Prisma SD-WAN
Known Issues in Prisma SD-WAN ION Releases
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
- Prisma SD-WAN Key Elements
- Prisma SD-WAN Releases and Upgrades
- Use Copilot in Prisma SD-WAN
- Prisma SD-WAN Summary
- Prisma SD-WAN Application Insights
- Device Activity Charts
- Site Summary Dashboard
- Prisma SD-WAN Predictive Analytics Dashboard
- Prisma SD-WAN Link Quality Dashboard
- Prisma SD-WAN Subscription Usage
-
-
- Add a Branch
- Add a Data Center
- Add a Branch Gateway
- Secure Group Tags (SGT) Propagation
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure Secure SD-WAN Fabric Tunnels between Data Centers
- Configure Secure SD-WAN Fabric Tunnels between Branch Sites
- Configure a Site Prefix
- Configure Ciphers
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Sub-Interface
- Configure a Loopback Interface
- Add and Configure Port Channel Interface
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure an OSPF in Prisma SD-WAN
- Enable BGP for Private WAN and LAN
- Configure BGP Global Parameters
- Global or Local Scope for BGP Peers
- Configure a Route Map
- Configure a Prefix List
- Configure an AS Path List
- Configure an IP Community List
- View Routing Status and Statistics
- Distribution to Fabric
- Host Tracking
-
- Configure Multicast
- Create, Assign, and Configure a WAN Multicast Configuration Profile
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
-
- Prisma SD-WAN Branch HA Key Concepts
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Configure Branch HA in a Hybrid Topology with Gen-1 (3000) and Gen-2 (3200) Platforms
- Configure HA Groups
- Add ION Devices to HA Groups
- Edit HA Groups and Group Membership
- Prisma SD-WAN Clarity Reports
-
-
CloudBlade Integrations
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
- Plan the Zscaler CloudBlade Deployment
- Acquire the Zscaler Information
- Create Security Zone and Security Policy for GRE Tunnels Creation
- Assign Tags to Objects in Prisma SD-WAN
- Validate the Zscaler Configuration
- Troubleshoot Installation Scenarios
- Troubleshoot Standard VPNs
- Enable, Pause, Disable, and Uninstall the CloudBlade
-
-
-
-
- clear app-engine
- clear app-map dynamic
- clear app-probe prefix
- clear connection
- clear device account-login
- clear dhcplease
- clear dhcprelay stat
- clear flow and clear flows
- clear flow-arp
- clear qos-bwc queue-snapshot
- clear routing
- clear routing multicast statistics
- clear routing ospf
- clear routing peer-ip
- clear switch mac-address-entries
- clear user-id agent statistics
-
- arping interface
- curl
- ping
- ping6
- debug bounce interface
- debug bw-test src-interface
- debug cellular stats
- debug controller reachability
- debug flow
- debug ipfix
- debug log agent eal file log
- debug logging facility
- debug logs dump
- debug logs follow
- debug logs tail
- debug performance-policy
- debug poe interface
- debug process
- debug reboot
- debug routing multicast log
- debug routing multicast pimd
- debug servicelink logging
- debug tcpproxy
- debug time sync
- dig dns
- dig6
- file export
- file remove
- file space available
- file tailf log
- file view log
- ssh6 interface
- ssh interface
- tcpdump
- tcpping
- traceroute
- traceroute6
-
- dump appaccel keys
- dump appaccel status
- dump appdef config
- dump appdef version
- dump app-engine
- dump app-l4-prefix table
- dump app-probe config
- dump app-probe flow
- dump app-probe prefix
- dump app-probe status
- dump auth config
- dump auth status
- dump banner config
- dump bfd status
- dump bypass-pair config
- dump cellular config
- dump cellular stats
- dump cellular status
- dump cgnxinfra status
- dump cgnxinfra status live
- dump cgnxinfra status store
- dump config network
- dump config security
- dump controller cipher
- dump controller status
- dump device accessconfig
- dump device conntrack count
- dump device date
- dump device info
- dump device status
- dump dhcp-relay config
- dump dhcprelay stat
- dump dhcp-server config
- dump dhcp-server status
- dump dhcpstat
- dump dnsservice config all
- dump dpdk cpu
- dump dpdk interface
- dump dpdk port status
- dump dpdk stats
- dump flow
- dump flow count-summary
- dump interface config
- dump interface status
- dump interface status interface details
- dump interface status interface module
- dump intra cluster tunnel
- dump ipfix config collector-contexts
- dump ipfix config derived-exporters
- dump ipfix config filter-contexts
- dump ipfix config ipfix-overrides
- dump ipfix config prefix-filters
- dump ipfix config profiles
- dump ipfix config templates
- dump lldp
- dump lldp config
- dump lldp info
- dump lldp stats
- dump lldp status
- dump log-agent eal conn
- dump log-agent eal response-time
- dump log-agent eal stats
- dump log-agent config
- dump log-agent iot snmp config
- dump log-agent iot snmp device discovery stats
- dump log-agent ip mac bindings
- dump log-agent neighbor discovery stats
- dump log-agent status
- dump ml7 mctd counters
- dump ml7 mctd session
- dump ml7 mctd version
- dump nat counters
- dump nat6 counters
- dump nat summary
- dump network-policy config policy-rules
- dump network-policy config policy-sets
- dump network-policy config policy-stacks
- dump network-policy config prefix-filters
- dump overview
- dump performance-policy config policy-rules
- dump performance-policy config policy-sets
- dump performance-policy config policy-set-stacks
- dump performance-policy config threshold-profile
- dump poe system config
- dump poe system status
- dump priority-policy config policy-rules
- dump priority-policy config policy-sets
- dump priority-policy config policy-stacks
- dump priority-policy config prefix-filters
- dump probe config
- dump probe profile
- dump radius config
- dump radius statistics
- dump radius status
- dump reachability-probe config
- dump qos-bwc config
- dump reachability-probe status
- dump routing aspath-list
- dump routing cache
- dump routing communitylist
- dump routing multicast config
- dump routing multicast igmp
- dump routing multicast interface
- dump routing multicast internal vif-entries
- dump routing multicast mroute
- dump routing multicast pim
- dump routing multicast sources
- dump routing multicast statistics
- dump routing multicast status
- dump routing ospf
- dump routing peer advertised routes
- dump routing peer config
- dump routing peer neighbor
- dump routing peer received-routes
- dump routing peer routes
- dump routing peer route-via
- dump routing peer status
- dump routing peer route-json
- dump routing prefixlist
- dump routing prefix-reachability
- dump routing route
- dump routing routemap
- dump routing running-config
- dump routing summary
- dump routing static-route reachability-status
- dump routing static-route config
- dump routing vpn host tracker
- dump security-policy config policy-rules
- dump security-policy config policy-set
- dump security-policy config policy-set-stack
- dump security-policy config prefix-filters
- dump security-policy config zones
- dump sensor type
- dump sensor type summary
- dump serviceendpoints
- dump servicelink summary
- dump servicelink stats
- dump servicelink status
- dump site config
- dump snmpagent config
- dump snmpagent status
- dump software status
- dump spoke-ha config
- dump spoke-ha status
- dump standingalarms
- dump static-arp config
- dump static host config
- dump static routes
- dump support details
- dump-support
- dump switch fdb vlan-id
- dump switch port status
- dump switch vlan-db
- dump syslog config
- dump syslog-rtr stats
- dump syslog status
- dump time config
- dump time log
- dump time status
- dump troubleshoot message
- dump user-id agent config
- dump user-id agent statistics
- dump user-id agent status
- dump user-id agent summary
- dump user-id groupidx
- dump user-id group-mapping
- dump user-id ip-user-mapping
- dump user-id statistics
- dump user-id status
- dump user-id summary
- dump user-id useridx
- dump vlan member
- dump vpn count
- dump vpn ka all
- dump vpn ka summary
- dump vpn ka VpnID
- dump vpn status
- dump vpn summary
- dump vrf
- dump waninterface config
- dump waninterface summary
-
- inspect app-flow-table
- inspect app-l4-prefix lookup
- inspect app-map
- inspect certificate
- inspect certificate device
- inspect cgnxinfra role
- inspect connection
- inspect dhcplease
- inspect dhcp6lease
- inspect dpdk ip-rules
- inspect dpdk vrf
- inspect fib
- inspect fib-leak
- inspect flow-arp
- inspect flow brief
- inspect flow-detail
- inspect flow internal
- inspect interface stats
- inspect ipfix exporter-stats
- inspect ipfix collector-stats
- inspect ipfix app-table
- inspect ipfix wan-path-info
- inspect ipfix interface-info
- inspect ip-rules
- inspect ipv6-rules
- inspect lqm stats
- inspect memory summary
- inspect network-policy conflicts
- inspect network-policy dropped
- inspect network-policy hits policy-rules
- inspect network-policy lookup
- inspect performance-policy fec status
- inspect performance-policy hits analytics
- inspect performance-policy incidents
- inspect performance-policy lookup
- inspect policy-manager status
- inspect policy-mix lookup-flow
- inspect priority-policy conflicts
- inspect priority-policy dropped
- inspect priority-policy hits default-rule-dscp
- inspect priority-policy hits policy-rules
- inspect priority-policy lookup
- inspect performance-policy incidents
- inspect performance-policy lookup
- inspect performance-policy hits analytics
- inspect process status
- inspect qos-bwc debug-state
- inspect qos-bwc queue-history
- inspect qos-bwc queue-snapshot
- inspect routing multicast fc site-iface
- inspect routing multicast interface
- inspect routing multicast mroute
- inspect security-policy lookup
- inspect security-policy size
- inspect servicelink conn
- inspect servicelink SA
- inspect switch mac-address-table
- inspect system arp
- inspect system ipv6-neighbor
- inspect system vrf
- inspect vpn status
- inspect vrf
- inspect wanpaths
-
-
6.5
- 5.6
- 6.1
- 6.2
- 6.3
- 6.4
- 6.5
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Known Issues in Prisma SD-WAN ION Releases
Learn about the known issues in Prisma SD-WAN ION Releases.
This table lists known issues across Prisma SD-WAN ION
releases. Starting with 6.5.0 release, a separate Known Issues document will no longer
be published. Refer to this document for 6.5.0 and any supported release.
Releases marked with an asterisk (*) have reached End-of-Life (EoL). Review
the hardware and software End-of-Life (EoL) information for
products and releases that have reached End-of-Life (EoL) status.
| Issue ID | Description | Known in Release/(s) |
|---|---|---|
| CGSDW-29960 | If overlapping IP addresses are configured on a branch site, syslogs are not visible on the DC ION. | 6.5.1 |
| CGSDW-29923 | The SNMPWALK command from the DC server does not work if overlapping IP addresses are configured on the branch site. | 6.5.1 |
| CGSDW-27241 This issue is resolved in ION version
6.4.2. | After enabling logs for the flow controller, the logs are not rolling over correctly, thus using up all the space in the log directory. | 6.4.2 |
| CGSDW-26342 | Prefixes received from a DC on the WAN path are being distributed back to the DC via the Standard VPN path causing a traffic loop. The workaround is to configure a prefix list which explicitly denies the prefixes coming from the DC on the Standard VPN. | 6.5.1 |
| CGSDW-26096 | A standby DC ION in a DC cluster does not forward the received traffic on the intra-cluster tunnel. | 6.5.1 |
| CGSDW-24973 | Some advertised prefixes are not displayed for a DC ION device after changing the site mode from Control to Disabled and then back to Control. | 6.4.1 |
| CGSDW-23582 | OSPF routes are still advertised to the core BGP router even when the WAN paths for OSPF are deleted. | 6.4.1 |
| CGSDW-23395 This issue is resolved in ION version
6.3.4. | After upgrading to device software version 6.3.2-b5, the backup ION
device continues to attempt to establish a connection with the
controller. If controller port of the device next hop is pointing to ION
device LAN interface then use the following workaround for this
issue:
| 6.3.2 |
| CGSDW-22659 | The system does not display the correct interface speed for interfaces where no link is detected, i.e. when the operational status is down. | 6.1.10 |
| CGSDW-21451 This issue is resolved in ION version
6.4.1. | After being assigned to a site, the ION device does not receive the VRF context in time. This causes incorrect mapping between interfaces and VRFs. | 6.3.1 |
| CGSDW-21409 This issue is resolved in ION version
6.4.1. | FC crashes when many app-map entries are being created, modified, or deleted in parallel. Resolved an issue where the FC was crashing when many app-map entries were being created, modified, or deleted in parallel. | |
| CGSDW-20864 This issue is resolved in ION version
6.4.1. | If the only prefix of a VRF at a branch site is deleted, then the entries leaked to the DC site for the specific VRF are also deleted. The workaround is to configure at least one dummy global prefix for the VRF at the branch site. | 6.3.1 |
| CGSDW-20671 This issue is resolved in ION version
6.3.2. | Incidents related to RADIUS server are raised even when a RADIUS server is not configured. | 6.3.1 |
| CGSDW-20649 | The SNMP daemon process was slowly consuming the memory in the ION device suggesting a possible memory leak. | 6.3.1 |
| CGSDW-19707 This issue is resolved in ION version
6.1.7. | The Standard VPN path is not displayed in the list of paths when configured through easy onboarding. | 6.1.6 |
| CGSDW-19357 | When a DC ION receives routes for a /32 prefix from both the underlay and overlay, the DC ION tries to split the route and thus the BGP route selection process fails. | 6.1.9, 6.1.8, 6.1.7, 6.1.6 |
| CGSDW-19237 This issue is resolved in ION version
6.1.7. | FC crashes due to stack corruption in ION 5200. | 6.1. |
| CGSDW-18905 | First flow of direct VNC traffic gets denied as the server port in the ION app-def is 0-0. | 6.1.9, 6.1.8, 6.1.7, 6.1.6 |
| CGSDW-16922 | Potential fp-rte crashes during the upgrade to ION device version 6.1.5-b7 may lead to longer upgrade durations. However, it does not impact systems that are already up and running. | 6.3.1, 6.1.9, 6.1.8, 6.1.7, 6.1.6 |
| CGSDW-16031 | There is a delay in bringing down the BGP peer of a data center ION device when the remote end of the interface is shut down. | 6.1.4 |
| CGSDW-16005 This issue is resolved in ION version
6.1.5. | Resolved an issue where the app-engine was crashing on an ION 2000 device during continuous traffic flow. | 6.1.4 |
| CGSDW-15988 | On upgrading the device software, a parent interface with more than 20 subinterfaces flaps, resulting in flapping of the IP addresses of the subinterfaces. | 6.1.4 |
| CGSDW-15970 | When rebooting the active device in an HA configuration on the 2000 platform, the bypass pair of the active device does not pass traffic during reload. | 6.1.4 |
| CGSDW-15967 This issue is resolved in ION version 6.3.2 and
6.1.7. | High memory consumption by the ADEM process causes ION device reboot. | |
| CGSDW-15868 This issue is resolved in ION version
6.1.5. | Resolved an issue wherein high memory consumption by the ADEM process was causing other processes to crash and device to reboot. | 6.1.4 |
| CGSDW-15257 This issue is resolved in ION version
6.1.5. | Resolved an issue wherein previously reachable prefixes from a DC ION device became unreachable after upgrading the device software to version 6.1.2. | 6.1.4 |
| CGSDW-15027 This issue is closed.
| Incorrect SNMP interface bandwidth reported after a software upgrade from ION device version 5.6. | 6.3.2, 6.1.6 |
| CGSDW-14980 This issue is resolved in ION version
6.1.4. | Custom applications with L3/L4 prefixes are not detected when used in security policies. | 6.1.3 |
| CGSDW-14456 | The fp-rte process crashes when fetching information on security policy counters and app stats. | 6.1.3 |
| CGSDW-14432 | The fp-rte process crashes when fetching information on security policy counters and app stats. | 6.1.5, 6.1.4, 6.1.1 |
| CGSDW-14344 This issue is resolved in ION version 6.1.3 and
6.2.2. | FC process crashes when traffic is initiated on an idle ION device. | 6.2.1 |
| CGSDW-13397 This issue is resolved in ION version
6.1.6. | Core files seen during TCP SYN scan which is using up memory and causing FC to crash. | |
| CGSDW-12733 | DPD with IKEv2 on Standard VPN does not bring the tunnel down based on the configuration on the DPD timer. | 6.1.3 |
| CGSDW-12698 This issue is resolved in ION version
6.1.5. | Network reachability for WAN to LAN traffic failing for non-CGNX sites. | 6.1.3, 6.1.1 |
| CGSDW-12113 | Branch backup ION device displays as partially online following Hood maintenance. | 6.1.3 |
| CGSDW-10819 | On Prisma SD-WAN switching platforms, multicast packets, such as an LLDP packet, received on one interface of a bypass pair will loop between the two interfaces of the bypass pair. The workaround is to upgrade the device to version 6.1.2 or higher. | 6.1.1 |
| CGSDW-8389 | Prisma Access tunnels configured manually will not support ADEM. | 6.1.1 |
| CGSDW-7806 This issue is resolved in ION version 6.1.9. | The DHCP Relay chooses the secondary IP address instead of the primary IP address for sending a DHCP request. |