: Known Issues in Panorama Plugin for AWS 5.0.1
Focus
Focus

Known Issues in Panorama Plugin for AWS 5.0.1

Table of Contents

Known Issues in Panorama Plugin for AWS 5.0.1

Known issues in Panorama Plugin for AWS 5.0.1.
The following list describes known issues in the Panorama Plugin for AWS 5.0.1.

FWAAS-6542

Selecting a different template stack for an existing Cloud Device Group is not supported. Despite allowing this operation, the template stack is not updated.

FWAAS-5842

You cannot view logs by selecting a Cloud Device Group using the Panorama Monitor tab. Select all Cloud Device Groups, then create a filter to limit the display.

FWAAS-6503

Modifying a cloud device group, then committing the change may generate an error message but completes the commit action. However, pushing the change to the cloud device group fails.

FWAAS-5823

When creating a new cloud device group, you cannot select which certificates are used for forward trust or forward untrust.

FWAAS-7676

The firewall fails to inspect inbound traffic containing an ECDSA certificate. Use a RSA certificate instead.

FWAAS-6380

An error message may appear when pushing an uncommitted change to a cloud device group. Commit your changes before pushing.

PLUG-12882

Fixed in Panorama plugin for AWS 5.1.1.
When using Panorama Plugin for AWS, the CloudFormation template stack deployment fails when creating AWS::EC2::VPCEndpointServicePermissions. To resolve this issue, include the parameter AllowedPrinciples in AWS::EC2::VPCEndpointServicePermissions. For example, the template should resemble:
"VPCEndpointServicePermissions": {
      "Type" : "AWS::EC2::VPCEndpointServicePermissions",
      "Properties" : {
          "AllowedPrincipals" : ["*"],
          "ServiceId" : {"Ref": "VPCEndpointService"}
      },
      "DependsOn": ["VPCEndpointService"]
    },