Addressed Issues in ION Release 6.1
Focus
Focus
Prisma SD-WAN

Addressed Issues in ION Release 6.1

Table of Contents

Addressed Issues in ION Release 6.1

Learn about the issues addressed in ION release 6.1.x.
Where Can I Use This?What Do I Need?
  • license
Learn more about the issues addressed in ION device release 6.1.

Addressed Issues in ION Device Release 6.1.10

The following table lists the issues addressed in ION Device Release 6.1.10.
Issue IDDescription
CGSDW-22633Fixed memory issues that were being caused due to security policy configuration.
CGSDW-23049Resolved an issue where core files were being generated when the device was being upgraded.
CGSDW-23398Resolved an issue where extra interfaces were seen on SNMPv3 polling.
CGSDW-23493Optimized device boot up time for certain device restart scenarios.
CGSDW-23534Resolved an issue where the Ingress displayed a zero value for Bandwidth Utilization.
CGSDW-23926Resolved an issue where SNMP walk was showing inconsistent interface operation status for switched ports.
CGSDW-23928Resolved an issue where the snmpwalk command was returning incorrect information.
CGSDW-24262Resolved an issue where a route, which was not necessarily the best route, was getting selected as the reachable route.
CGSDW-24269Resolved an issue where the APPLICATION_CUSTOM_RULE_CONFLICT incident was being raised for system applications.
CGSDW-20234Resolved an issue where a virtual interface with sub-interfaces was not passing traffic.
CGSDW-24485Resolved an issue of FC crashing for flows with path type LAN_TO_PRIVATE_DIRECT.
CGSDW-24528Enhanced device logging to capture kernel activity in the event of a device restart.
CGSDW-25586Resolved an issue where the GRE tunnel was not being established when in FIPS mode.

Addressed Issues in ION Device Release 6.1.9

The following table lists the issues addressed in ION Device Release 6.1.9.
Issue IDDescription
CGSDW-7806Resolved an issue where the DHCP Relay was choosing the secondary IP address instead of the primary IP address for sending a DHCP request.
CGSDW-13161Resolved an issue where the software bypass was not working after an FC restart for the ION 3200 device.
CGSDW-17125Resolved an issue where the controller ARP entry was missing on the ION device gateway.
CGSDW-17345Resolved an issue where the device in an unclaimed state was not sending software upgrade states to the controller.
CGSDW-19427Resolved an issue where the FC was crashing if the clear user-app-session all CLI command was executed during interface scanning.
CGSDW-19628Resolved an issue where return traffic was not seen from the DC ION to the branch ION device.
CGSDW-19987Resolved an issue where the default signature file was packaged with an incorrect name causing the app-engine to restart.
CGSDW-20234Resolved an issue where a virtual interface with sub-interfaces was not passing traffic.
CGSDW-20824Reduced the downtime in tunnel establishment, such that the ION device re-initiates a new SA with the peer as soon as three tunnel probes fail.
CGSDW-21119Resolved an issue where the bypass pair ports of a device remained in the bypass pair mode even after the device was declaimed.
CGSDW-21176Resolved an issue where the SVI interface did not pass traffic.
CGSDW-21409Resolved an issue where the FC was crashing when many app-map entries were being created, modified, or deleted in parallel.
CGSDW-21512
Enabled default behavior for the Bypass pair latch only in the following scenarios:
  • The device is a backup device in an HA group.
  • The device is powered off.
CGSDW-22070Resolved an issue where the statistics server was taking too long to respond to requests for statistics from SCM.
CGSDW-22072Resolved an issue where the rtr_mgr_api process was holding a lot of memory.
CGSDW-22259Resolved an issue where SNMPv3 was not polling all the interfaces on the ION 9200 platform.
CGSDW-23031Resolved an issue of memory leak in the FC User App logic.
CGSDW-23390Added the latest ADEM package to device software version 6.1.9.
CGSDW-23414Resolved an issue where the clear dhcp lease command was not deleting the DHCP leases.
CGSDW-23508Resolved an issue where the app detection did not work as expected after upgrading to software version 6.1.6.

Addressed Issues in ION Device Release 6.1.8

The following table lists the issues addressed in ION Device Release 6.1.8.
Issue IDDescription
CGSDW-19542Assessed that the ION device is not vulnerable to a Terrapin attack (CVE-2023-48795).

Addressed Issues in ION Device Release 6.1.7

The following table lists the issues addressed in ION Device Release 6.1.7.
Issue IDDescription
CGSDW-11327Resolved an issue where old records in the ARP table were not being removed.
CGSDW-12299Resolved an issue where the PDN selection for custom APN was not following the designated IP address type.
CGSDW-16172Resolved an issue wherein the ION device with ZBFW was treating the first packet block differently for LAN to LAN and LAN to WAN traffic.
CGSDW-19237Resolved an issue where the FC was crashing due to stack corruption.
CGSDW-19582Resolved an issue of tunnel detection and ADEM operability during the easy onboarding process.
CGSDW-19674Resolved an issue where the fc-monitor, fp-metrics, and fp-scm processes were crashing due to buffer overflow in DPDK.
CGSDW-19707Resolved an issue where the Standard VPN path was not displayed in the list of paths when configured through easy onboarding.
CGSDW-19778Resolved an issue where the blobfish process kept on restarting during remote access of the ION device.
CGSDW-19834Resolved an issue where the TCP connection was not being terminated by the controller during a device reboot.
CGSDW-20223Resolved an issue where the signal strength for the cellular network was displayed incorrectly on the web interface and CLI.
CGSDW-20649Resolved an issue wherein the SNMP daemon process was slowly consuming the memory in the ION device suggesting a possible memory leak.
CGSDW-20671Resolved an issue where incidents related to RADIUS server were raised even when a RADIUS server was not configured.

Addressed Issues in ION Device Release 6.1.6

The following table lists the issues addressed in ION Device Release 6.1.6.
Issue IDDescription
CGSDW-10897Resolved an issue where the state change events like LLDP flooding was handled that affected multiple processes.
CGSDW-13397Resolved an issue where the FC was crashing during a TCP SYN scan.
CGSDW-14509Resolved an issue where the interface MAC address configuration was out of sync if the address was configured when the interface was down.
CGSDW-15212Resolved an issue where a subinterface on a virtual ION device with DPDK was not passing traffic.
CGSDW-17031Resolved an issue where the fc-monitor process crashed on ION 2000 during port scanning and restart with an out of memory error.
CGSDW-17571Resolved an issue where incorrect WAN path was accounted for in the flows.
CGSDW-17572Resolved an issue where the virtual interface couldn't be used for HA topology in the 6.1.x versions.
CGSDW-18154Resolved an issue where ION 1200-C5G-exp didn't support ION 6.1.5-b1 version.
CGSDW-18158Resolved an issue where dot1xmgr process was consuming high CPU in the ION 1200-S device.
CGSDW-18164Resolved an issue where the FC was crashing due to a VPN interface being mapped to multiple VPN links.
CGSDW-18252Resolved an issue where the cellular failover to another SIM degraded the performance until a device reboot, modem restart or radio restart was performed.
CGSDW-18350Resolved an issue where the ION device was dropping LAN-to-LAN traffic due to security policy configuration.
CGSDW-18490Resolved an issue where the FC was crashing when the security policy rules list counter exceeded 256.
CGSDW-18768Resolved an issue where FC crashed due to ingress QoS.
CGSDW-18816Resolved an issue of interface flapping on the ION device after a device software upgrade.
CGSDW-18876Resolved an issue where the SNMP agent on the ION device was restarting with multiple error logs.
CGSDW-18982Resolved an issue where fp-rte process crashed due to an exception packet.
CGSDW-19015Resolved an issue where the ION device was not able to process large packets on the ION 1000, 2000, and 3000 platforms.
CGSDW-19043Resolved an issue that was causing the fp-rte process to crash on using the clear user-app-session command multiple times.
CGSDW-19044Resolved an issue where the ION device was blocking the flow for a custom application due to flow re-classification.
CGSDW-19102Resolved an issue where the FC crashed on ION 9200 due to large number of security rules.
CGSDW-19206Resolved an issue where the device interface was flapping with 1000/Full-Cisco switch and 100/10 Full config.
CGSDW-19255Resolved an issue where the fp-rte process was crashing when the RTE memzone limits were exceeded.
CGSDW-19353Resolved an issue where Path App Prefix Stats can be avoided for network scan.
CGSDW-19473Resolved an issue of FC restarting after 3 days of running scan tests on interfaces.
CGSDW-19493Resolved an issue where the health events prefix shows the prefix in reverse order.

Addressed Issues in ION Device Release 6.1.5

The following table lists the issues addressed in ION Device Release 6.1.5.
Issue IDDescription
CGSDW-3841Resolved an issue where a DC ION device was not advertising BGP prefixes learnt from the branch LAN peer to the core peer after an HA switchover.
CGSDW-8622Resolved an issue in which the rtr-manager process was constantly restarting.
CGSDW-11150Resolved an issue where there could be a possibility of malicious command injections through the ION device CLI.
CGSDW-11384Resolved an issue where static route polling was failing after 18 hours.
CGSDW-11581Increased the concurrent flow support of the ION-1200-S device to 40,000.
CGSDW-12698Resolved an issue where the branch ION device wasn't passing ICMP traffic originating from a DC ION device to a non-CGNX prefix from WAN to LAN.
CGSDW-13805Resolved an issue wherein received BGP routes were getting filtered in case of uneven route lengths.
CGSDW-14342Resolved an issue where branch to branch VPNs could not be created for the ION 1200-S device.
CGSDW-15027Resolved an issue where the SNMP interface bandwidth was being reported incorrectly after upgrading the device software version from 5.6.x.
CGSDW-15039Resolved an issue where the domain names were not displayed for Applications on the Flows tab.
CGSDW-15238Resolved an issue where the fp-metrics process was crashing on clearing flows on the ION device during traffic flow.
CGSDW-15257Resolved an issue wherein previously reachable prefixes from a DC ION device became unreachable after upgrading the device software to version 6.1.2.
CGSDW-15393Addressed an issue where the Advertised auto-negotiation mode duplex setting was erroneously set to Yes following a reboot of the ION device through the web interface.
CGSDW-15529Resolved an issue where the per BGP peer statistics table did not have any data.
CGSDW-15623Resolved an issue where the FC process was restarting on the ION device.
CGSDW-15663Resolved an issue where the thmgr process did not start after upgrading the device software version.
CGSDW-15828Resolved an issue where the alarm for Power Supply Unit (PSU) removal was not working for the ION 5200 and 9200 devices.
CGSDW-15868Resolved an issue wherein high memory consumption by the ADEM process was causing other processes to crash and device to reboot.
CGSDW-16003Resolved an issue where the FC was crashing due to the ADEM process.
CGSDW-16005Resolved an issue where the app-engine was crashing on an ION 2000 device during continuous traffic flow.
CGSDW-16269Resolved an issue where high payload traffic sent over Private WAN VPN with a high throughput was dropping.
CGSDW-16280Resolved an issue wherein the DC ION device did not forward traffic to the mgmt-vlan prefix if the management port of the core switch went down.
CGSDW-16717Resolved an issue where the fp-rte process was crashing if the packet size was larger than 16384.
CGSDW-16839Resolved an issue where the app-engine was consuming high memory during high traffic flows.
CGSDW-17138Fixed a BGP attribute that was seen as corrupted.
CGSDW-17418Resolved an issue where the ION 5200 and 9200 devices were unable to handle oversize packets.

Addressed Issues in ION Device Release 6.1.4

The following table lists the issues addressed in ION Device Release 6.1.4.
Issue IDDescription
CGSDW-13982Provided an option to disable tunnel reoptimization based period tunnel latency checks.
CGSDW-14737Resolved an issue where the Local AS # was not getting updated correctly in the BGP configuration.
CGSDW-14766Resolved an issue wherein the configuration for a BGP peer wasn't removed on deleting the BGP peer.
CGSDW-14980Resolved an issue where custom applications with L3/L4 prefixes were not detected when used in security policies.
CGSDW-15201Resolved an issue where the ingress capacity bandwidth calculation was displaying as zero for some WAN links.
CGSDW-15258Resolved an issue where the device went offline intermittently due to restart of the FC process.
CGSDW-15339Resolved an issue wherein FC crashes were occurring due to a high volume of subinterfaces.
CGSDW-15661Resolved an issue where memory leak was observed in the VPN process.
CGSDW-15969Resolved an issue where the subinterface was operational in spite of shutting down the remote parent interface on the 1200-S/3200/5200/9200 platforms.

Addressed Issues in ION Device Release 6.1.3

The following table lists the issues addressed in ION Device Release 6.1.3.
Issue IDDescription
CGSDW-5513Resolved an issue where domains were missing for applications on the Flow Browser page on the web interface.
CGSDW-8227Resolved an issue that caused the system routes to disappear during a switchover in a branch high availability (HA) deployment.
CGSDW-9421Resolved an issue where bandwidth statistics were occasionally not displayed correctly.
CGSDW-9643Resolved an issue where the branch ION device was going offline or was being disconnected from the controller intermittently whenever IPv6 addresses were present in the DNS responses for ION device internal services.
CGSDW-11086Resolved an issue where an incorrect DNS entry was being sent to the controller.
CGSDW-11155Resolved an issue wherein the FC was crashing due to insufficient memory.
CGSDW-11472Resolved an issue where DC ION devices did not forward traffic to the management VLAN prefixes via the core peer router, if the management port on the core went down.
CGSDW-11579Resolved an issue which prevented deletion of unnecessary configuration on the ION 1000 device.
CGSDW-11976Resolved an issue in which the CPU utilization was reported incorrectly by the ION device.
CGSDW-12127Resolved an issue causing intermittent packet drops for ICMP/PING flows in WAN to LAN traffic from mobile users to a remote branch LAN host.
CGSDW-12155Resolved an issue where some CLI dump commands were failing on virtual ION devices.
CGSDW-12185Resolved an issue where packets were being dropped at the branch site when the TCP ports numbers were re-used between subsequent flows.
CGSDW-12204Resolved an issue where an FC process was crashing on an ION 3000 device due to insufficient memory.
CGSDW-12501Resolved an issue where an FC process was crashing on an ION 2000 device when trying to forward a flow which was marked for deletion.
CGSDW-12562Resolved an issue where a branch ION device was unable to receive ARP packets on a virtual interface.
CGSDW-12565Resolved an issue where the fp-metrics process was crashing on an ION device due to improper flow clean up.
CGSDW-12578Resolved an issue wherein the FC process was restarting frequently after upgrading the device.
CGSDW-12741Resolved an issue where the FC on the data center ION device was crashing after removing multicast profile on a branch site where no devices were assigned.
CGSDW-12802Resolved an issue where a DHCP server configured on an SVI interface did not work.
CGSDW-12960Resolved an issue where tunnel would not form when using a Virtual Interface on a data center ION device.
CGSDW-12977Resolved an issue that was causing a missing ARP entry for the controller gateway after upgrading to version 5.6.11.
CGSDW-13412Resolved an issue where an FC process was crashing when trying to forward a flow which was marked for deletion.
CGSDW-13415Resolved an issue where the CPU utilization value on the front panel of the device differed from the value on the web interface.
CGSDW-13424Resolved an issue where the flow controller was crashing due to incorrect source prefixes configured in the security policy rule.
CGSDW-13486Resolved an issue where the SNMP agent failed to start after upgrading the ION device.
CGSDW-13533Resolved an issue where the SNMP agent was crashing if the platform did not support certain LLDP MIBs.
CGSDW-13760Resolved an issue where the FC process would restart on ION device version 6.0.1-b70.
CGSDW-13819Resolved an issue of fc-monitor crash, wherein the time taken by the fc-control thread to report to the fc-monitor thread was being incorrectly evaluated.
CGSDW-14009Resolved an issue where the HA LED did not light up.
CGSDW-14120Resolved an issue where the Flow Controller kept on restarting.
CGSDW-14208Resolved an issue where the data center ION device was forwarding traffic incorrectly over MPLS.
CGSDW-14341Resolved an issue where the Flow Controller was crashing frequently due to a security policy on a branch ION device.
CGSDW-14344Resolved an issue where the FC process was crashing when traffic was initiated on an idle ION device.

Addressed Issues in ION Device Release 6.1.2

The following table lists the issues addressed in ION Device Release 6.1.2.
Issue IDDescription
CGSDW-7844Resolved an issue where the site counter was missing for the Sites page under Manage>Sites.
CGSDW-8179Added support for pagination for the NAT Zone and Interface Bindings pages.
CGSDW-8754Resolved an issue in which the BGP status for a backup ION device displayed as unsynchronized on the web interface.
CGSDW-9339Resolved an issue wherein widgets were not loading on the SASE web interface for a View Only Administrator MSP role.
CGSDW-9540Resolved an issue where the controller would try to alternately connect to the IPv4 address and then the IPv6 address of the VPN interface, when the VPN tunnel was down.
CGSDW-10641Resolved an issue wherein special characters were not allowed in the NTP template names.
CGSDW-10819Resolved an issue in which LLDP packets were flooding out of the bypass pair for switching platforms.
CGSDW-10905Resolved an issue where a standard VPN tunnel may flap during the IKE rekey process.
CGSDW-11059Resolved an issue where the API call for a device bulk configuration query for a greenfield tenant would return an invalid Tenant API version error.
CGSDW-11326Resolved an issue where the ION device interfaces did not display after upgrading the ION device from device version 5.6.5 to 6.0.1-b70.
CGSDW-11378Resolved an issue wherein multicast could not be enabled on the peer with network configured interfaces with a private WAN label attached for a data center ION device.
CGSDW-11997Resolved an issue where UDP sessions were timing out causing packet drops.

Addressed Issues in ION Device Release 6.1.1

The following table lists the issues addressed in ION Device Release 6.1.1.
Issue IDDescription
CGSDW-8982Resolved an issue where the tcpdump command did not display the expected packets for sub-interfaces.
CGSDW-9331Resolved an issue where the All Roles filter for Branch and Data Center sites on the ManageDevices page was not working.
CGSDW-9369Resolved an issue wherein the Edit and Delete buttons were not visible on the DHCP Servers page on the Prisma SASE web interface.
CGSDW-9379Resolved an issue wherein remote login to the ION device for CLI access was failing.
CGSDW-9806Resolved an issue where the configuration was not getting pushed to the ION device from the controller, leading to a condition where the ION device ports were not displayed correctly when using CLI commands.
CGSDW-9947Resolved an issue where the 2.3 version of the API for monitoring metrics returned a 403 error.
CGSDW-10086Resolved an issue where the Rtr-mgr would leak memory and eventually run out of memory.
CGSDW-11155Resolved an issue wherein the FC was crashing due to insufficient memory.