Known Issues in VM-Series Plugin 2.0.1

The following list describes known issues in the VM-Series Plugin 2.0.1.

PLUG-6280

Monitoring VM-Series firewalls using AWS CloudWatch fails if you are using a VPC endpoint to communicate with the VM-Series firewall management port.
This issue is addressed in VM-Series plugin version 2.0.2, and it introduces a change in default behavior. Prior versions used HTTP for communication to the Cloudwatch endpoint. In version 2.0.2 and later VM-Series plugin uses HTTPS to communicate with the Cloudwatch endpoint.

PLUG-6196

Upgrading PanOS to 10.0.1 with VM-Series plugin 2.0.1, VM-Series plugin fails to boot the system in AWS MP BYOL images.
This issue is addressed in VM-Series plugin version 2.0.2
.
Workaround
:
Upgrade the VM-Series plugin to version 2.0.2 before upgrading PAN-OS to 10.0.1.

PLUG-6015

In some VM-Series firewall HA deployments on Azure, if the active management server makes a connection request to Azure that does not resolve, you might see the UI freeze, delayed commits, or synchronization loss in an HA pair.
This issue is addressed in VM-Series plugin version 1.0.13 and later, and version 2.0.2 and later.

PLUG-4179

When you bootstrap the VM-Series firewall with
dhcp-accept-server-hostname=yes
in the
init-cfg.txt
file, then subsequently update the hostname for the VM-Series firewall, the hostname does not update in the
<namespace>_dimension
CloudWatch metrics.
Workaround:
To change the hostname after boot up, use one of the following methods to prevent the firewall from accepting the hostname sent by the DHCP server:
  • CLI command:
    dhcp-accept-server-hostname=no
  • init-cfg.txt
    file: Remove
    dhcp-accept-server-hostname=yes
    , or set
    dhcp-accept-server-hostname=no
    .

PLUG-3562

In OCI, if you assign secondary IP addresses to HA interfaces, those IP addresses are incorrectly moved to the passive HA peer in the event of a failover.

Recommended For You