Prisma Access Addressed Issues
Focus
Focus
Prisma Access

Prisma Access Addressed Issues

Table of Contents

Prisma Access Addressed Issues

Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Panorama)
  • Minimum Required Prisma Access Version 5.2 or 5.2.1 Preferred or Innovation
The following topics describe issues that have been addressed in Prisma Access 5.2 and Prisma Access 5.2.1.

Prisma Access 5.2.1 Addressed Issues

Issue IDDescription
CYR-45847Fixed an issue where, when a service subnet was changed, it as updated on the Prisma Access GlobalProtect gateways, but the GlobalProtect tunnel went down because NAT was not correctly implemented.
CYR-45341Fixed an issue where Commit and Push jobs to Colo-Connect Device Groups were timing out, causing VLANs to not be deleted.
CYR-44391Fixed an issue where Explicit Proxy deployments in China did not support using the Cloud Identity Engine or SAML for authentication.
CYR-43690Fixed an issue where, when attempting to modify or delete Connector IP Blocks in ZTNA Connector, the changes were not applied after a Commit and Push.
CYR-42919Fixed an issue where, when attempting to modify or delete Connector IP Blocks in ZTNA Connector, the changes are not applied after a Commit and Push.

Prisma Access 5.2.0-h20 Addressed Issues

Issue IDDescription
CYR-47416Fixed an issue where the Prisma Access Agent workflow did not display on Panorama.
CYR-35243Fixed an issue where the Cloud Services plugin did not display or hide multi-portal enablement based on the feature flag setting.

Prisma Access 5.2.0-h18 Addressed Issues

Issue IDDescription
CYR-47969Fixed an issue where, after an upgrade of the Cloud Services plugin, The Cloud Services plugin Status page did not load.
CYR-47510Fixed an issue where clicking ECMP remote network configuration after an upgrade of the Cloud Services plugin resulted in a commit failure.
CYR-47206Fixed an issue where adding an RFC6598 subnet (for example, 100.64.0.0/24) as static route resulted in a commit failure.
CYR-43938Fixed an issue where validation for a deployment with multiple portals in a multitenant setup was missing the template stack name, which caused commit validation to fail.

Prisma Access 5.2.0-h16 Addressed Issues

Issue IDDescription
CYR-47032Fixed an issue where, after a Panorama upgrade from 11.2 to 12.1, a commit operation failed after editing the login banner.
CYR-46728Fixed an issue where the scheduled reports from Panorama were empty when a proxy server was configured.
CYR-46358Fixed an issue where a Failed Plugin validation error occurred on a non-Prisma Access Edition tenant during an upgrade to a Cloud Services plugin that had Colo-Connect changes.
CYR-46093Fixed an issue where, if your deployment implemented the functionality to support up to 25,000 remote networks and 50,000 IKE gateways, aggregate bandwidth usage statistics displayed No data for the specified time period instead of the usage statistics.

Prisma Access 5.2.0-h14 Addressed Issues

Issue IDDescription
CYR-46782Fixed an issue where domain names that contained non-ASCII characters and were in the Panorama cache caused errors during the processing of nsupdate commands in the GlobalProtect DDNS feature.
CYR-46358Fixed an issue where a Failed Plugin validation error occurred on a non-Prisma Access Edition tenant during an upgrade to a Cloud Services plugin that had Colo-Connect changes.
CYR-45949Fixed an issue where if the UI was not able to access the Prisma Access infrastructure, the Mobile Users - Explicit Proxy onboarding location tab did not load and would keep buffering.
CYR-45932 Fixed an issue where one-time push (OTP) verification was failing with the following error: [get-panorama-cert.py:288] <class 'AttributeError'> ("'Pan_Plugin_Client' object has no attribute 'whitelist_keys'
CYR-44969Fixed an issue where a user that was created using a role-based administrator was not able to see the Cloud Services configuration in the UI.
CYR-44766Fixed an issue where the deletion of IKE and IPSec crypto profile using common APIs were failing and the profiles were not deleted from the configuration.

Prisma Access 5.2.0 Addressed Issues

Issue IDDescription
CYR-45112Fixed an issue where the external gateway configuration was grayed out when upgrading the Cloud Services plugin to versions 5.1.0 or later.
CYR-44598Fixed an issue where the Strata Logging Service status for Panorama Managed Prisma Access deployments was displaying an Exception <customer-id> error.
CYR-43673Fixed an issue where all the invalid configurations from the API were relayed back to the system administrator via a GET call.
CYR-43400Fixed an issue where, for connectors onboarded in ZTNA connector groups with Preserve User ID checked, ActionsDiagnosticsping from the internal interface to the data center apps did not work.
CYR-43280Fixed an issue where an illegal base64 data error caused the DSP to fail to generate a diff, even though changes were present.
CYR-43262Fixed an issue where remote network API requests for Remote Network onboarding threw a commit validation error in the plugin when BGP configuration was included in the payload.
CYR-43222Fixed an issue where application targets assigned to User ID-based ZTNA Connector groups did not support a Probing Type of icmp ping.
CYR-42377Fixed an issue where, when configuring Dynamic DNS Registration Support for Remote Troubleshooting and Updates, an unencrypted Kerberos key file could not be uploaded on the Panorama that manages Prisma Access when the Authentication Type was Kerberos.
If you are running a Panorama Managed deployment with a plugin version of 5.2.0 version or greater and you choose a Kerberos authentication type, upload an auth key through a .key file that has the base64 encoded string of the Kerberos key retrieved from the DNS server, for example: "ABCDEFGHIJKLMNOPQRSTUV5WXYZOUy5DT00ADUFabcDluaXN0cmF0b3IAAAABAAAAAAEAEgAg3aBcdE3Fg4IAaQOWMUpzN4hCtNnVcrjbFndYPQVvYVg=
If you are running a Panorama Managed deployment with a plugin version less than 5.1.0 and you choose a Kerberos authentication type, upload an auth key through a .key file that has the unencoded Kerberos keytab file retrieved from the DNS server.
CYR-42191Fixed an issue where, when setting up Dynamic DNS Support, a valid Kerberos file was not correctly uploaded and was not saved in the system configuration.
CYR-41740Fixed an issue where, if there were more than 100 connectors onboarded in the same region in a short duration of time, private app access through some of the ZTNA connectors might not work.
CYR-38418Fixed an issue where, after enabling IPv6, a Prisma Access dataplane upgrade from 10.2.8-h1 to 10.2.8-h2 failed.
CYR-38386Fixed an issue where, after an autoscaling operation caused more Mobile User gateways to be created, a Commit and Push operation failed.
CYR-37913Fixed an issue where, if you disabled traffic replication in a compute and re-enabled it in the same compute, the traffic replication functionality was impacted, and you did not see any mobile user or remote network traffic replicated with no no commit or configuration failures displayed.
CYR-37791Fixed an issue where, after a user switched from one project to another and connected to the same Prisma Access location, the Monitor > Users page in Strata Cloud Manager did not reflect the correct project name that the user switched to for the following time ranges: 3 hours, 24 hours, 7 days, and 30 days.
CYR-36930Fixed an issue where, if a GlobalProtect mobile user had dual stack (IPv4 and IPv6) enabled and they connected to a Prisma Access GlobalProtect location that had IPv6 enabled and IPv6 was later disabled for that location, the dual-stack user could not connect to that location.
CYR-27734Fixed an issue where the Policy Optimizer for unused Rule usage statistics were not visible in Panorama for remote network device groups.