Known Issues in Panorama Plugin for VMware NSX 2.0.5
Table of Contents
Expand all | Collapse all
-
-
-
-
-
- Features Introduced in Enterprise Data Loss Prevention 4.0.3
- Known Issues in Enterprise DLP Plugin 4.0.3
- Features Introduced in Enterprise Data Loss Prevention 4.0.2
- Known Issues in Enterprise DLP Plugin 4.0.2
- Features Introduced in Enterprise Data Loss Prevention 4.0.1
- Known Issues in Enterprise DLP Plugin 4.0.1
- Features Introduced in Enterprise Data Loss Prevention 4.0.0
- Known Issues in Enterprise DLP Plugin 4.0.0
-
- Features Introduced in Enterprise Data Loss Prevention 3.0.8
- Features Introduced in Enterprise Data Loss Prevention 3.0.7
- Features Introduced in Enterprise Data Loss Prevention 3.0.6
- Features Introduced in Enterprise Data Loss Prevention 3.0.5
- Features Introduced in Enterprise Data Loss Prevention 3.0.4
- Features Introduced in Enterprise Data Loss Prevention 3.0.3
- Features Introduced in Enterprise Data Loss Prevention 3.0.2
- Features Introduced in Enterprise Data Loss Prevention 3.0.1
- Features Introduced in Enterprise Data Loss Prevention 3.0.0
- Known Issues in Enterprise Data Loss Prevention 3.0.8
- Known Issues in Enterprise Data Loss Prevention 3.0.7
- Known Issues in Enterprise Data Loss Prevention 3.0.6
- Known Issues in Enterprise Data Loss Prevention 3.0.5
- Known Issues in Enterprise Data Loss Prevention 3.0.4
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.3
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.0
-
- Features Introduced in Enterprise Data Loss Prevention 1.0.8
- Features Introduced in Enterprise Data Loss Prevention 1.0.3
- Features Introduced in Enterprise Data Loss Prevention 1.0.1
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.8
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.7
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.6
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.4
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.3
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.2
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.1
- Features Introduced in the Enterprise Data Loss Prevention (DLP) Cloud Service
- Limitations
-
-
Known Issues in Panorama Plugin for VMware NSX 2.0.5
Th following list describes known issues
in the Panorama plugin for VMware NSX 2.0.5.
PLUG-1324
Upgrading the VMware NSX plugin from
2.0.2 to 2.0.3 on the passive peer in a Panorama HA deployment before
upgrading the active peer cause the passive peer to become the active
because it has the higher version of the plugin. However, the Service
Manager status on the new active peer may become
Out
of Sync
. The Service Manager status on the new passive
peer remains Registered
.Workaround:
Perform a manual NSX Config-Sync
after
upgrading the plugin.PLUG-1321
Deleting the VM-Series firewall from
vCenter deactivates the firewall license however the deletion may
show as
Failed
in vCenter.Workaround: Verify that the firewall status is Partially Deactivated
on the Managed Devices page on Panorama. In vCenter, manually delete
the VM-Series firewall SVM from .
Networking
& Security
Installation
Service Deployment
PLUG-1318
If the active Panorama peer enters maintenance
mode due to a
power on
self test failure
error, the passive Panorama peer becomes the new active peer. However, after
the failover, the HA status incorrectly displays none on the new
active peer.PLUG-1303
When Panorama deploys and then upgrades a new VM-Series
firewall for NSX, the firewall toggles between connected and disconnected
states. This issue occurs when a beta (-b) or hot fix (-h) PAN-OS
image is downloaded on Panorama.
Workaround:
Delete the beta or hot fix image from Panorama.PLUG-1298
After the VM-Series firewall for NSX is added as a managed
device on Panorama, the template status remains blank.
Workaround:
Perform a local commit on Panorama and then
a commit on the VM-Series firewall to display the template status
on Panorama.PLUG-1297
After upgrading the VM-Series firewall, the template
and shared policy status are
Out of Sync
.Workaround:
After the firewall is added as a managed device
on Panorama, push the template and device group configuration to
the VM-Series firewalls.PLUG-1295
When Panorama deploys and then upgrades
a new VM-Series firewall for NSX, it can take up to two hours to
complete the deployment if there is slow or inconsistent network
connectivity between Panorama and the VM-Series firewall. This occurs when
the VM-Series firewall disconnects from Panorama and Panorama cannot
verify that the commit succeeded.
PLUG-1288
A commit on Panorama to the managed VM-Series firewalls
might fail if the firewalls’ dynamic update version is older than
the version on Panorama.
Workaround:
Manually update the dynamic update version
on the VM-Series firewall to match the version on Panorama. PLUG-1287
After the VM-Series firewall is deployed from vCenter,
the Shared Policy may be Out of Sync on the Managed Devices page
in Panorama.
Workaround: Select . On the Device
Groups tab, verify that your device groups and
Commit
Push to Devices
Include
Device and Network Templates
. On the Templates tab,
deselect the templates. Click OK
.PLUG-1280
The displays
Template Last Commit
column
on Panorama
Managed
Devices
Summary
Failed
after
upgrading Panorama to 8.1.4.Workaround:
Push the template and device
configuration to the VM-Series firewalls.PLUG-1216
The Service Manager status does not immediately go
Out
of Sync
after deleting a steering rule from the Partner
Security Service section on the vCenter server. You must wait approximately
two minutes for the Service Manager status to go Out
of Sync
.PLUG-1215
In a security-centric deployment, the NSX Config-Sync
fails when attempting to regenerate a steering rule that was deleted
from NSX Manager (not deleted on Panorama).
Workaround:
Delete the security from the device group
on Panorama and add it again. Go to Panorama
VMware NSX
Steering Rules
Auto-Generate
. Commit
your
changes. PLUG-1214
NSX Manager allows two different Panorama instances
to connect and push configuration. However, this is an unsupported
configuration.
PLUG-835
On the vCenter server, under , the Service
Status is
Networking & Security
Installation
Service Deployments
Up
although the Installation Status
is Failed
. If the installation fails, the
service status should be Down
.PLUG-828
In an operations-centric deployment, the Service Manager
status becomes Out of Sync with the reason
Steering Rule
is out of sync
when the Partner Security Services are
modified on the vCenter server but not on Panorama. The Service Manager
status should stay in the Registered state when no changes are made
in Panorama.Workaround:
Select Panorama
VMware NSX
Service Managers
Synchronize Dynamic Objects
.PLUG-241
When you delete a steering rule on NSX
Manager, the plugin in status becomes out of sync for that NSX Manager
on Panorama. Executing an NSX Config Sync does not push the rule
change.
Workaround:
Log in to Panorama and select Panorama
VMware NSX
Service Managers
NSX
Config-Sync
to perform a second NSX configuration sync.PAN-113000
If Panorama reboots while new IP sets are added to an
NSX Security Group, NSX sends the new IP addresses to Panorama but
Panorama does not receive the updates.
Workaround:
Perform a Synchronize Dynamic Objects
to
update the DAGs with the new IP addresses.PAN-106302
After a failover event in a Panorama HA deployment,
the Service Manager status is
Out of Sync
on
the now active Panorama HA peer due to a auth-key out of sync
error. Workaround:
Perform two commits on the active Panorama
HA peer to resolve this issue.