Cortex Data Lake Known Issues
The Cortex Data Lake shows endpoint logs from Traps as 0 MB, but Traps data is being received.
If you have configured Panorama to use a proxy server (
), all traffic to Cortex Data Lake will bypass the proxy server.
On Panorama, you cannot view the virtual system information in the logs for firewalls with multiple virtual systems, when the firewall is configured to send logs to the Cortex Data Lake.
Workaround: This issue is fixed in Panorama 8.0.9. Upgrade your Panorama to 8.0.9 or later.
Firewalls on occasion disconnect with the Cortex Data Lake. To check whether the firewalls are connected to the Cortex Data Lake, on Panorama use the CLI command
show logging status.
Workaround: To reconnect the firewall to the Cortex Data Lake, you must manually disable and re-enable Cortex Data Lake on the firewall that is disconnected.
A Traffic Summary report on Panorama with the
Group Byset to
Virtual Systemdoes not generate successfully. The report indicates that there are no matching records for the report.
Scheduled reports are not supported. In addition, you cannot generate reports on detailed logs stored on the Cortex Data Lake.
Run Nowsummary reports are available for now.
With the PA-7000 Series or the PA-5200 Series firewalls that are sending logs to the Logging Service, you may experience a delay in viewing the latest logs on Panorama. This issue occurs because the firewalls must reconnect to the Cortex Data Lake whenever you commit changes or an auto commit happens due to an event such as an update of an External Dynamic List, Dynamic Address Group, or a content update on the firewall.
If you deploy a new Panorama virtual appliance running version 8.1.2, or you have not enabled the Cortex Data Lake before you upgraded the Panorama appliance to 8.1.2, Panorama cannot establish a connection with the Cortex Data Lake.
Workaround—Set up the connection between Panorama and the Cortex Data Lake before you upgrade to PAN-OS 8.1.2.
If your Panorama is managing firewalls running PAN-OS 8.0 that are sending logs to the Cortex Data Lake and you have enabled Secure Client Communication, the TLS communication with the Cortex Data Lake cannot be established successfully unless you use the default certificates.
Recommended For You
Recommended videos not found.