Known Issues in VM-Series Plugin 2.0.1

The following list describes known issues in the VM-Series Plugin 2.0.1.


Monitoring VM-Series firewalls using AWS CloudWatch fails if you are using a VPC endpoint to communicate with the VM-Series firewall management port.
This issue is addressed in VM-Series plugin version 2.0.2, and it introduces a change in default behavior. Prior versions used HTTP for communication to the Cloudwatch endpoint. In version 2.0.2 and later VM-Series plugin uses HTTPS to communicate with the Cloudwatch endpoint.


Upgrading PanOS to 10.0.1 with VM-Series plugin 2.0.1, VM-Series plugin fails to boot the system in AWS MP BYOL images.
This issue is addressed in VM-Series plugin version 2.0.2
Upgrade the VM-Series plugin to version 2.0.2 before upgrading PAN-OS to 10.0.1.


In some VM-Series firewall HA deployments on Azure, if the active management server makes a connection request to Azure that does not resolve, you might see the UI freeze, delayed commits, or synchronization loss in an HA pair.
This issue is addressed in VM-Series plugin version 1.0.13 and later, and version 2.0.2 and later.


When you bootstrap the VM-Series firewall with
in the
file, then subsequently update the hostname for the VM-Series firewall, the hostname does not update in the
CloudWatch metrics.
To change the hostname after boot up, use one of the following methods to prevent the firewall from accepting the hostname sent by the DHCP server:
  • CLI command:
  • init-cfg.txt
    file: Remove
    , or set


In OCI, if you assign secondary IP addresses to HA interfaces, those IP addresses are incorrectly moved to the passive HA peer in the event of a failover.

Recommended For You