Prisma SD-WAN
Addressed Issues in Prisma SD-WAN ION Release 6.4
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
- New Features Guide
-
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
-
-
-
- 6.5
- 6.4
- 6.3
- 6.2
- 6.1
- 5.6
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Addressed Issues in Prisma SD-WAN ION Release 6.4
Learn about the issues addressed in Prisma SD-WAN ION release 6.4.x.
Learn more about the issues addressed in Prisma SD-WAN ION device release 6.4.
- Addressed Issues in Prisma SD-WAN ION Device Release 6.4.3
- Addressed Issues in Prisma SD-WAN ION Device Release 6.4.2
- Addressed Issues in Prisma SD-WAN ION Device Release 6.4.1
Addressed Issues in Prisma SD-WAN ION Device Release 6.4.3
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.4.3 and various Hotfixes.
Release 6.4.3
| Issue ID | Description |
|---|---|
| CGSDW-36354 | Resolved an issue where App-ID updates failed due to an app\_id\_map\_alloc failure. This occurred because the system did not release the app\_id\_map when a DNS-based App-ID update request arrived for an existing appmap entry. |
| CGSDW-36339 | Resolved an issue where the wanpaths_vni database was improper after you upgraded from a release earlier than 6.3.1. This occurred because the database migration failed. |
| CGSDW-36237 | Resolved an issue where LAN-to-WAN traffic dropped even though the VPN paths were UP. This occurred because the nsm module did not handle a NULL db_val during a reachability check. |
| CGSDW-36123 | Resolved an issue where an IPv6 BGP peer reset failed when you initiated the action from the controller UI. |
| CGSDW-36102 | Resolved an issue where the system could not achieve consistently high flows per second (FPS) because random packets arriving over a Virtual Private Network (VPN) were unintentionally dropped due to an uninitialized flag in the flow controller metadata. |
| CGSDW-35970 | Resolved an issue where the flow controller took 20 to 30 minutes to update path reachability. This occurred due to a performance regression introduced in a prior release. |
| CGSDW-35903 | Resolved an issue where SNMP counters stalled, causing inaccurate bandwidth utilization updates. |
| CGSDW-35701 | Resolved an issue where the LAN egress route table entry was missing on the Active ION device following a switch-over. |
| CGSDW-35622 | Resolved an issue where data traffic incorrectly egressed the DC ION device via the controller port. |
| CGSDW-35543 | Resolved an issue where the BGP peer for a Custom VRF failed to establish a connection. |
| CGSDW-35527 | Resolved an issue where the fc-control process terminated unexpectedly, causing a core dump. This occurred due to a double free error during execution of the app-map filter command. |
| CGSDW-35523 | Resolved an issue where OSPF failed to come up on the DC ION. This occurred because the device did not send OSPF packets, preventing the establishment of OSPF adjacency. |
| CGSDW-35329 | Resolved an issue where the emif process failed on the ION 3200 device, resulting in socket reset errors and watchdog timeouts. This occurred during continuous flapping of the PPPoE interface. |
| CGSDW-35111 | Resolved an issue where the RX/TX statistics displayed in the UI sometimes showed values higher than the maximum interface link speed. |
| CGSDW-35022 | Resolved an issue where Standard VPN tunnels flapped following the detection of a multi IKE session. |
| CGSDW-34933 | Resolved an issue where app_stats were unavailable on the spoke device due to a crash in the SCM worker thread. |
| CGSDW-34703 | Resolved an issue that caused a memory leak and subsequent system memory depletion. This occurred because a worker thread in the bwm_server process became stuck on a network operation, preventing the release of network buffers. |
| CGSDW-34487 | Resolved an issue that caused high memory utilization by the LQM process. This occurred because, when a monitoring thread crashed, LQM failed to clean up its existing Redis connection and continuously retried to establish a new one. |
| CGSDW-34045 | Resolved an issue where the PPPoE manager in the emif process leaked system resources, including memory and Go routines. |
| CGSDW-33778 | Resolved an issue where a BGP peer connection to the next hop's loopback address failed and disconnected. This occurred when the update source used a secondary IP address on the ION device and was triggered by events like an interface bounce. |
| CGSDW-33608 | Resolved an issue that caused a memory leak in the data path thread, which led to an unexpected flow controller restart. |
| CGSDW-33282 | Resolved an issue where the system failed to automatically archive the /log/syslog directory following a process crash or device reboot. |
| CGSDW-32858 | Resolved an issue where multi-hop BGP learnt routes on the DC device were not re-distributed to the Branch. This omission occurred because the system failed to correctly resolve the BGP next-hop via the default route. |
| CGSDW-32621 | Resolved an issue where Standby ION devices lost connectivity to the controller after upgrading from the 6.1.x release. This occurred due to an incorrect local route entry. |
| CGSDW-32436 | Resolved an issue where the ION device silently rejected path policy updates. This failure occurred when the new policy included local prefix-lists that lacked site bindings. |
| CGSDW-32199 | Resolved an issue where Syslog Flow Export failed to send flow logs to the remote Syslog server, even when flow logging was correctly enabled in the configuration. |
| CGSDW-32105 | Resolved an issue where the interface address flapped, which caused instability in BGP, VPN, and HA connections. |
| CGSDW-32075 | Resolved an issue where multi-hop BGP learnt routes on the Hub device became stale and were not correctly removed when the underlying service link tunnel went down. |
| CGSDW-32071 | Resolved an issue that caused the device to reboot unexpectedly. This failure was triggered by a configuration parsing exception within the supervisord process. |
| CGSDW-31935 | Resolved an issue where the system installed only one next-hop in the FIB for OSPF prefixes, even when multiple ECMP routes were present in the OSPF database. |
| CGSDW-31920 | Resolved an issue that caused the fp-rte process to crash unexpectedly. This failure was due to a race condition between two internal processes that resulted in the premature cleanup of a resource entry. |
| CGSDW-31862 | Resolved an issue that caused the High Availability failover mechanism to stall for several minutes following an fp-rte process crash. The extended stall duration caused a service outage and customer traffic impact. |
| CGSDW-31860 | Resolved an issue where the application probe continued unnecessarily, despite successful DNS resolution. This occurred because the probe repeatedly used a common Transaction ID, causing the DNS server to reject the requests. |
| CGSDW-31832 | Resolved an issue where BGP sessions failed to re-establish after a service link flap because the system incorrectly deleted the TCP listen socket when a BGP view was removed, even if other active sessions remained. |
| CGSDW-31702 | Resolved an issue where the Link Layer Discovery Protocol transmit Time-to-Live was insufficient. |
| CGSDW-31684 | Resolved an issue that caused persistent memory growth in the /cgnx/bin/elmgr process. This occurred when an interface state change restarted the DHCP server but failed to clear the stale DHCP daemons. |
| CGSDW-31654 | Resolved an issue that caused the Flow Controller (FC) process to crash unexpectedly. |
| CGSDW-31505 | Resolved an issue where application statistics for LAN-to-LAN traffic were incorrectly exported with the private-direct label. |
| CGSDW-31369 | Resolved an issue where the default gateway failed to configure on the ISP interface after the ION device was unclaimed. |
| CGSDW-30883 | Resolved an issue that caused an exception in the router management process due to a timing issue. This occurred when the system failed to promptly handle updates and deletions for WAN path status keys. |
| CGSDW-30565 | Resolved an issue where traffic was lost after a VPN switchover was triggered on the Spoke device. This occurred because the system failed to update the bridge vector with the new WAN interface details, causing traffic to be forwarded to the old, down VPN interface. |
| CGSDW-30535 | Resolved an issue where the Secure Fabric did not establish connectivity with the backup ION device following a Branch Gateway High Availability (HA) failover. |
| CGSDW-30242 | Resolved an issue where the ION device sometimes displayed an internal reboot code (code: 0x08) with the reason Unknown after an unexpected shutdown. |
| CGSDW-30125 | Resolved an issue where the ION device failed to apply a DNS caching size of 0. This prevented administrators from disabling the DNS cache functionality through configuration. |
| CGSDW-30124 | Resolved an issue where IPFIX data displayed zero values for statistics. This occurred because the system used an incorrect attribute to read the interface ID when processing flow statistics. |
| CGSDW-30073 | Resolved an issue that caused the event\_forward process to repeatedly restart on the ION device. This occurred due to a technical incompatibility in the system's priority queue handling following the Python upgrade. |
| CGSDW-30067 | Resolved an issue that caused the dpdk-ctrl-port process to crash on the ION device operating in L2 mode. |
| CGSDW-30053 | Resolved an issue where the Active ION device's controller interface could not reach certain IP addresses. |
| CGSDW-29793 | Resolved an issue where the ION device incorrectly created two separate flows for traffic passing through a GRE tunnel. |
| CGSDW-13551 | Resolved an issue where asymmetry routing failed for TCP traffic between DIA and GRE SL. |
Hotfix Release 6.4.3-b2
| Issue ID | Description |
|---|---|
| CGSDW-34233 | Resolved an issue where the emif process on devices may crash due to a timing issue during device initialization. |
| CGSDW-33696 | Resolved an issue where potential fp-rte crashes during the upgrade process may lead to longer upgrade durations. |
| CGSDW-33480 | Resolved an issue where configuring a large /16 subnet on a LAN interface with a high number of users (up to 60K) resulted in high CPU utilization, latency, and packet loss because the CFU hash table failed to rebalance, causing the system to spend excessive cycles walking long horizontal lists during flow creation. |
Hotfix Release 6.4.3-b1
| Issue ID | Description |
|---|---|
| CGSDW-35000 | Resolved an issue where the dump-support command failed to capture system logs and core files on ION 9200 devices because the tool did not correctly follow softlinks to the FRU SSD log partitions. |
| CGSDW-33040 | Resolved an issue where the controller interface failed to program the gateway after a device reboot or upgrade because a duplicate check in the route manager incorrectly ignored interface connection status flaps. |
| CGSDW-33008 | Resolved an issue with FP-RTE process memory fragmentation and increasing memory utilization by implementing the Jemalloc memory allocator to provide more stable and efficient resource management than the standard glibc allocator. |
| CGSDW-32984 | Resolved an issue where the resourcemgmt service caused excessive memory and CPU consumption on resource-constrained platforms, such as the ION 2000, by disabling the service globally in the 6.3.x release branch. |
| CGSDW-32910 | Resolved an issue where IP and gateway programming for bypass pairs was incorrect following a High Availability (HA) switchover because a malformed address check in the emif audit cycle incorrectly skipped necessary state updates to the route manager during address deletion. |
| CGSDW-32542 | Resolved a scale issue where the system incorrectly created and monitored unnecessary lan/state entries on HUB devices for every site prefix added, which added excessive monitoring pressure on the ifspd process and consumed memory resources. |
| CGSDW-31444 | Resolved an issue where the micmac process failed to handle certificates correctly, preventing device claiming and FIPS mode changes, because unhandled exceptions in the process were not cleared properly due to stuck execution threads during certificate renewal. |
| CGSDW-31276 | Resolved an issue that caused the fp-rte process to crash unexpectedly during high traffic periods by implementing preventive fixes and enhanced memory buffer (mbuf) logging to improve stability and diagnostics. |
| CGSDW-31152 | Resolved an issue where the micmac process repeatedly spawned multiple instances and failed to exit properly due to unhandled exceptions and stuck execution threads during certificate renewal and bootstrap operations. |
| CGSDW-31065 | Resolved an issue where CPU temperature data for ION-1200S and ION-3200 models was missing from the controller statistics page because acpi sensor data was incorrectly excluded from the system database. |
| CGSDW-30792 | Resolved an issue where the rtr\_mgr\_api process restarted unexpectedly. |
| CGSDW-30550 | Resolved an issue that caused persistent memory growth and fragmentation in the fp-rte process due to small memory allocation churn from periodic link status collection and unhandled JSON object leaks. |
| CGSDW-30481 | Resolved an issue that caused persistent memory growth and fragmentation in the fp-rte process due to small memory allocation churn from periodic link status collection and unhandled JSON object leaks. |
| CGSDW-30467 | Resolved an issue with FP-RTE process memory fragmentation and increasing memory utilization by implementing the Jemalloc memory allocator to provide more stable and efficient resource management than the standard glibc allocator. |
| CGSDW-30052 | Resolved an issue where the ION device failed to populate ARP responses on the WAN interface because the kernel vhost driver's transmit queue became stuck after failing to correctly handle corrupted or bad length packets. |
Hotfix Release 6.4.3-a22
| Issue ID | Description |
|---|---|
| CGSDW-26587 | Resolved an issue where a host in one VRF on the LAN side was able to ping or SSH to an IP on an ION device in a different VRF. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.4.2
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.4.2 and various Hotfixes.
Release 6.4.2
| Issue ID | Description |
|---|---|
| CGSDW-34640 | Resolved an issue where the VPN daemon would fail to start after a new configuration was pushed to RMA devices. The fix ensures the daemon starts successfully, allowing VPN services to resume. |
| CGSDW-34006 | Resolved an issue where an upgrade could cause interface gateways to fail, disrupting network traffic. The fix ensures gateways are reliably programmed after an upgrade, restoring network stability. |
| CGSDW-33974 | Resolved an issue where BGP sessions failed to establish after a device reboot. |
| CGSDW-33860 | Resolved an issue that caused high CPU utilization and network performance degradation on devices with large LAN subnets because the CFU hash table failed to rebalance, causing the system to spend excessive cycles walking long horizontal lists during flow creation. |
| CGSDW-33778 | Resolved an issue where BGP sessions failed to establish or were unstable, particularly when a secondary IP address was used as the update source. |
| CGSDW-33483 | Resolved an issue that caused a system core dump during application identification. The fix ensures a process's lock is properly released, preventing the crash. |
| CGSDW-33065 | Resolved an issue where the controller interface's gateway failed to program after a device upgrade or reboot because a duplicate check in the route manager incorrectly ignored interface connection status flaps. |
| CGSDW-32992 | Resolved an issue where flows were incorrectly established, leading to resource limits and dropped traffic. The fix ensures a valid three-way TCP handshake is completed before a flow is established. |
| CGSDW-32928 | Resolved an issue where ping failed after a High Availability (HA) switchover because a malformed address check in the emif audit cycle prevented necessary state updates to the route manager. |
| CGSDW-32372 | Resolved an issue with DNS-based application prediction that caused inaccurate identification. |
| CGSDW-23049 | Resolved an issue where core files were being generated when the device was being upgraded. |
| CGSDW-23324 | Resolved an issue where the bypass pair Ethernet port configuration was reset after being assigned to a device shell. |
| CGSDW-23398 | Resolved an issue where extra interfaces were seen on SNMPv3 polling. |
| CGSDW-23534 | Resolved an issue where the Ingress displayed a zero value for Bandwidth Utilization. |
| CGSDW-23928 | Resolved an issue where the snmpwalk command was returning incorrect device information. |
| CGSDW-24246 | Resolved an issue where the device shell bypass pair on the ION 9200 device was not being configured successfully. |
| CGSDW-24269 | Resolved an issue where the APPLICATION_CUSTOM_RULE_CONFLICT incident was being raised for system applications. |
| CGSDW-25586 | Resolved an issue where the GRE tunnel was not being established when in FIPS mode. |
| CGSDW-25838 | Resolved an issue where OSPF process reset was not expedited; expedited the OSPF process reset to ensure a quick re-establishment of neighborships. |
| CGSDW-26901 | Resolved an issue where the remote access session for the device toolkit was timing out and closing after logging in from the web interface. |
| CGSDW-29556 | Resolved decryption errors for service links and remote login when in FIPS mode. |
| CGSDW-29432 | Resolved an issue where packets were not delivered when the destination MAC matched an ION port MAC. |
| CGSDW-29208 | Resolved a synchronization issue between the controller and flow controller databases regarding NAT state by modifying service links to ignore the nat\_present flag and assume NAT is present. |
| CGSDW-29207 | Resolved the creation of unnecessary application probes due to incorrect source/destination port mapping. |
| CGSDW-28712 | Resolved a crash in the ifspd process during configuration parsing. |
| CGSDW-28697 | Resolved an issue where duplicate flows were created during route leaking with Custom VRFs. |
| CGSDW-28530 | Resolved a Flow Controller crash caused by corrupted memory buffer packets re-entering the pipeline. |
| CGSDW-28481 | Resolved an issue where the High Availability (HA) controller interface experienced a significant delay (up to 20 minutes) in establishing internet connectivity after a reboot, preventing backup devices from connecting to the controller and delaying application probes. |
| CGSDW-28458 | Resolved an issue where traffic stopped after reaching the concurrent flow limit alarm. |
| CGSDW-28329 | Resolved an issue where the backup DC ION incorrectly advertised branch prefixes during peer flaps. |
| CGSDW-28326 | Resolved an IPv6 ping failure when using the LAN interface as the source IP for VPN FIB hosts. |
| CGSDW-28214 | Resolved a standalone interface failure on the standby ION when the active device was powered down. |
| CGSDW-28187 | Resolved an issue where the device failed to initiate BGP SYN requests after a reboot. |
| CGSDW-28049 | Resolved an issue where the dump-support command failed to capture system logs and core files on ION 9200 devices because the tool did not correctly follow softlinks to the FRU SSD log partitions. |
| CGSDW-28036 | Resolved an issue where VPN OIDs were inconsistent across polling requests. |
| CGSDW-27822 | Resolved an issue where BGP routes were withdrawn incorrectly after global prefix updates. |
| CGSDW-27728 | Resolved a crash in the fp-rte process leading to an immediate HA failover. |
| CGSDW-27708 | Resolved an issue where default routes were incorrectly advertised over service links, causing provider routing loops. |
| CGSDW-27588 | Resolved a display error in Performance Policy Alarms where WAN interface names were missing. |
| CGSDW-27542 | Resolved a BGP connectivity failure after a device transitioned to the HA active state. |
| CGSDW-27498 | Resolved an issue where default routes were missing on subinterfaces after an ION reboot. |
| CGSDW-27393 | Resolved an issue where Syslog used the incorrect source IP for logs from VRF interfaces. |
| CGSDW-27359 | Resolved missing global application statistics when high numbers of app thresholds were configured. |
| CGSDW-26722 | Resolved a failure in static route injection after an ION upgrade. |
| CGSDW-26686 | Resolved an issue where MSS clamping failed for PPPoE interfaces. |
| CGSDW-26319 | Resolved a crash in the fp-rte process during high-volume custom application traffic. |
| CGSDW-25254 | Resolved a memory buffer leak that caused VPN and controller disconnections. |
| CGSDW-23926 | Resolved an operational status inconsistency in SNMP for switch ports. |
| CGSDW-23739 | Resolved an issue where application probes continued after being disabled in the UI. |
| CGSDW-22911 | Resolved a crash in the fp-rte process when QoS was enabled for UDP WAN-to-LAN traffic. |
Hotfix Release 6.4.2-b21
| Issue ID | Description |
|---|---|
| CGSDW-36580 | Resolved an issue where the system was not able to achieve consistently high flows per second (FPS) because random packets arriving over a Virtual Private Network (VPN) were unintentionally dropped due to an uninitialized flag in the flow controller metadata. |
| CGSDW-34930 | Resolved an issue where frr closes bgp socket configured over servicelink when it flaps because the system incorrectly deleted the TCP listen socket when a BGP view was removed, even if other active sessions remained. |
Hotfix Release 6.4.2-b8
| Issue ID | Description |
|---|---|
| CGSDW-29305 | Resolved an issue where the Nike fix propagation was required. |
| CGSDW-29272 | Resolved an issue where the High Availability (HA) controller interface experienced a significant delay (up to 20 minutes) in establishing internet connectivity after a reboot, preventing backup devices from connecting to the controller and delaying application probes. |
| CGSDW-29108 | Resolved an issue where VPN status was not getting reflected as expected in unreliable networks. |
Hotfix Release 6.4.2-b1
| Issue ID | Description |
|---|---|
| CGSDW-28143 | Resolved an issue where static ARP entries were not programmed correctly after a reboot. |
| CGSDW-27990 | Resolved an issue where BGP peers remained in active state after configuration changes. |
| CGSDW-27923 | Resolved an issue where multiple cores were observed on the HUB with traffic from branches. |
| CGSDW-27805 | Resolved an issue where DHCP relay failed on sub-interfaces configured in non-default VRFs. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.4.1
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.4.1 and various Hotfixes.
Release 6.4.1
| Issue ID | Description |
|---|---|
| CGSDW-15027 | Resolved an issue where the SNMP interface bandwidth was being reported incorrectly after upgrading the device software version from 5.6.x. |
| CGSDW-20234 | Resolved an issue where a virtual interface with sub-interfaces was not passing traffic. |
| CGSDW-21320 | Resolved an issue where unrelated traffic incorrectly matched custom L7 applications because the app engine added "0.0.0.0" addresses returned by DNS responses to the application map. |
| CGSDW-21340 | Resolved an issue where the micmac process repeatedly spawned multiple instances and failed to exit properly due to unhandled exceptions and stuck execution threads during certificate renewal and bootstrap operations. |
| CGSDW-21409 | Resolved an issue where FC crashes when many app-map entries are being created, modified, or deleted in parallel. |
| CGSDW-22192 | Resolved an issue where core files were being generated and the device was losing connectivity with the controller when traffic on the client side was abruptly stopped and restarted. |
| CGSDW-22281 | Resolved an issue where the application reachability probes were crashing on a branch ION device. |
| CGSDW-23109 | Resolved an issue where newly allocated devices were not able to connect to the controller. |
| CGSDW-23221 | Resolved an issue where the ionhwd process was consuming a lot of memory. |
| CGSDW-24071 | Resolved an issue where the concurrent flow limit was too low; set the concurrent flow limit to 20K. |
| CGSDW-24262 | Resolved an issue where a route, which was not necessarily the best route, was getting selected as the reachable route. |
| CGSDW-24400 | Resolved an issue where the User ID agent was crashing when there were IPv6 entries in NGFW. |