Known Issues in Panorama Plugin for AWS 2.0.x
Table of Contents
2.0
Expand all | Collapse all
-
-
-
-
- Features Introduced in Zero Touch Provisioning 2.0
- Known Issues in the Zero Touch Provisioning 2.0.4 Release
- Known Issues in the Zero Touch Provisioning 2.0.3 Release
- Known Issues in the Zero Touch Provisioning 2.0.2 Release
- Known Issues in the Zero Touch Provisioning 2.0.1 Release
- Known Issues in the Zero Touch Provisioning 2.0.0 Release
- Limitations
-
-
Known Issues in Panorama Plugin for AWS 2.0.x
The following list describes known issues
in the Panorama plugin for AWS 2.0.x.
PAN-132652
If the plugin is not installed and committed on both
Panorama appliances in an HA pair, when failover occurs the plugin
cannot make API calls to the newly active Panorama and plugin functionality
is lost.
Workaround—When installing the AWS plugin on Panorama
peers that are configured as an HA pair, install the plugin on a
peer and commit your changes immediately. Install the same plugin
version on the other peer and commit your changes immediately.
PAN-119033
Spaces and special characters in user-defined tags are
now treated differently. In previous releases both spaces and special
characters caused a tag to be ignored. In the current release, user-defined
tags containing empty spaces can be retrieved, provided they do
not include special characters.
- An empty space in a user-defined tag is replaced with “/”, allowing the tag to be retrieved.For example, if your tag is finance and accounts, the tag can be retrieved.
- User-defined tags with special characters are ignored and not retrieved.For example, if your tag is finance&accounts, your tag is ignored and the log shows the following message:
admin@Panorama> less plugins-log plugin_aws_ret.log2019-12-06 02:27:07.040 +0000 INFO: : vpc-0321945805d495d89: Tag aws.ec2.tag.Tag-spcl-char.<finance>&<accounts> has unsupported chars.. Ignoring...
Workaround—Modify the tag to remove special characters.
PAN-116383
Upgrade from Panorama plugin for AWS version 1.0.0 to
version 2.0.0 is not supported. If you attempt to upgrade the AWS
plugin from version 1.0.0 to version 2.0.0 your version 1.0.0 plugin
configuration does not migrate to version 2.0.0.
This issue is fixed in PAN-OS 9.0.6, enabling you to upgrade
Panorama plugin for AWS version 1.0.0 to version 2.0.0. You must upgrade
Panorama to PAN-OS 9.0.6 before you attempt to upgrade the Panorama
plugin for AWS.
PLUG-3923
PLUG-3923
When an AWS instance running the Panorama
plugin for AWS version 2.0.0 does not have some of the pre-defined tags, the
plugin stops processing the tags for all instances.
(This issue is addressed in Panorama plugin for AWS, version
2.0.1.)
PLUG-3806
When upgrading the Panorama plugin for AWS on peers
configured as an HA pair, if you upgrade the plugin on the secondary
peer first and the peer becomes active, the primary (now passive)
cannot function as an HA peer.
Workaround—When upgrading the Panorama plugin for AWS
on peers that are configured as an HA pair, you must install the
plugin on the primary peer first and commit your changes immediately,
and then install the same plugin version on the secondary peer and
commit your changes immediately.
This issue is fixed in Panorama plugin for AWS, version 2.0.1.
PLUG-3437
PLUG-3437
The firewall template supports a minimum
of two and a maximum of three availability zones (AZs). If you supply
less than two or more than three AZs you see an error message similar
to the following:
An error occurred (ValidationError) when calling the CreateStack operation: Template format error: Unresolved resource dependencies
PLUG-3295
VM Monitoring on AWS GovCloud does not work when you
use an IAM role with assume role, or an instance Profile with Role
ARN for cross account VPC monitoring.
Workaround—Use the IAM role with long-term credentials
on AWS, or an instance profile if your Panorama is deployed as an
EC2 instance on AWS GovCloud.
PLUG-3275
On rare occasions, when you delete the
firewall stack from the AWS console, you see an error message regarding
failed deletion within the ENI interface. This error is not related
to the Panorama plugin for AWS version 2.0.0.
PLUG-2253
Delete node stack fails due to dependency on network
interfaces. You must delete services on the node stack, then delete
the stack elements manually.
PLUG-2246
When viewing Panorama plugin for AWS logs, you cannot
use the tail command.
To view the AWS plugin logs from the CLI, use the following command:
less plugins-log <plugin-logfile>
PLUG-1978
When you modify the tags that Panorama retrieves from
your AWS deployment from Select All 32 Tags to Custom
Tags, the list of newly filtered tags is not pushed
to the firewalls assigned to the device groups within the Notify
Group.
PLUG-1975
If you configure the VPC ID or
the Endpoint URI incorrectly in a Monitoring
Definition on Panorama, the Status details
on the web interface do not include the timestamp for when Panorama
reported this issue.
PLUG-676
If the memory allocation on a Panorama virtual appliance
is lower than the minimum recommendation,
you cannot access and configure the plugin. Make sure to size your
Panorama appliance properly so that you can install the plugin.