VM-Series and Panorama Plugins Release Notes
    : Known Issues in Panorama Plugin for AWS 2.0.x
    Focus
    Download PDF
    Focus
    1. Home
    2. VM-Series and Panorama Plugins Release Notes
    3. Panorama Plugin for AWS
    4. Panorama Plugin for AWS 2.0.0
    5. Known Issues in Panorama Plugin for AWS 2.0.x
    Download PDF

    VM-Series and Panorama Plugins Release Notes

    Known Issues in Panorama Plugin for AWS 2.0.x

    Table of Contents

    Known Issues in Panorama Plugin for AWS 2.0.x

    The following list describes known issues in the Panorama plugin for AWS 2.0.x.

    PAN-132652

    If the plugin is not installed and committed on both Panorama appliances in an HA pair, when failover occurs the plugin cannot make API calls to the newly active Panorama and plugin functionality is lost.
    Workaround—When installing the AWS plugin on Panorama peers that are configured as an HA pair, install the plugin on a peer and commit your changes immediately. Install the same plugin version on the other peer and commit your changes immediately.

    PAN-119033

    Spaces and special characters in user-defined tags are now treated differently. In previous releases both spaces and special characters caused a tag to be ignored. In the current release, user-defined tags containing empty spaces can be retrieved, provided they do not include special characters.
    • An empty space in a user-defined tag is replaced with “/”, allowing the tag to be retrieved.
      For example, if your tag is finance and accounts, the tag can be retrieved.
    • User-defined tags with special characters are ignored and not retrieved.
      For example, if your tag is finance&accounts, your tag is ignored and the log shows the following message:
      admin@Panorama> less plugins-log plugin_aws_ret.log
      2019-12-06 02:27:07.040 +0000 INFO: : vpc-0321945805d495d89: Tag aws.ec2.tag.Tag-spcl-char.<finance>&<accounts> has unsupported chars.. Ignoring...
    Workaround—Modify the tag to remove special characters.

    PAN-116383

    Upgrade from Panorama plugin for AWS version 1.0.0 to version 2.0.0 is not supported. If you attempt to upgrade the AWS plugin from version 1.0.0 to version 2.0.0 your version 1.0.0 plugin configuration does not migrate to version 2.0.0.
    This issue is fixed in PAN-OS 9.0.6, enabling you to upgrade Panorama plugin for AWS version 1.0.0 to version 2.0.0. You must upgrade Panorama to PAN-OS 9.0.6 before you attempt to upgrade the Panorama plugin for AWS.

    PLUG-3923

    PLUG-3923
    When an AWS instance running the Panorama plugin for AWS version 2.0.0 does not have some of the pre-defined tags, the plugin stops processing the tags for all instances.
    (This issue is addressed in Panorama plugin for AWS, version 2.0.1.)

    PLUG-3806

    When upgrading the Panorama plugin for AWS on peers configured as an HA pair, if you upgrade the plugin on the secondary peer first and the peer becomes active, the primary (now passive) cannot function as an HA peer.
    Workaround—When upgrading the Panorama plugin for AWS on peers that are configured as an HA pair, you must install the plugin on the primary peer first and commit your changes immediately, and then install the same plugin version on the secondary peer and commit your changes immediately.
    This issue is fixed in Panorama plugin for AWS, version 2.0.1.

    PLUG-3437

    PLUG-3437
    The firewall template supports a minimum of two and a maximum of three availability zones (AZs). If you supply less than two or more than three AZs you see an error message similar to the following: 
    An error occurred (ValidationError) when calling the CreateStack operation: 
Template format error: Unresolved resource dependencies

    PLUG-3295

    VM Monitoring on AWS GovCloud does not work when you use an IAM role with assume role, or an instance Profile with Role ARN for cross account VPC monitoring.
    Workaround—Use the IAM role with long-term credentials on AWS, or an instance profile if your Panorama is deployed as an EC2 instance on AWS GovCloud.

    PLUG-3275

    On rare occasions, when you delete the firewall stack from the AWS console, you see an error message regarding failed deletion within the ENI interface. This error is not related to the Panorama plugin for AWS version 2.0.0.

    PLUG-2253

    Delete node stack fails due to dependency on network interfaces. You must delete services on the node stack, then delete the stack elements manually.

    PLUG-2246

    When viewing Panorama plugin for AWS logs, you cannot use the tail command.
    To view the AWS plugin logs from the CLI, use the following command:
    less plugins-log <plugin-logfile>

    PLUG-1978

    When you modify the tags that Panorama retrieves from your AWS deployment from Select All 32 Tags to Custom Tags, the list of newly filtered tags is not pushed to the firewalls assigned to the device groups within the Notify Group.

    PLUG-1975

    If you configure the VPC ID or the Endpoint URI incorrectly in a Monitoring Definition on Panorama, the Status details on the web interface do not include the timestamp for when Panorama reported this issue.

    PLUG-676

    If the memory allocation on a Panorama virtual appliance is lower than the minimum recommendation, you cannot access and configure the plugin. Make sure to size your Panorama appliance properly so that you can install the plugin.

    © 2024 Palo Alto Networks, Inc. All rights reserved.