Known Issues in VM-Series Plugin 1.0.2

The following list describes known issues in the VM-Series Plugin 1.0.2.

PLUG-1854

(
PAN-OS 9.0.2 and later releases on AWS and GCP only
) You cannot swap the management interface.

PLUG-1827

(
Microsoft Azure only
) The firewall drops packets due to larger than expected packet sizes when Accelerated networking is enabled on the firewall (
Settings
Networking
).

PLUG-1709

(
Microsoft Azure only
) There is an intermittent issue where the secondary IP address becomes associated with the passive firewall after multiple failovers.
This issue is addressed in VM-Series plugin 1.0.3.
Workaround:
Reassign IP addresses to the active and passive firewalls in Azure as needed.

PLUG-1694

PLUG-1694
(
PAYG licenses only
) Your pay-as-you-go (PAYG) license is not retained when you upgrade from PAN-OS version 8.1 to PAN-OS 9.0.X.
(
This issue is fixed in VM-Series plugin 1.0.8
) To fix this issue, upgrade to PAN-OS 9.0.4 or later and VM-Series plugin 1.0.8. With this fix, the PAYG license is retained.

PLUG-1681

If you bootstrap a PAN-OS 9.0.1 image while using VM-Series plugin 1.0.0, the firewall will not apply the capacity license. To downgrade the VM-Series plugin from version 1.0.2 to 1.0.0, first bootstrap the PAN-OS 9.0.1 image and then downgrade the plugin.

PLUG-1503

When a VM-Series firewall on AWS running on a C5 or M5 instance experiences a high availability (HA) failover, the dataplane interfaces from the previously active firewall are not moved to the newly active (previously passive) peer.
This issue is addressed in VM-Series plugin 1.0.3.
Workaround:
Check for the latest VM-Series plugin version and install the VM-Series plugin 9.0.0 version; the built-in version is 9.0.0-c29.

PLUG-1074

On the VM-Series firewall on AWS, when you change the instance type, the firewall no longer has a serial number or a license. Additionally, if you manage this firewall using Panorama, it is no longer connected to Panorama.

PLUG-380

When you rename a device group, template, or template stack in Panorama that is part of a VMware NSX service definition, the new name is not reflected in NSX Manager. Therefore, any ESXi hosts that you add to a vSphere cluster are not added to the correct device group, template, or template stack and your Security policy is not pushed to VM-Series firewalls that you deploy after you rename those objects. There is no impact to existing VM-Series firewalls.

Recommended For You