Focus

Prisma SD-WAN

Known Issues in Prisma SD-WAN ION Release 6.3

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Activation & Onboarding
Administration
Select a Document
- Prisma SD-WAN Controller
CloudBlades
Select a Document
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
Deployment
Incidents & Alerts
Reference
Release Notes
Select a Document
- 6.5
- 6.4
- 6.3
- 6.1
- 5.6
- Prisma SD-WAN Controller
- Prisma SD-WAN On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed

Addressed Issues in Prisma SD-WAN ION Release 6.3

Known Issues in Prisma SD-WAN ION Release 6.3

Learn about the known issues in Prisma SD-WAN ION Release 6.3.

Review a list of known issues for Prisma SD-WAN ION Release 6.3.

Known Issues in Prisma SD-WAN ION Device Release 6.3.6
Known Issues in Prisma SD-WAN ION Device Release 6.3.3, 6.3.4, and 6.3.5
Known Issues in Prisma SD-WAN ION Device Release 6.3.2
Known Issues in Prisma SD-WAN ION Device Release 6.3.1

Known Issues in Prisma SD-WAN ION Device Release 6.3.6

The following table lists the known issues in Prisma SD-WAN ION Device Release 6.3.6.

Issue ID	Description
CGSDW-35936 This issue is resolved in ION version 6.5.3	Both Data Center ION devices advertise duplicate prefixes. This occurs when two branch sites can advertise the same prefix set to the DC cluster.
CGSDW-34273 This issue is resolved in ION version 6.4.3, and 6.5.3.	A memory leak has been identified in the cgnxinfra process. The leak is triggered by a continuous flap in the controller connection, which is often caused by frequent WebSocket disconnections. This issue can lead to an Out of Memory (OOM) event and may cause the ION device to reboot.
CGSDW-34254	A crash in the hitflagsd process has been observed on ION devices in L2 mode. The crash is triggered by a large number of continuous VPN flaps, which causes a timing issue in a datapath backend process.
CGSDW-34106	After an HA switchover, VPNs configured over bypass ports take longer than expected to reestablish connectivity. This issue is observed on ION devices with a large number of interfaces, resulting in temporary VPN downtime and traffic loss.
CGSDW-33728	A memory leak exists in the deprecated NetFlow extension API when configured on an ION device. This can lead to the ION device running out of available memory under high-stress conditions, causing it to reboot.
CGSDW-33555 This issue is resolved in ION version 6.3.5 and 6.4.3.	The dpdk-ctrl-port process on ION devices may crash due to a timing issue during device initialization after a reboot or upgrade. This can delay the initial bootup process and prevent interfaces from coming back up.
CGSDW-33506	A crash in the fc-monitor process has been observed on ION devices after a version upgrade. This is triggered by a corrupted packet that causes a failure in the QAT library during packet handling.
CGSDW-31611	The fp-rte process may crash due to a timing issue during ION device initialization after a reboot or upgrade. The crash results in traffic loss and a delay in the ION device's bootup process.
CGSDW-16922	The fp-rte process may crash during ION device initialization after a version upgrade. The crash, which occurs in the port receiver function, is caused by a timing issue with interface and packet handling on ION devices with a large number of sub-interfaces and can lead to a delay in the initial boot up process.

Known Issues in Prisma SD-WAN ION Device Release 6.3.3, 6.3.4, and 6.3.5

The following table lists the known issues in Prisma SD-WAN ION Device Release 6.3.3, 6.3.4, and 6.3.5.

Issue ID	Description
CGSDW-35936 This issue is resolved in ION version 6.5.3	Both Data Center ION devices advertise duplicate prefixes. This occurs when two branch sites can advertise the same prefix set to the DC cluster.
CGSDW-30069 This issue is resolved in ION version 6.3.6	ADEM probes for private applications fail when traffic routes over the Secure Fabric. The system incorrectly sends probe traffic to the direct internet path.
CGSDW-33282 This issue is resolved in ION version 6.3.6, 6.4.3, and 6.5.3.	After any process crash or ION device reboot, the system fails to zip and save the logs directory, leading to unmanaged log accumulation.
CGSDW-33237 This issue is resolved in ION version 6.3.6	After upgrading to ION device 6.x with DPDK, higher control plane latency is observed, primarily because deeper Rx MAC and Intercore FIFOs introduce head-of-line blocking, particularly impacting applications during high-rate scan traffic.
CGSDW-32621 This issue is resolved in ION version 6.3.6	After upgrading from 6.1.x to 6.3.5-b4, standby ION devices are losing connectivity to the controller because a local route entry for the LAN-IP, sharing the same subnet as the controller interface gateway, prevents packets from being locally terminated on the standby ION device.
CGSDW-32177	After debug logging and filters are enabled, they are not disabled, leading to critical issues and customer outages.
CGSDW-31958 This issue is resolved in ION version 6.3.5	After upgrading to 6.3.5-b4, Virtual Interfaces are experiencing "recvmsg() No buffer space Available" and "fp_drain_exec Resource temporarily unavailable" errors, leading to connectivity loss on ION devices, specifically observed with VPN and HA communication failures, which resulted in a split-brain scenario.
CGSDW-31862 This issue is resolved in ION version 6.3.6.	After an fp-rte process crash on 6.3.5-b4, a three-minute split-brain scenario occurrs because the HAM process waits for the fp-rte core dump creation to complete, leading to customer traffic impact.
CGSDW-31861	After configuring enterprise DNS servers on the controller interface, app-probes are being sent relentlessly, leading to continuous CPU spikes and packet drops on lower-end ION devices, indicating a need for a timeout or limit on probe frequency until a genuine client DNS request fails.
CGSDW-30747	After adding or removing Prisma Access tags from site configurations, or removing circuit tags from physical interfaces, the charon process restarts, unexpectedly triggering an HA switchover, which disrupts customer operations, particularly when rebuilding PA tunnels or migrating branches between regions.
CGSDW-30067 This issue is resolved in ION version 6.4.3 and 6.5.3	After deploying ION 3200 devices in L2 mode on 6.3.4-b2, core.dpdk-ctrl-port issues are observed at ixgbe_dev_clear_queues, indicating a problem with DPDK control plane operations on the ION device.
CGSDW-27527	After experiencing fast path CPU utilization at 100%, ION device performance degrades for active sessions, exhibiting high latency followed by complete traffic loss and a forwarding system outage, as seen with custom AppMix traffic which recovers only after an ION device reboot.

Known Issues in Prisma SD-WAN ION Device Release 6.3.2

The following table lists the known issues in Prisma SD-WAN ION Device Release 6.3.2.

Issue ID	Description
CGSDW-30069 This issue is resolved in ION version 6.3.6	ADEM probes for private applications fail when traffic routes over the Secure Fabric. The system incorrectly sends probe traffic to the direct internet path.
CGSDW-23395 This issue is resolved in ION version 6.3.4 and 6.4.1	After upgrading to ION device software version 6.3.2-b5, the backup ION device continues to attempt to establish a connection with the controller. Use the following workaround for this issue: On the active ION device, add a static route on the LAN interface which points to the controller interface IP address of the backup ION device. On the backup ION device, add a static route on the LAN interface which points to the controller interface IP address of the active ION device.

Issue ID

Description

CGSDW-30069 This issue is resolved in ION version 6.3.6

ADEM probes for private applications fail when traffic routes over the Secure Fabric. The system incorrectly sends probe traffic to the direct internet path.

CGSDW-23395 This issue is resolved in ION version 6.3.4 and 6.4.1

After upgrading to ION device software version 6.3.2-b5, the backup ION device continues to attempt to establish a connection with the controller. Use the following workaround for this issue:

On the active ION device, add a static route on the LAN interface which points to the controller interface IP address of the backup ION device.
On the backup ION device, add a static route on the LAN interface which points to the controller interface IP address of the active ION device.

Known Issues in Prisma SD-WAN ION Device Release 6.3.1

Learn about the Known Issues in Prisma SD-WAN ION device release 6.3.1.

The following table lists the known issues in Prisma SD-WAN ION Device Release 6.3.1.

Issue ID	Description
CGSDW-20864 This issue is resolved in ION version 6.3.2	If the only prefix of a VRF at a branch site is deleted, then the entries leaked to the DC site for the specific VRF are also deleted. The workaround is to configure at least one dummy global prefix for the VRF at the branch site.
CGSDW-21451 This issue is resolved in ION version 6.4.1	After being assigned to a site, the ION device does not receive the VRF context in time. This causes incorrect mapping between interfaces and VRFs.

Addressed Issues in Prisma SD-WAN ION Release 6.3

Prisma SD-WAN Docs

Known Issues in Prisma SD-WAN ION Release 6.3

Prisma SD-WAN Docs

Known Issues in Prisma SD-WAN ION Release 6.3

Known Issues in Prisma SD-WAN ION Device Release 6.3.6

Known Issues in Prisma SD-WAN ION Device Release 6.3.3, 6.3.4, and 6.3.5

Known Issues in Prisma SD-WAN ION Device Release 6.3.2

Known Issues in Prisma SD-WAN ION Device Release 6.3.1

Activation & Onboarding

SASE

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices

Resources