Known Issues in VM-Series Plugin 2.0.1
Table of Contents
Expand all | Collapse all
-
-
-
-
- Features Introduced in Zero Touch Provisioning 2.0
- Known Issues in the Zero Touch Provisioning 2.0.4 Release
- Known Issues in the Zero Touch Provisioning 2.0.3 Release
- Known Issues in the Zero Touch Provisioning 2.0.2 Release
- Known Issues in the Zero Touch Provisioning 2.0.1 Release
- Known Issues in the Zero Touch Provisioning 2.0.0 Release
- Limitations
-
-
Known Issues in VM-Series Plugin 2.0.1
The following list describes known issues in the VM-Series
Plugin 2.0.1.
PLUG-6280
Monitoring VM-Series firewalls using
AWS CloudWatch fails if you are using a VPC endpoint to communicate
with the VM-Series firewall management port.
This issue is addressed in VM-Series plugin version 2.0.2,
and it introduces a change in default behavior. Prior versions used
HTTP for communication to the Cloudwatch endpoint. In version 2.0.2
and later VM-Series plugin uses HTTPS to communicate with the Cloudwatch
endpoint.
PLUG-6196
Upgrading PanOS to 10.0.1 with VM-Series
plugin 2.0.1, VM-Series plugin fails to boot the system in AWS MP
BYOL images.
This issue is addressed in VM-Series plugin version 2.0.2.
Workaround:
Upgrade the VM-Series plugin to version 2.0.2 before upgrading
PAN-OS to 10.0.1.
PLUG-6015
In some VM-Series firewall HA deployments
on Azure, if the active management server makes a connection request
to Azure that does not resolve, you might see the UI freeze, delayed
commits, or synchronization loss in an HA pair.
This issue is addressed in VM-Series plugin version 1.0.13
and later, and version 2.0.2 and later.
PLUG-4179
When you bootstrap the VM-Series firewall with dhcp-accept-server-hostname=yes in
the init-cfg.txt file, then subsequently update
the hostname for the VM-Series firewall, the hostname does not update
in the <namespace>_dimension CloudWatch
metrics.
Workaround: To change the hostname after boot up, use
one of the following methods to prevent the firewall from accepting
the hostname sent by the DHCP server:
- CLI command: dhcp-accept-server-hostname=no
- init-cfg.txt file: Remove dhcp-accept-server-hostname=yes, or set dhcp-accept-server-hostname=no.
PLUG-3562
In OCI, if you assign secondary IP addresses
to HA interfaces, those IP addresses are incorrectly moved to the
passive HA peer in the event of a failover.