Prisma Access Addressed Issues
Focus
Focus
Prisma Access

Prisma Access Addressed Issues

Table of Contents

Prisma Access Addressed Issues

Where Can I Use This?
What Do I Need?
  • Prisma Access (Panorama Managed)
  • Minimum Required Prisma Access Version
    4.0 Preferred
The following topics describe issues that have been addressed in Prisma Access 4.0.

Prisma Access 4.0.0-h83 Addressed Issues

Issue ID
Description
CYR-39795
Fixed an issue where, after installation of the Cloud Services plugin, an Explicit Proxy Kerberos server profile (default_server_profile) was installed by the __cloud_services user, even though Explicit Proxy was not enabled.

Prisma Access 4.0.0-h80 Addressed Issues

Issue ID
Description
CYR-37004
Fixed an issue where panorama commit was failing with a
profiles -> dlp-data-profiles unexpected here
error after upgrading the Cloud Services plugin from 3.2.1 to a 4.0.0 or later version.
CYR-34770
Fixed an issue where, if you configured multiple portals in Prisma Access for the Mobile Users—GlobalProtect deployment, you must also configure an authentication profile under Client Authentication on all portals.

Prisma Access 4.0.0-h78 Addressed Issues

Issue ID
Description
CYR-37665
Fixed an issue where, after migrating a tenant to a multi-tenant deployment, the Explicit_Proxy_Template was not created correctly and commit failed for the first tenant that was migrated.
CYR-37562
Fixed an issue where, when you disable the multiportal feature flag and the Cloud Services plugin from 3.2.1, 4.0.0, or 4.1.0, you still see the option to enable or disable multiportal from the UI.
CYR-37244
Fixed an issue where, after upgrading the Panorama that manages Prisma Access to a PAN-OS version of 11.0.0 or later, the
Delete
button in the Remote Networks onboarding section was not enabled when a Remote Network was selected.
CYR-36895
Fixed an issue where the IPv6 proxy-ID tab was missing when IPv6 was enabled for multi-tenant setups.
CYR-34482
Fixed an issue where two
Data Filtering
tabs are seen under the Objects tab and one tab is undefined.
CYR-24798
Fixed an issue where in multi-tenant mode, there is no space between the
Unallocated
text and unallocated bandwidth number in the multi-tenant bandwidth allocation window.
CYR-22671
Fixed an issue where, in a multi-tenant deployment, the first tenant (the tenant you migrated) had prefixes appended to the device groups, templates, and template stacks such ar mu-dg, rn-tpl, and so forth. Only the tenants you create after you migrate the first tenant should have prefixes appended.

Prisma Access 4.0.0-h72 Addressed Issues

Issue ID
Description
CYR-35838
Fixed an issue where sub-tenants were being inadvertently deprovisioned during a Panorama commit. This fix includes a plugin enhancement where subtenants will need to be explicitly deprovisioned by the Panorama admin to remove them from the Prisma Access infrastructure.

Prisma Access 4.0.0-h68 Addressed Issues

Issue ID
Description
CYR-36213
Fixed an issue where an internal daemon was restarting, which caused a configuration sync status issue on Panorama.
CYR-35811
Fixed an issue where a
Commit and Push
operation was failing due to an empty subtenant ID for a newly added subtenant.
CYR-34966
Fixed an issue where, when assigning
Customize Per Site
values for QoS for remote networks, remapped locations could not be selected or customized.

Prisma Access 4.0.0-h64 Addressed Issues

Issue ID
Description
CYR-37003
Fixed an issue where, after upgrading the Panorama that manages Prisma Access to 10.2, multitenant deployments had one or more sub-tenants deleted after a local commit was performed. Note that, after you install the plugin that contains this hotfix and delete a tenant, the tenant is deleted locally on the Panorama but its configuration remains in the Prisma Access infrastructure.
It is recommended that you backup your Panorama configuration before you delete any sub-tenants.
To completely delete the tenant, reach out to your Palo Alto Networks account representative or partner, who will contact the SRE team and submit a request to delete the tenant from your infrastructure.
CYR-36299
Fixed an issue where the link for
Prisma Access App
in the
Panorama
Cloud Services
ZTNA connector
tab was broken. With this fix,
Use the Prisma Access tab to use ZTNA Connector
redirects users to the correct cloud management URL https://stratacloudmanager.paloaltonetworks.com/settings/ztna-connector/overview to access ZTNA connector configurations.

Prisma Access 4.0.0-h57 Addressed Issues

Issue ID
Description
CYR-34118
Fixed an issue where, if using Explicit Proxy in multitenant mode and after upgrading to a plugin that is 3.2.0 or later, Block Settings and Authentication Settings migrations did not take place.
CYR-35811
Fixed an issue where a Commit and Push operation was failing due to empty sub-tenant-id for a newly added subtenant.

Prisma Access 4.0.0-h53 Addressed Issues

Issue ID
Description
CYR-33526
Fixed an issue where Prisma Access attempted to fetch user attributes from Cloud Identity Engine (CIE) on every commit and push instead of just when the Directory Sync Service Group Mapping Settings configuration changed.
CYR-33761
Fixed an issue where, when after clicking
Integrate with SDWAN
under Cloud Services Configuration, the button is not hidden even though the integration completed successfully.

Prisma Access 4.0.0-h51 Addressed Issues

Issue ID
Description
CYR-35078
Fixed an issue where an internal DNS domain could not be set and the following message was displayed:
Invalid wildcard domain name. The domain name can have only one asterisk in the first position.
CYR-34966
Fixed an issue where remapped compute locations did not display in the QoS settings for remote networks under
Customize Per Site
.
CYR-34616
Fixed an issue where the
Panorama
QoS Statistics
page displayed an inflated number of dropped packets.
CYR-34429
Fixed an issue where local commits were failing after an upgrade to the 4.1.0 Cloud Services plugin.
CYR-34328
Fixed an issue where the Prisma Access UI was loading due to feature flags not being present in the setup.
CYR-34118
Fixed an issue where, if using Explicit Proxy in multitenant mode and after upgrading to 3.2.0+ plugin, Block Settings and Authentication Settings migrations did not take place.
CYR-34053
Fixed an issue where, after a compute location was remapped, remote network QoS settings could not be applied to the remapped compute location.
CYR-33969
Fixed an issue where a Mobile Users—GlobalProtect configuration was deleted without the plugin user having deleted the configuration.
CYR-33930
Fixed an issue where an IPv4 validator was used for IPv6 IP address validation in the Mobile Users DNS setting.
CYR-33805
Fixed an issue where the Remote Networks and Mobile Users text in the Multi Tenant creation window was misaligned and did not properly indicate which component the allocation charts were for.
CYR-33202
Fixed an issue where 127.0.0.1 was allowed to be entered for internal DNS resolution settings.
CYR-25509
Fixed an issue where an unsupported debug command was exposed.

Prisma Access 4.0.0-h41 Addressed Issues

Issue ID
Description
CYR-33844
Fixed an issue where the following Cloud Services plugin builds were not compatible with the following M-series Panorama devices:
  • 4.0.0-h23
  • 4.0.0-h20
  • 4.0.0-h8
  • 3.2.1-h48
  • 3.2.1-h41
  • 3.2.0-h55
CYR-33781
Fixed an issue where a commit failure was received when using the Explicit Proxy Trusted Source Address feature and upgrading from the 3.2.1 Cloud Services plugin to a 4.0 plugin.
CYR-33757
Fixed an issue in the Traffic Steering Rule
Source
tab where clicking on a
Source Address
or
Address-Group
in the drop-down list caused an incorrect item in the list to be selected.
CYR-33695
Fixed an issue where traffic steering rules could not be disabled or moved, and in other cases, a
No object to edit in move handler
error was encountered and no changes could be applied to the traffic steering rule.
CYR-33202
Fixed an issue where 127.0.0.1 was allowed to be entered for internal DNS resolution settings.
CYR-32221
Fixed an issue where, after clicking on the
Connection Name
of a Remote Network and then returning back to the previous page, the
Peer IP Address
displayed as
Loading
.
CYR-32186
Fixed an issue where a
Permission Denied
error was received when attempting to delete a remote network.

Prisma Access 4.0.0-h23 Addressed Issues

Issue ID
Description
CYR-33066
Fixed an issue where, when setting up traffic replication, an error was received if the
Member/User
field was longer than 31 characters.
CYR-32488
Fixed an issue where ADEM could not be enabled at a remote network compute location, even though the ADEM-AIOPS license was enabled.

Prisma Access 4.0.0-h20 Addressed Issues

Issue ID
Description
CYR-31535
Fixed an issue where the ADEM-AIOPS SKU did not display in the multi-tenant web interface.
CYR-30517
Fixed an issue where the maximum number of IKE peers per IPSec termination node was not enforced using a validation check.
CYR-27018
Fixed an issue where the Cloud Services Plugin was not able to send dynamic updates requests using nsupdate to the external DNS server.

Prisma Access 4.0.0-h8 Addressed Issues

Issue ID
Description
CYR-31173
Fixed an issue where when exporting CSV data for all active mobile users, data for only 9000 users was exported instead of for all users.
CYR-29945
Fixed an issue where Clientless VPN was getting enabled every time the cloud configuration was updated, causing commit to fail.
CYR-23502
Fixed an issue where, when downloading current mobile user information from locations in the Japan Central compute location, the downloaded CSV information differed from the results obtained in the UI.

Prisma Access 4.0 Addressed Issues

Issue ID
Description
CYR-37562
Fixed an issue where, when you disable the multiportal feature flag and the 3.2.1, 4.0.0, or 4.1.0 plugin, you still see the option to enable or disable multiportal from the UI.
CYR-31236
Fixed an issue where the
SSH Management Profiles Settings
tab was missing from templates.
CYR-30842
Fixed an issue where the GlobalProtect App Log certificate was not getting renewed in Panorama.
CYR-30729
Fixed an issue where commit was failing when Clientless VPN and multiple portals were both enabled.
CYR-30586
Fixed an issue where, after enabling
X-Authenticated-User (XAU) header on incoming HTTP/HTTPS requests for Identity
, the
XAU
checkbox was deselected.
CYR-30208
Fixed an issue where a commit on a new Panorama appliance with Explicit Proxy configuration failed with a 'missing users' error.
CYR-29809
Fixed an issue where, if the user onboarded mobile users locations and did not choose any locations to be selected on the
Manual Gateway Locations
tab, subsequent local commits on the Panorama appliance were failing with the
'Failed to find any locations in path: cloud_services/mobile-users/onboarding/entry/manual-gateway/region/entry/locations/memberregions validation for manual-gateway failed for Mobile Users.Failed plugin validation'
error.
CYR-29464
Fixed an issue where the Peer IP Address did not display in a multitenant deployment.
CYR-29431
Fixed an issue where an extra SAML IdP configuration was added to the Mobile User Gateway configuration, causing the commit to fail with the error
'interface '-' is not a valid reference'
.
CYR-29421
Fixed an issue where modifying the Mobile User GlobalProtect gateway configuration to use a SAML IdP authentication profile and clicking okay caused an extra configuration to be added to Panorama, which also caused commit to fail with an error
interface '-' is not a valid reference'
.
CYR-29160
Fixed an issue where the GlobalProtect App Log cert was not getting saved when Panorama was in FIPS-CC mode.

Recommended For You