may not happen the first time a user tries to connect to "Managed Cloud WANs" in the integration page. If this is the case, the user may have to reenter the pairing key.
    CYR-37003
    Fixed an issue where, after upgrading the Panorama that manages Prisma Access to 10.2, multitenant deployments had one or more sub-tenants deleted after a local commit was performed.
    Note that, after you install the plugin that contains this hotfix and delete a tenant, the tenant is deleted locally on the Panorama but its configuration remains in the Prisma Access infrastructure. It is recommended that you backup your Panorama configuration before you delete any sub-tenants. To completely delete the tenant, reach out to your Palo Alto Networks account representative or partner, who will contact the SRE team and submit a request to delete the tenant from your infrastructure.
    CYR-36709
    Fixed an issue where, when allocating bandwidth in legacy mode (on a per-location basis) for Remote Networks, onboarding of more than 250 RN sites was failing due to a SaaS agent Exception.
    CYR-36121
    Fixed an issue where traffic steering network traffic was being dropped due to a route asymmetry issue.
    CYR-35811
    Fixed an issue where a Commit and Push operation was failing due to an empty subtenant ID for a newly added subtenant.
    CYR-34173
    Fixed an issue where, when configuring multiple GlobalProtect portals with Traffic Steering, you could not configure Accept Default Routes over Service Connections
    Panorama
    Cloud Services
    Configuration
    Traffic Steering
    Settings
    Accept Default Route over Service Connection
    .
    CYR-34078
    Fixed an issue where, if you configured a Colo-Connect subnet before configuring and performing a Commit and Push operation for the Infrastructure Subnet, Colo-Connect Commit and Push operations would fail.
    CYR-33815
    Fixed an issue where, to enable
    Source IP based Visibility and Enforcement
     in Explicit Proxy, you also had to enable
    Enable Agent Proxy
     (for
    Prisma Access (Managed by Strata Cloud Manager)
    ) or
    Use GlobalProtect Agent to Authenticate
     (for Panorama Managed Prisma Access), even if you have not enabled the Explicit Proxy-GlobalProtect agent functionality.
    CYR-33695
    Fixed an issue where traffic steering rules could not be disabled or moved. In other cases, an
    No object to edit in move handler
     error was encountered and no changes could be applied to the traffic steering rule.
    CYR-33625
    Fixed an issue where, when configuring Colo-Connect for the first time and performing a partial commit, you received a
    'Colo_Connect_Device_Group' is invalid
     error.
    CYR-33584
    Fixed an issue where, in a multi-tenant deployment, if the first tenant's license expired, all sub-tenants license were also marked as expired.
    CYR-33553
    Fixed an issue where the Connector availability graph shown under
    Monitor
    Data Centers
    ZTNA Connectors
    Connectors
    <connector-name>
    Device metric
     displayed the graph in complete red color even when the connector IPSec tunnel has been continuously up for the last 24 hours.
    CYR-33539
    Fixed an issue where a new warning message displayed during a commit when Explicit Proxy is configured in a deployment with multiple tenants.
    CYR-33180
    Fixed an issue where, in order to use the Prisma Access Explicit Proxy Connectivity in GlobalProtect for Always-On Internet Security feature, you had to onboard at least one mobile user gateway.
    CYR-32782
    Fixed an issue where, if you deleted a Colo-Connect service connection and then Committed and Pushed your changes, it could can take some time to delete Colo-Connect service connections.
    CYR-32188
    Fixed an issue where, in Prisma Access Insights, the Connector Availability graph for a given ZTNA Connector did not show up if the IPSec tunnel between the connector and the ZTNA Tunnel Terminator (ZTT) had been up without interruption for the last 24 hours.
    CYR-32170
    Fixed an issue where, when using ZTNA Connector, diagnostic tools such as ping, traceroute and nslookup that are accessible from the ZTNA Connector UI
    Connectors
    Actions
    Diagnostics
     icon were not functional.
    CYR-32006
    Fixed an issue where, when using Dynamic DNS (DDNS) registration using the Cloud Services plugin 3.2, nsupdate commands were not working as expected, which caused issues with DDNS update queries.
    CYR-31623
    Fixed an issue where only one Panorama HA pair could be associated with a CDL instance.
    CYR-30610
    Fixed an issue where, in a Prisma Access multitenant deployment, Commit and Push operations were failing because subtenant IDs were not being populated correctly.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.