Known Issues in VM-Series Plugin 1.0.4

The following list describes known issues in the VM-Series Plugin 1.0.4.


On Azure VM types that support accelerated networking for the VM-Series firewalls on Azure, accelerated networking may be non-functional in the event that Azure hot plugs a network interface.
This issue is fixed in VM-Series plugin version 1.0.5
). You must install the plugin and reboot the firewall to prevent this issue with Azure accelerated networking.


When you use a bootstrap.xml file that includes an HA configuration to configure your VM-Series firewalls on Azure, you cannot commit and push configuration changes to these firewalls from Panorama.


On VM-Series firewalls on AWS, enabling DPDK during bootstrapping causes the firewall to go in to maintenance mode. The contents from all the folders—license, content, software, config—in the bootstrap package are not retrieved and applied to complete the bootstrapping process when DPDK is enabled using the init-cfg.txt file.


PAYG licenses only
) Your pay-as-you-go (PAYG) license is not retained when you upgrade from PAN-OS version 8.1 to PAN-OS 9.0.X.
This issue is fixed in VM-Series plugin 1.0.8
) To fix this issue, upgrade to PAN-OS 9.0.4 or later and VM-Series plugin 1.0.8. With this fix, the PAYG license is retained.


If you bootstrap a PAN-OS 9.0.1 image while using VM-Series plugin 1.0.0, the firewall will not apply the capacity license. To downgrade the VM-Series plugin from version 1.0.2 to 1.0.0, first bootstrap the PAN-OS 9.0.1 image and then downgrade the plugin.


On the VM-Series firewall on AWS, when you change the instance type, the firewall no longer has a serial number or a license. Additionally, if you manage this firewall using Panorama, it is no longer connected to Panorama.


When you rename a device group, template, or template stack in Panorama that is part of a VMware NSX service definition, the new name is not reflected in NSX Manager. Therefore, any ESXi hosts that you add to a vSphere cluster are not added to the correct device group, template, or template stack and your Security policy is not pushed to VM-Series firewalls that you deploy after you rename those objects. There is no impact to existing VM-Series firewalls.

Recommended For You