The following list describes known issues in the VM-Series
Monitoring VM-Series firewalls using
AWS CloudWatch fails if you are using a VPC endpoint to communicate
with the VM-Series firewall management port.
This issue is addressed in VM-Series plugin version 2.0.2,
and it introduces a change in default behavior. Prior versions used
HTTP for communication to the Cloudwatch endpoint. In version 2.0.2
and later VM-Series plugin uses HTTPS to communicate with the Cloudwatch
Upgrading PanOS to 10.0.1 with VM-Series
plugin 2.0.1, VM-Series plugin fails to boot the system in AWS MP
This issue is addressed in VM-Series plugin version 2.0.2
Upgrade the VM-Series plugin to version 2.0.2 before upgrading
PAN-OS to 10.0.1.
In some VM-Series firewall HA deployments
on Azure, if the active management server makes a connection request
to Azure that does not resolve, you might see the UI freeze, delayed
commits, or synchronization loss in an HA pair.
This issue is addressed in VM-Series plugin version 1.0.13
and later, and version 2.0.2 and later.
When you bootstrap the VM-Series firewall with
file, then subsequently update
the hostname for the VM-Series firewall, the hostname does not update
To change the hostname after boot up, use
one of the following methods to prevent the firewall from accepting
the hostname sent by the DHCP server:
In OCI, if you assign secondary IP addresses
to HA interfaces, those IP addresses are incorrectly moved to the
passive HA peer in the event of a failover.