Prisma Access
Prisma Access Addressed Issues
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
5.0 Preferred and Innovation
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
-
- Allocate Licenses for Prisma Access (Managed by Strata Cloud Manager)
- Plan Service Connections for Prisma Access (Managed by Strata Cloud Manager) and Add-ons
- Add Additional Locations for Prisma Access (Managed by Strata Cloud Manager) and Add-ons
- Enable Available Add-ons for Prisma Access (Managed by Strata Cloud Manager)
- Search for Subscription Details
- Share a License for Prisma Access (Managed by Strata Cloud Manager) and Add-ons
- Increase Subscription Allocation Quantity
-
- Activate a License for Prisma Access (Managed by Strata Cloud Manager) and Prisma SD-WAN Bundle
- Activate and Edit a License for SASE 5G Through Common Services
-
- Prisma Access Onboarding Workflow
-
4.0 & Later
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
- Prisma Access China
-
- Set Up Prisma Access
- Configure the Prisma Access Service Infrastructure
- Remote Networks: IPSec Termination Nodes and Service IP Addresses
- Remote Networks: IP Address Changes Related To Bandwidth Allocation
- Remote Networks: Service IP Address and Egress IP Address Allocation
- API Examples for Retrieving Prisma Access IP Addresses
- Get Notifications When Prisma Access IP Addresses Change
- Prisma Access Zones
- DNS for Prisma Access
- High Availability for Prisma Access
-
- Enable ZTNA Connector
- Delete Connector IP Blocks
- Set Up Auto Discovery of Applications Using Cloud Identity Engine
- Private AWS Application Target Discovery
- Security Policy for Apps Enabled with ZTNA Connector
- Monitor ZTNA Connector
- View ZTNA Connector Logs
- Preserve User-ID Mapping for ZTNA Connector Connections with Source NAT
-
- Enable Dynamic Privilege Access for Prisma Access Through Common Services
- Authorize User Group Mapping in Cloud Identity Engine for Dynamic Privilege Access
- Enable the Access Agent
- Set Up the Agent Infrastructure for Dynamic Privilege Access
- Create a Snippet
- Create a Project
- Traffic Steering for Dynamic Privilege Access
- Push the Prisma Access Agent Configuration
- Download the Dynamic Privilege Access Enabled Prisma Access Agent Package
-
- Install the Prisma Access Agent
- Log in to the Dynamic Privilege Access Enabled Prisma Access Agent
- Change Preferences for the Dynamic Privilege Access Enabled Prisma Access Agent
- Connect the Dynamic Privilege Access Enabled Prisma Access Agent to a Different Location
- Switch to a Different Project
- Connect the Dynamic Privilege Access Enabled Prisma Access Agent to a Different Server
- Disable the Dynamic Privilege Access Enabled Prisma Access Agent
- Switch Between the Prisma Access Agent and GlobalProtect App
- View and Monitor Dynamic Privilege Access Users
- View and Monitor Dynamic Privilege Access Projects
- Automatic Tunnel Restoration in Dynamic Privilege Access Prisma Access Agents
- Manage Prisma SASE 5G
- App Acceleration in Prisma Access
-
-
- Planning Checklist for GlobalProtect on Prisma Access
- Set Up GlobalProtect Mobile Users
- GlobalProtect — Customize Tunnel Settings
- GlobalProtect — Customize App Settings
- Ticket Request to Disable GlobalProtect
- GlobalProtect Pre-Logon
- GlobalProtect — Clientless VPN
- Monitor GlobalProtect Mobile Users
- How the GlobalProtect App Selects Prisma Access Locations for Mobile Users
- Allow Listing GlobalProtect Mobile Users
-
- Explicit Proxy Configuration Guidelines
- GlobalProtect in Proxy Mode
- GlobalProtect in Tunnel and Proxy Mode
- Private IP Address Visibility and Enforcement for Agent Based Proxy Traffic
- SAML Authentication for Explicit Proxy
- Set Up Explicit Proxy
- Cloud Identity Engine Authentication for Explicit Proxy Deployments
- Proxy Mode on Remote Networks
- How Explicit Proxy Identifies Users
- Explicit Proxy Forwarding Profiles
- PAC File Guidelines
- Explicit Proxy Best Practices
- Monitor and Troubleshoot Explicit Proxy
- Block Settings for Explicit Proxy
- Use Special Objects to Restrict Explicit Proxy Internet Traffic to Specific IP Addresses
- Access Your Data Center Using Explicit Proxy
- App-Based Office 365 Integration with Explicit Proxy
- Chromebook with Prisma Access Explicit Proxy
- Configure Proxy Chaining with Blue Coat Proxy
- IP Address Optimization for Explicit Proxy Users- Proxy Deployments
- DNS Resolution for Mobile Users—Explicit Proxy Deployments
- View User to IP Address or User Groups Mappings
- Report Mobile User Site Access Issues
- Enable Mobile Users to Access Corporate Resources
-
-
- Planning Checklist for Remote Networks
- Allocate Remote Network Bandwidth
- Onboard a Remote Network
- Connect a Remote Network Site to Prisma Access
- Enable Routing for Your Remote Network
- Onboard Multiple Remote Networks
- Configure Remote Network and Service Connection Connected with a WAN Link
- Remote Networks—High Performance
- Integrate a Shared Desktop VDI with Prisma Access Using Terminal Server
-
- Multitenancy Configuration Overview
- Plan Your Multitenant Deployment
- Create an All-New Multitenant Deployment
- Enable Multitenancy and Migrate the First Tenant
- Add Tenants to Prisma Access
- Delete a Tenant
- Create a Tenant-Level Administrative User
- Sort Logs by Device Group ID in a Multitenant Deployment
-
- Add a New Compute Location for a Deployed Prisma Access Location
- How BGP Advertises Mobile User IP Address Pools for Service Connections and Remote Network Connections
- Proxy Support for Prisma Access and Strata Logging Service
- Block Incoming Connections from Specific Countries
- Prisma Access for No Default Route Networks
-
-
- Default Routes With Prisma Access Traffic Steering
- Traffic Steering in Prisma Access
- Traffic Steering Requirements
- Default Routes with Traffic Steering Example
- Default Routes with Traffic Steering Direct to Internet Example
- Default Routes with Traffic Steering and Dedicated Service Connection Example
- Prisma Access Traffic Steering Rule Guidelines
- Configure Zone Mapping and Security Policies for Traffic Steering Dedicated Connections
- Configure Traffic Steering in Prisma Access
- Preserve User-ID and Device-ID Mapping for Service Connections with Source NAT
-
- Prisma Access Internal Gateway
-
- Configure Privileged Remote Access Settings
- Set Up the Privileged Remote Access Portal
- Configure Applications for Privileged Remote Access
- Set Up Privileged Remote Access Profiles
- Define Permissions for Accessing Privileged Remote Access Apps
- Configure Split Tunneling for Privileged Remote Access Traffic
- Manage Privileged Remote Access Connections
- Use Privileged Remote Access
-
- Integrate Prisma Access With Other Palo Alto Networks Apps
- Integrate Third-Party Enterprise Browser with Explicit Proxy
- Integrate Third-Party NDRs with Prisma Access
- Juniper Mist Integration for SASE Health
-
-
- Connect your Mobile Users in Mainland China to Prisma Access Overview
- Configure Prisma Access for Mobile Users in China
- Configure Real-Name Registration and Create the VPCs in Alibaba Cloud
- Attach the CEN and Specify the Bandwidth
- Create Linux Instances in the Alibaba Cloud VPCs
- Configure the Router Instances
- Onboard the GlobalProtect Gateway and Configure the Prisma Access Portal
-
-
-
- INC_CIE_AGENT_DISCONNECT
- INC_CIE_DIRECTORY_DISCONNECT
- INC_GLOBALPROTECT_GW_USER_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_ALL_PA_LOCATIONS
- INC_GLOBALPROTECT_GW_USER_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_PER_PA_LOCATION
- INC_GLOBALPROTECT_PORTAL_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_ALL_PA_LOCATIONS
- INC_GLOBALPROTECT_PORTAL_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_PER_PA_LOCATION
- INC_MU_AUTH_SERVER_UNREACHABLE_ALL_ PA_LOCATIONS
- INC_MU_AUTH_SERVER_UNREACHABLE_PER_ PA_LOCATION
- INC_MU_DNS_SERVER_UNREACHABLE_ALL_ PA_LOCATIONS
- INC_MU_DNS_SERVER_UNREACHABLE_ PER_PA_LOCATION
- INC_PORTAL_CLIENTLESS_VPN_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_ALL_PA_LOCATIONS
- INC_PORTAL_CLIENTLESS_VPN_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_PER_PA_LOCATION
- INC_RN_AUTH_SERVER_UNREACHABLE_ALL_ PA_LOCATIONS
- INC_RN_AUTH_SERVER_UNREACHABLE_PER_ PA_LOCATION
- INC_RN_DNS_SERVER_UNREACHABLE_ALL_ PA_LOCATIONS
- INC_RN_DNS_SERVER_UNREACHABLE_PER_ PA_LOCATION
- INC_RN_ECMP_TUNNEL_RTT_EXCEEDED_ BASELINE
- INC_RN_PRIMARY_WAN_TUNNEL_RTT_ EXCEEDED_BASELINE
- INC_RN_SECONDARY_TUNNEL_DOWN
- INC_RN_SECONDARY_WAN_TUNNEL_RTT_ EXCEEDED_BASELINE
- INC_RN_SITE_CAPACITY_PREDICTION
- INC_SC_PRIMARY_WAN_TUNNEL_RTT_ EXCEEDED_BASELINE
- INC_SC_SECONDARY_WAN_TUNNEL_RTT_ EXCEEDED_BASELINE
- INC_SC_SITE_CAPACITY_PREDICTION
-
- INC_CERTIFICATE_EXPIRY
- INC_GP_CLIENT_VERSION_UNSUPPORTED
- INC_MU_IP_POOL_BLOCK_UTILIZATION_ EXCEEDED_CAPACITY
- INC_MU_IP_POOL_BLOCK_UTILIZATION_ EXCEEDED_THRESHOLD
- INC_PA_INFRA_DEGRADATION
- INC_PA_SERVICE_DEGRADATION_PA_LOCATION
- INC_PA_SERVICE_DEGRADATION_RN_ SITE_CONNECTIVITY
- INC_PA_SERVICE_DEGRADATION_SC_ CONNECTIVITY
- INC_RN_ECMP_BGP_DOWN
- INC_RN_ECMP_BGP_FLAP
- INC_RN_ECMP_PROXY_TUNNEL_DOWN
- INC_RN_ECMP_PROXY_TUNNEL_FLAP
- INC_RN_ECMP_TUNNEL_DOWN
- INC_RN_ECMP_TUNNEL_FLAP
- INC_RN_PRIMARY_WAN_BGP_FLAP
- INC_RN_PRIMARY_WAN_PROXY_TUNNEL_DOWN
- INC_RN_PRIMARY_WAN_PROXY_TUNNEL_FLAP
- INC_RN_PRIMARY_WAN_TUNNEL_DOWN
- INC_RN_PRIMARY_WAN_TUNNEL_FLAP
- INC_RN_SECONDARY_WAN_BGP_DOWN
- INC_RN_SECONDARY_WAN_BGP_FLAP
- INC_RN_SECONDARY_WAN_PROXY_TUNNEL_DOWN
- INC_RN_SECONDARY_WAN_PROXY_TUNNEL_FLAP
- INC_RN_SECONDARY_WAN_TUNNEL_DOWN
- INC_RN_SECONDARY_WAN_TUNNEL_FLAP
- INC_RN_SITE_DOWN
- INC_RN_SITE_LONG_DURATION_CAPACITY_ EXCEEDED_THRESHOLD
- INC_RN_SITE_LONG_DURATION_EXCEEDED_ CAPACITY
- INC_RN_SPN_LONG_DURATION_CAPACITY_EXCEEDED _THRESHOLD
- INC_RN_SPN_LONG_DURATION_EXCEEDED_ CAPACITY
- INC_SC_PRIMARY_WAN_BGP_DOWN
- INC_SC_PRIMARY_WAN_BGP_FLAP
- INC_SC_PRIMARY_WAN_PROXY_TUNNEL_DOWN
- INC_SC_PRIMARY_WAN_PROXY_TUNNEL_FLAP
- INC_SC_PRIMARY_WAN_TUNNEL_DOWN
- INC_SC_PRIMARY_WAN_TUNNEL_FLAP
- INC_SC_SECONDARY_WAN_BGP_DOWN
- INC_SC_SECONDARY_WAN_BGP_FLAP
- INC_SC_SECONDARY_WAN_PROXY_TUNNEL_DOWN
- INC_SC_SECONDARY_WAN_PROXY_TUNNEL_FLAP
- INC_SC_SECONDARY_WAN_TUNNEL_DOWN
- INC_SC_SECONDARY_WAN_TUNNEL_FLAP
- INC_SC_SITE_DOWN
- INC_SC_SITE_LONG_DURATION_CAPACITY_ EXCEEDED_THRESHOLD
- INC_SC_SITE_LONG_DURATION_EXCEEDED_ CAPACITY
- INC_ZTNA_CONNECTOR_APP_STATUS_DOWN
- INC_ZTNA_CONNECTOR_APP_STATUS_DOWN_PARTIAL
- INC_ZTNA_CONNECTOR_CPU_HIGH
- INC_ZTNA_CONNECTOR_MEMORY_HIGH
- INC_ZTNA_CONNECTOR_TUNNEL_DOWN
-
- AL_CIE_AGENT_DISCONNECT
- AL_CIE_DIRECTORY_DISCONNECT
- AL_MU_IP_POOL_CAPACITY
- AL_MU_IP_POOL_USAGE
- AL_RN_ECMP_BGP_DOWN
- AL_RN_ECMP_BGP_FLAP
- AL_RN_PRIMARY_WAN_BGP_DOWN
- AL_RN_PRIMARY_WAN_BGP_FLAP
- AL_RN_PRIMARY_WAN_TUNNEL_DOWN
- AL_RN_PRIMARY_WAN_TUNNEL_FLAP
- AL_RN_SECONDARY_WAN_BGP_DOWN
- AL_RN_SECONDARY_WAN_BGP_FLAP
- AL_RN_SECONDARY_WAN_TUNNEL_DOWN
- AL_RN_SECONDARY_WAN_TUNNEL_FLAP
- AL_RN_SITE_DOWN
- AL_RN_SITE_LONG_DURATION_CAPACITY_ EXCEEDED_THRESHOLD
- AL_RN_SITE_LONG_DURATION_EXCEEDED_ CAPACITY
- AL_RN_SPN_LONG_DURATION_CAPACITY_ EXCEEDED_THRESHOLD
- AL_SC_PRIMARY_WAN_BGP_DOWN
- AL_SC_PRIMARY_WAN_BGP_FLAP
- AL_SC_PRIMARY_WAN_TUNNEL_DOWN
- AL_SC_PRIMARY_WAN_TUNNEL_FLAP
- AL_SC_SECONDARY_WAN_BGP_DOWN
- AL_SC_SECONDARY_WAN_BGP_FLAP
- AL_SC_SECONDARY_WAN_TUNNEL_DOWN
- AL_SC_SECONDARY_WAN_TUNNEL_FLAP
- AL_SC_SITE_DOWN
- AL_SC_SITE_LONG_DURATION_CAPACITY_ EXCEEDED_THRESHOLD
- AL_SC_SITE_LONG_DURATION_EXCEEDED_CAPACITY
- AL_ZTNA_CONNECTOR_APP_STATUS_DOWN
- AL_ZTNA_CONNECTOR_APP_STATUS_DOWN_PARTIAL
- AL_ZTNA_CONNECTOR_CPU_HIGH
- AL_ZTNA_CONNECTOR_MEMORY_HIGH
- AL_ZTNA_CONNECTOR_TUNNEL_DOWN
- New Features in Incidents and Alerts
- Known Issues
Prisma Access Addressed Issues
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The following topics describe issues that have been addressed in Prisma Access 5.0.
Prisma Access 5.0.1 Addressed Issues
| Issue ID | Description |
|---|---|
| AIOPS-8130 | Fixed an issue where the Top 5 Prisma Access Location widget showed exorbitant and incorrect numbers for the Bandwidth in the Remote Networks and Service Connections section. |
| CYR-38318 | Fixed an issue where the Withdraw Static Routes if Service Connection or Remote Networks IPSec tunnel is down choice was enabled by default and not configurable. |
| CYR-38250 | Fixed an issue where the Mobile Users—Explicit Proxy Users (last 90 days) incorrectly displayed the same users as Mobile Users—GlobalProtect. |
| CYR-38191 | Fixed an issue where the Total ZTNA Access Objects" widget incorrectly displayed the number of wildcards in addition to correctly displaying normal FQDN applications, subnet-based applications, and FQDN applications that were discovered as a result of creating a wildcard rule. |
| CYR-38034 | Fixed an issue where, if a ZTNA connector was rebooted and if the corresponding connector group contained applications with a Probing Type of icmp ping or none, there could have been an impact on the traffic traversing the rebooted ZTNA Connectors. |
| CYR-37171 | Fixed an issue where an evaluation license for the traffic replication feature could not be added on a production tenant. |
| CYR-36703 | Fixed an issue where users and user groups that were configured in Traffic Steering rules were not tracked by the Cloud Identity Engine's Directory Sync service. |
| CYR-33707 | Fixed an issue where, if you changed Colo-Connect service connection roles (for example, from Active/Active to Active/Backup) and changed the bandwidth on VLANs at the same time, an error displayed after a Commit and Push operation. |
| CYR-32713 | Fixed an issue where ZTNA Connector could fail to
retrieve the correct DNS configuration, which causes ZTNA connector
traffic to fail, when the following conditions apply:
|
Prisma Access 5.0.0-h71 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-47510 | Fixed an issue where clicking on the ECMP node configuration after an upgrade of the Cloud Services plugin caused a commit failure. |
Prisma Access 5.0.0-h69 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-45416 | Fixed an issue where the Cloud Services plugin indicated that there were no licenses installed when an SCM Pro license was added to Panorama. |
Prisma Access 5.0.0-h68 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-48900 | Fixed an issue where, in a multitenant Panorama setup using a legacy Autonomous DEM SKU, you could not remove Autonomous DEM users from subtenants. |
| CYR-48889 | Fixed an issue where, in a deployment with an ADEMAIOPS or SCM Pro license, you could not disable AIOPS-powered ADEM in a multitenant configuration. |
Prisma Access 5.0.0-h66 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-47969 | Fixed an issue where, after an upgrade of the Cloud Services plugin, The Cloud Services plugin Status page did not load. |
| CYR-45932 | Fixed an issue where one-time push (OTP) verification was failing with the following error: "[get-panorama-cert.py:288] <class 'AttributeError'> ("'Pan_Plugin_Client' object has no attribute 'whitelist_keys'". |
| CYR-43938 | Fixed an issue where validation for a deployment with multiple portals in a multitenant setup was missing the template stack name, which caused commit validation to fail. |
| CYR-37017 | Fixed an issue where a configuration passed
validation checks for the following invalid configuration:
|
| CYR-35243 | Fixed an issue where the Cloud Services plugin did not display or hide multi-portal enablement based on the feature flag setting. |
Prisma Access 5.0.0-h61 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-47032 | Fixed an issue where, after a Panorama upgrade from 11.2 to 12.1, a commit operation failed after editing the login banner. |
| CYR-46728 |
Fixed an issue where the scheduled reports from Panorama were
empty when a proxy server was configured.
|
| CYR-46358 | Fixed an issue where a Failed Plugin validation error occurred on a non-Prisma Access Edition tenant during an upgrade to a Cloud Services plugin that had Colo-Connect changes. |
Prisma Access 5.0.0-h60 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-46782 | Fixed an issue where domain names that contained non-ASCII characters and were in the Panorama cache caused errors during the processing of nsupdate commands in the GlobalProtect DDNS feature. |
| CYR-46358 | Fixed an issue where a Failed Plugin validation error occurred on a non-Prisma Access Edition tenant during an upgrade to a Cloud Services plugin that had Colo-Connect changes. |
| CYR-45949 | Fixed an issue where if the UI was not able to access the Prisma Access infrastructure, the Mobile Users - Explicit Proxy onboarding location tab did not load and would keep buffering. |
| CYR-44969 | Fixed an issue where a user that was created using a role-based administrator was not able to see the Cloud Services configuration in the UI. |
| CYR-44496 | Fixed an issue where statistics where not populated in the UK region under PanoramaCloud ServicesStatusMonitorRemote Networks Bandwidth usage. |
| CYR-43473 | Fixed an intermittent issue where nsupdate records were not properly deleted from the DNS server for some endpoints configured with the Pre-Logon connect method. |
| CYR-34759 | Fixed an issue where, in a multitenant setup, a sub-tenant with a mobile users only license + ADEM AIOPS was not allocating units property in the Allocation tab. |
| CYR-39930 | Fixed an issue where Cortex Data Lake logs were not exported from tenants that had the IP Optimization feature enabled. |
Prisma Access 5.0.0-h53 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-45874 | Fixed an issue where, in a Panorama managed multitenant mobile user deployment, enabling ADEM prevented local commits from being successful. |
| CYR-45143 | Fixed an issue where CloudBlade integrations were not working in FedRAMP high and FedRAMP moderate environments. |
Prisma Access 5.0.0-h48 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-44354 | Fixed an issue where a Prisma SD-WAN CloudBlade Version 4.0.0 stopped working without a proxy. |
Prisma Access 5.0.0-h46 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-43562 | Fixed an issue where the export of current users from
the status page has:
|
| CYR-43502 | Fixed an issue where, during a Commit and Push operation, some invalid Prisma Access configurations were validates successfully in Panorama, but were not successfully pushed due to errors in the cloud-based infrastructure. |
| CYR-43237 | Fixed an issue where Panorama Managed Prisma Access deployments that use proxies did not work with Prisma SD-WAN deployments using Prisma Access CloudBlade Integration Release 4.0.0. |
| CYR-43132 | Fixed an issue where, during sub-tenant creation on Panorama, the user could not configure units for either Remote Networks or Mobile Users. You can now configure both units at the same time. |
| CYR-42787 | Fixed an issue where the sub-tenant summary was missing on Panorama Status page when the response from Prisma Access backend was not fetched successfully. |
| CYR-42499 | Fixed an issue where, in a new multitenant deployment that didn't have any existing configuration, administrators were not allowed to enter the sub-tenant name manually. |
Prisma Access 5.0.0-h33 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-41857 | Fixed an issue where if the user did not configure QoS profiles under NetworksQoS Profile, the local commit validation on Panorama plugin was getting skipped. |
| CYR-41569 | Fixed an issue where, when only one region was onboarded in a Mobile Users—GlobalProtect deployment, removing a location in that region resulted in a plugin validation error. |
| CYR-41472 | Fixed an issue in a multitenant environment where, if users did not provide units for Remote Networks or Mobile User in the sub-tenant creation tab, the error message displayed Please specify a bandwidth for your Clean Pipe deployment instead of Please specify a bandwidth for your Remote Networks/Mobile Users. |
| CYR-39874 | Fixed an issue where an Explicit Proxy template was created without Explicit Proxy being onboarded, which caused an issue when Explicit Proxy was onboarded later. |
Prisma Access 5.0.0-h31 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-41084 | Fixed an issue where, after disabling the Cloud Identity Engine integration with Prisma Access, existing Group Mapping Settings caused an error upon commit. |
| CYR-39553 | Fixed an issue where the Autonomous DEM AIOps Allocated Total number was incorrect for multitenant setups. |
| CYR-38605 | Fixed an issue where the rebranded Cortex Data Lake name of Strata Logging Service was not displaying correctly. |
| CYR-29408 | Fixed an issue where the Cloud Services plugin did not manage SDWAN devices that were deployed in Fedramp environments. |
Prisma Access 5.0.0-h22 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-39599 | Fixed an issue where some columns in the Egress IP Allowlist table displayed that were related to IPv6, even though the IPv6 feature had not been enabled. |
Prisma Access 5.0.0-h21 Addressed Issues
| Issue ID | Description |
|---|---|
| ARBI-2272 | Fixed an issue where clicking Active Isolated Sessions (StatusRemote Browser IsolationActive Isolated Sessions) did not open the link in Strata Cloud Manager. |
| CYR-39908 | Fixed an issue where multi-tenant deployments could not see the IP Optimization functionality in newly-added tenants. |
| CYR-39795 | Fixed an issue where, after installation of the Cloud Services plugin, an Explicit Proxy Kerberos server profile (default_server_profile) was installed by the __cloud_services user, even though Explicit Proxy was not enabled. |
| CYR-38814 | Fixed an issue where the Wildcard Top Down Match Mode check box did not display in a Panorama that manages Prisma Access in the DeviceSetupManagement area. |
Prisma Access 5.0.0-h10 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-38368 | Fixed an issue where, when you onboard a Service Connection using CLI, it didn't show up in the selection dropdown for the Traffic Steering Target window. |
| CYR-38120 | Fixed an issue where all available locations did not display in the list view in the Mobile Users—Explicit Proxy setup page. |
| CYR-38103 | Fixed an issue where the Backup SC drop-down list did not have selectable options due to a lack of a transport-type configuration in Service Connection entries that were configured using CLI. |
| CYR-37004 | Fixed an issue where panorama commit was failing with a profiles -> dlp-data-profiles unexpected here error after upgrading the Cloud Services plugin from 3.2.1 to a 4.0.0 or later version. |
| CYR-34770 | Fixed an issue where, if you configured multiple portals in Prisma Access for the Mobile Users—GlobalProtect deployment, you must also configure an authentication profile under Client Authentication on all portals. |
Prisma Access 5.0.0 Addressed Issues
| Issue ID | Description |
|---|---|
|
CYR-39553
|
Fixed an issue where the Autonomous DEM AIOps Allocated total
number is incorrect for multitenant setups.
|
| CYR-38068 | Fixed an issue where an integration may not happen the first time a user tries to connect to "Managed Cloud WANs" in the integration page. If this is the case, the user may have to reenter the pairing key. |
| CYR-37003 | Fixed an issue where, after upgrading the Panorama
that manages Prisma Access to 10.2, multitenant deployments had one
or more sub-tenants deleted after a local commit was performed.
Note that, after you install the plugin that contains this
hotfix and delete a tenant, the tenant is deleted locally on the
Panorama but its configuration remains in the Prisma Access
infrastructure. It is recommended that you backup your Panorama
configuration before you delete any sub-tenants. To completely
delete the tenant, reach out to your Palo Alto Networks account
representative or partner, who will contact the SRE team and
submit a request to delete the tenant from your
infrastructure. |
| CYR-36709 | Fixed an issue where, when allocating bandwidth in legacy mode (on a per-location basis) for Remote Networks, onboarding of more than 250 RN sites was failing due to a SaaS agent Exception. |
| CYR-36121 | Fixed an issue where traffic steering network traffic was being dropped due to a route asymmetry issue. |
| CYR-35811 | Fixed an issue where a Commit and Push operation was failing due to an empty subtenant ID for a newly added subtenant. |
| CYR-34173 | Fixed an issue where, when configuring multiple GlobalProtect portals with Traffic Steering, you could not configure Accept Default Routes over Service Connections PanoramaCloud ServicesConfigurationTraffic SteeringSettingsAccept Default Route over Service Connection. |
| CYR-34078 |
Fixed an issue where, if you configured a Colo-Connect subnet
before configuring and performing a Commit and Push operation
for the Infrastructure Subnet, Colo-Connect Commit and Push
operations would fail.
|
| CYR-33815 | Fixed an issue where, to enable Source IP based Visibility and Enforcement in Explicit Proxy, you also had to enable Enable Agent Proxy (for Prisma Access (Managed by Strata Cloud Manager)) or Use GlobalProtect Agent to Authenticate (for Panorama Managed Prisma Access), even if you have not enabled the Explicit Proxy-GlobalProtect agent functionality. |
| CYR-33695 | Fixed an issue where traffic steering rules could not be disabled or moved. In other cases, an No object to edit in move handler error was encountered and no changes could be applied to the traffic steering rule. |
| CYR-33625 |
Fixed an issue where, when configuring Colo-Connect for the first
time and performing a partial commit, you received a
'Colo_Connect_Device_Group' is
invalid error.
|
| CYR-33584 | Fixed an issue where, in a multi-tenant deployment, if the first tenant's license expired, all sub-tenants license were also marked as expired. |
| CYR-33553 |
Fixed an issue where the Connector availability graph shown under MonitorData CentersZTNA ConnectorsConnectors<connector-name>Device metric displayed the graph in complete red color even
when the connector IPSec tunnel has been continuously up for the
last 24 hours.
|
| CYR-33539 | Fixed an issue where a new warning message displayed during a commit when Explicit Proxy is configured in a deployment with multiple tenants. |
| CYR-33180 | Fixed an issue where, in order to use the Prisma Access Explicit Proxy Connectivity in GlobalProtect for Always-On Internet Security feature, you had to onboard at least one mobile user gateway. |
| CYR-32782 | Fixed an issue where, if you deleted a Colo-Connect service connection and then Committed and Pushed your changes, it could can take some time to delete Colo-Connect service connections. |
| CYR-32188 |
Fixed an issue where, in Prisma Access Insights, the Connector
Availability graph for a given ZTNA Connector did not show up if
the IPSec tunnel between the connector and the ZTNA Tunnel
Terminator (ZTT) had been up without interruption for the last
24 hours.
|
| CYR-32170 | Fixed an issue where, when using ZTNA Connector, diagnostic tools such as ping, traceroute and nslookup that are accessible from the ZTNA Connector UI ConnectorsActionsDiagnostics icon were not functional. |
| CYR-32006 |
Fixed an issue where, when using Dynamic DNS (DDNS) registration
using the Cloud Services plugin 3.2, nsupdate commands were not
working as expected, which caused issues with DDNS update
queries.
|
| CYR-31623 |
Fixed an issue where only one Panorama HA pair could be
associated with a CDL instance.
|
| CYR-30610 | Fixed an issue where, in a Prisma Access multitenant deployment, Commit and Push operations were failing because subtenant IDs were not being populated correctly. |