Known Issues for the CN-Series on Version 10.0
Table of Contents
10.0 (EoL)
Expand all | Collapse all
-
-
- Enterprise Data Loss Prevention Features
- IoT Security Features
- Content Inspection Features
- Decryption Features
- GlobalProtect Features
- Management Features
- Certificate Management Features
- Panorama Features
- Networking Features
- User-ID Features
- Policy Features
- Authentication Features
- WildFire Features
- Virtualization Features
- SD-WAN Features
- Mobile Infrastructure Security Features
- New Hardware Introduced with PAN-OS 10.0
- Changes to Default Behavior
- Associated Software and Content Versions
- Limitations
-
-
- PAN-OS 10.0.12 Known Issues
- PAN-OS 10.0.11 Known Issues
- PAN-OS 10.0.10 Known Issues
- PAN-OS 10.0.9 Known Issues
- PAN-OS 10.0.8 Known Issues
- PAN-OS 10.0.7 Known Issues
- PAN-OS 10.0.6 Known Issues
- PAN-OS 10.0.5 Known Issues
- PAN-OS 10.0.4 Known Issues
- PAN-OS 10.0.3 Known Issues
- PAN-OS 10.0.2 Known Issues
- PAN-OS 10.0.1 Known Issues
- Known Issues for the CN-Series on Version 10.0
-
-
-
- PAN-OS 10.0.12-h1 Addressed Issues
- PAN-OS 10.0.12 Addressed Issues
- PAN-OS 10.0.11-h1 Addressed Issues
- PAN-OS 10.0.11 Addressed Issues
- PAN-OS 10.0.10-h1 Addressed Issues
- PAN-OS 10.0.10 Addressed Issues
- PAN-OS 10.0.9 Addressed Issues
- PAN-OS 10.0.8-h8 Addressed Issues
- PAN-OS 10.0.8-h4 Addressed Issues
- PAN-OS 10.0.8 Addressed Issues
- PAN-OS 10.0.7 Addressed Issues
- PAN-OS 10.0.6 Addressed Issues
- PAN-OS 10.0.5 Addressed Issues
- PAN-OS 10.0.4 Addressed Issues
- PAN-OS 10.0.3 Addressed Issues
- PAN-OS 10.0.2 Addressed Issues
- PAN-OS 10.0.1 Addressed Issues
- PAN-OS 10.0.0 Addressed Issues
End-of-Life (EoL)
Known Issues for the CN-Series on Version
10.0
List of known issues specific to the CN-Series firewall
on PAN-OS® 10.0.
The following list includes the known issues that are
specific to the CN-Series firewall on PAN-OS® 10.0 release. Refer
to the related PAN-OS and
the Kubernetes plugin release
notes for additional issues that may impact you.
Issue ID | PAN-OS 10.0 Known Issue Description |
|---|---|
PAN-179703 | In some conditions, the dataplane interfaces
are not released when the secured application pods are deleted. Workaround: Restart
the corresponding dataplane pod. |
PAN-150627 | CN-Series is not supported on Kubespray (Self-managed)
Clusters on AWS. |
PAN-147698 | You cannot change or modify the license
bundle after you deploy the CN-MGMT pods. This license bundle is
mapped to the PAN_BUNDLE_TYPE you specify in the PAN-CN-MGMT-Configmap.yaml
when deploying the CN-MGMT pods. To modify the license bundle,
you need to delete all the resources associated with the CN-MGMT
and CN-NGFW pods such as the persistent volumes and the persistent
volume claim, and redeploy the CN-Series firewalls. |
PAN-147061 | All CN-Series components that enable the CN-MGMT
and CN-NGFW pods must be deployed within a single namespace. Deploying
the components in different namespaces in a single cluster is not
supported. |
PAN-147022 | A commit failure occurs on CN-MGMT pods
when the configured security policies on Panorama require a minimum
content version for the applications and threat updates. This
issue occurs because the CN-Series image is not packaged with any
content updates. When the CN-MGMT connects to Panorama any Security
policy rules that are dependent on content will fail. Workaround: Manually
install the content version and perform a manual Commit from
Panorama for the selected CN-MGMT pods. |
RLP—146384 | The Panorama Managed Devices Health Resources |
PAN-145460 This issue is resolved
with Kubernetes plugin 1.0.1 as PLUG-5569. | On occasion, CN-MGMT pods fail to connect
to Panorama. Workaround: Commit the
Panorama configuration after the CN-MGMT pod successfully registers
with Panorama. |
PAN-134788 | On AKS, it takes 15 minutes for the CN-MGMT
pods to be in a ready state. |
PAN-134198 | Auto-commit may be unsuccessful when a CN-MGMT
pod fails, and the other peer in the pair takes over all the CN-NGFW
pods. You must wait for all the CN-NGFW pods to connect, and CN-MGMT
pod will resume functioning. |
PAN-127999 | Etcd communication between CN-MGMT pods
are not encrypted in EKS. This is related to an Amazon EKS issue. |
PAN-124113 | In-cluster load balancing with IP Virtual
Server (IPVS) mode is not supported. |
PAN-122288 | On Panorama, you cannot use the show interface all CLI command
is disabled for CN-MGMT pods.Use Panorama to accurately view
the interfaces and interface status on the CN-MGMT pods. |
PAN-121482 | The CN-Series firewall is not supported
on multi-homed networks. The CN-Series firewall supports multi-homed
networks with PAN-OS 10.0.1 on OpenShift deployments that use the
Multus CNI. |
PAN-119874 | If IPv6 stack is not enabled/supported on
the cluster nodes, the CN-MGMT and CN-NGFW pods cannot be deployed. |
PAN-115153 | When using SCP to export tech-support files
from the CN-MGMT firewall for troubleshooting, you may see the following
errors:
These errors do
not impact the SCP export. |
PAN-114979 | Kubectl logs for CN-MGMT and CN-NGFW may display
time in different formats/zones when the Panorama and Kubernetes
cluster are in different time zone. Initial logs are based on compute
node (or cluster) time zone. After you perform a Panorama Commit ,
it will reflect the time zone from Panorama. |
PAN-112245 | Disconnected or terminated CN-MGMT pods are
displayed on the Panorama Managed Devices Workaround: Manually
delete these pods under the respective Device Group. |