Prisma Access
Prisma Access Addressed Issues
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Prisma Access Addressed Issues
Where Can I Use This? | What Do I Need? |
---|---|
|
|
The following topics describe issues that have been addressed in Prisma Access 4.0.
Prisma Access 4.0.0-h83 Addressed Issues
Issue ID | Description |
---|---|
CYR-39795 | Fixed an issue where, after installation of the Cloud
Services plugin, an Explicit Proxy Kerberos server profile
(default_server_profile) was installed by the __cloud_services user,
even though Explicit Proxy was not enabled. |
Prisma Access 4.0.0-h80 Addressed Issues
Issue ID | Description |
---|---|
CYR-37004 | Fixed an issue where panorama commit was failing with
a profiles -> dlp-data-profiles unexpected
here error after upgrading the Cloud Services
plugin from 3.2.1 to a 4.0.0 or later version. |
CYR-34770 | Fixed an issue where, if you configured multiple
portals in Prisma Access for the Mobile Users—GlobalProtect
deployment, you must also configure an authentication profile under
Client Authentication on all portals. |
Prisma Access 4.0.0-h78 Addressed Issues
Issue ID | Description |
---|---|
CYR-37665 | Fixed an issue where, after migrating a tenant to a
multi-tenant deployment, the Explicit_Proxy_Template was not created
correctly and commit failed for the first tenant that was
migrated. |
CYR-37562 | Fixed an issue where, when you disable the
multiportal feature flag and the Cloud Services plugin from 3.2.1,
4.0.0, or 4.1.0, you still see the option to enable or disable
multiportal from the UI. |
CYR-37244 | Fixed an issue where, after upgrading the Panorama
that manages Prisma Access to a PAN-OS version of 11.0.0 or later,
the Delete button in the Remote Networks
onboarding section was not enabled when a Remote Network was
selected. |
CYR-36895 | Fixed an issue where the IPv6 proxy-ID tab was
missing when IPv6 was enabled for multi-tenant setups. |
CYR-34482 | Fixed an issue where two Data
Filtering tabs are seen under the Objects tab and
one tab is undefined. |
CYR-24798 | Fixed an issue where in multi-tenant mode, there is
no space between the Unallocated text and
unallocated bandwidth number in the multi-tenant bandwidth
allocation window. |
CYR-22671 | Fixed an issue where, in a multi-tenant deployment,
the first tenant (the tenant you migrated) had prefixes appended to
the device groups, templates, and template stacks such ar mu-dg,
rn-tpl, and so forth. Only the tenants you create after you migrate
the first tenant should have prefixes appended. |
Prisma Access 4.0.0-h72 Addressed Issues
Issue ID | Description |
---|---|
CYR-35838 | Fixed an issue where sub-tenants were being
inadvertently deprovisioned during a Panorama commit. This fix
includes a plugin enhancement where subtenants will need to be
explicitly deprovisioned by the Panorama admin to remove them from
the Prisma Access infrastructure. |
Prisma Access 4.0.0-h68 Addressed Issues
Issue ID | Description |
---|---|
CYR-36213 | Fixed an issue where an internal daemon was
restarting, which caused a configuration sync status issue on
Panorama. |
CYR-35811 | Fixed an issue where a Commit and Push
operation was failing due to an empty subtenant ID for a newly
added subtenant. |
CYR-34966 | Fixed an issue where, when assigning
Customize Per Site values for QoS for
remote networks, remapped locations could not be selected or
customized. |
Prisma Access 4.0.0-h64 Addressed Issues
Issue ID | Description |
---|---|
CYR-37003 | Fixed an issue where, after upgrading the Panorama that manages
Prisma Access to 10.2, multitenant deployments had one or more
sub-tenants deleted after a local commit was performed. Note
that, after you install the plugin that contains this hotfix and
delete a tenant, the tenant is deleted locally on the Panorama
but its configuration remains in the Prisma Access
infrastructure. It is recommended that you backup your Panorama configuration
before you delete any sub-tenants. To completely delete the tenant, reach out to your Palo Alto
Networks account representative or partner, who will contact the
SRE team and submit a request to delete the tenant from your
infrastructure. |
CYR-36299 | Fixed an issue where the link for Prisma
Access App in the Panorama Cloud Services ZTNA connector Use the
Prisma Access tab to use ZTNA Connector redirects
users to the correct cloud management URL https://stratacloudmanager.paloaltonetworks.com/settings/ztna-connector/overview
to access ZTNA connector configurations. |
Prisma Access 4.0.0-h57 Addressed Issues
Issue ID | Description |
---|---|
CYR-34118 | Fixed an issue where, if using Explicit Proxy in
multitenant mode and after upgrading to a plugin that is 3.2.0 or
later, Block Settings and Authentication Settings migrations did not
take place. |
CYR-35811 | Fixed an issue where a Commit and Push operation was
failing due to empty sub-tenant-id for a newly added subtenant.
|
Prisma Access 4.0.0-h53 Addressed Issues
Issue ID | Description |
---|---|
CYR-33526 | Fixed an issue where Prisma Access attempted to fetch
user attributes from Cloud Identity Engine (CIE) on every commit and
push instead of just when the Directory Sync Service Group Mapping
Settings configuration changed. |
CYR-33761 | Fixed an issue where, when after clicking
Integrate with SDWAN under Cloud
Services Configuration, the button is not hidden even though the
integration completed successfully. |
Prisma Access 4.0.0-h51 Addressed Issues
Issue ID | Description |
---|---|
CYR-35078 | Fixed an issue where an internal DNS domain could not
be set and the following message was displayed:
Invalid wildcard domain name. The domain name can
have only one asterisk in the first
position. |
CYR-34966 | Fixed an issue where remapped compute locations did
not display in the QoS settings for remote networks under
Customize Per Site . |
CYR-34616 | Fixed an issue where the Panorama QoS Statistics |
CYR-34429 | Fixed an issue where local commits were failing after
an upgrade to the 4.1.0 Cloud Services plugin. |
CYR-34328 | Fixed an issue where the Prisma Access UI was loading
due to feature flags not being present in the setup. |
CYR-34118 | Fixed an issue where, if using Explicit Proxy in
multitenant mode and after upgrading to 3.2.0+ plugin, Block
Settings and Authentication Settings migrations did not take
place. |
CYR-34053 | Fixed an issue where, after a compute location was
remapped, remote network QoS settings could not be applied to the
remapped compute location. |
CYR-33969 | Fixed an issue where a Mobile Users—GlobalProtect
configuration was deleted without the plugin user having deleted the
configuration. |
CYR-33930 | Fixed an issue where an IPv4 validator was used for IPv6 IP
address validation in the Mobile Users DNS setting. |
CYR-33805 | Fixed an issue where the Remote Networks and Mobile Users text in
the Multi Tenant creation window was misaligned and did not properly
indicate which component the allocation charts were for. |
CYR-33202 | Fixed an issue where 127.0.0.1 was allowed to be entered for
internal DNS resolution settings. |
CYR-25509 | Fixed an issue where an unsupported debug command was
exposed. |
Prisma Access 4.0.0-h41 Addressed Issues
Issue ID | Description |
---|---|
CYR-33844 | Fixed an issue where the following Cloud Services
plugin builds were not compatible with the following M-series
Panorama devices:
|
CYR-33781 | Fixed an issue where a commit failure was received
when using the Explicit Proxy Trusted Source Address feature and
upgrading from the 3.2.1 Cloud Services plugin to a 4.0 plugin.
|
CYR-33757 | Fixed an issue in the Traffic Steering Rule
Source tab where clicking on a
Source Address or
Address-Group in the drop-down list
caused an incorrect item in the list to be selected. |
CYR-33695 | Fixed an issue where traffic steering rules could not
be disabled or moved, and in other cases, a No object
to edit in move handler error was encountered and
no changes could be applied to the traffic steering rule. |
CYR-33202 | Fixed an issue where 127.0.0.1 was allowed to be
entered for internal DNS resolution settings. |
CYR-32221 | Fixed an issue where, after clicking on the
Connection Name of a Remote Network and
then returning back to the previous page, the Peer IP
Address displayed as
Loading . |
CYR-32186 | Fixed an issue where a Permission
Denied error was received when attempting to
delete a remote network. |
Prisma Access 4.0.0-h23 Addressed Issues
Issue ID | Description |
---|---|
CYR-33066 | Fixed an issue where, when setting up traffic
replication, an error was received if the
Member/User field was longer than 31
characters. |
CYR-32488 | Fixed an issue where ADEM could not be enabled at a
remote network compute location, even though the ADEM-AIOPS license
was enabled. |
Prisma Access 4.0.0-h20 Addressed Issues
Issue ID | Description |
---|---|
CYR-31535 | Fixed an issue where the ADEM-AIOPS SKU did not
display in the multi-tenant web interface. |
CYR-30517 | Fixed an issue where the maximum number of IKE peers
per IPSec termination node was not enforced using a validation
check. |
CYR-27018 | Fixed an issue where the Cloud Services Plugin was
not able to send dynamic updates requests using nsupdate to the
external DNS server. |
Prisma Access 4.0.0-h8 Addressed Issues
Issue ID | Description |
---|---|
CYR-31173 | Fixed an issue where when exporting CSV data for all active
mobile users, data for only 9000 users was exported instead of
for all users. |
CYR-29945 | Fixed an issue where Clientless VPN was getting enabled every
time the cloud configuration was updated, causing commit to
fail. |
CYR-23502 | Fixed an issue where, when downloading current mobile user
information from locations in the Japan Central compute
location, the downloaded CSV information differed from the
results obtained in the UI. |
Prisma Access 4.0 Addressed Issues
Issue ID | Description |
---|---|
CYR-37562 | Fixed an issue where, when you disable the multiportal feature
flag and the 3.2.1, 4.0.0, or 4.1.0 plugin, you still see the
option to enable or disable multiportal from the UI. |
CYR-31236 | Fixed an issue where the SSH Management Profiles
Settings tab was missing from templates. |
CYR-30842 | Fixed an issue where the GlobalProtect App Log
certificate was not getting renewed in Panorama. |
CYR-30729 | Fixed an issue where commit was failing when
Clientless VPN and multiple portals were both enabled. |
CYR-30586 | Fixed an issue where, after enabling
X-Authenticated-User (XAU) header on incoming
HTTP/HTTPS requests for Identity , the
XAU checkbox was deselected. |
CYR-30208 | Fixed an issue where a commit on a new Panorama
appliance with Explicit Proxy configuration failed with a 'missing
users' error. |
CYR-29809 | Fixed an issue where, if the user onboarded mobile
users locations and did not choose any locations to be selected on
the Manual Gateway Locations tab, subsequent
local commits on the Panorama appliance were failing with the
'Failed to find any locations in path:
cloud_services/mobile-users/onboarding/entry/manual-gateway/region/entry/locations/memberregions
validation for manual-gateway failed for Mobile Users.Failed
plugin validation' error. |
CYR-29464 | Fixed an issue where the Peer IP Address did not
display in a multitenant deployment. |
CYR-29431 | Fixed an issue where an extra SAML IdP configuration
was added to the Mobile User Gateway configuration, causing the
commit to fail with the error 'interface '-' is not a
valid reference' . |
CYR-29421 | Fixed an issue where modifying the Mobile User GlobalProtect
gateway configuration to use a SAML IdP authentication profile
and clicking okay caused an extra configuration to be added to
Panorama, which also caused commit to fail with an error
interface '-' is
not a valid reference' . |
CYR-29160 | Fixed an issue where the GlobalProtect App Log cert
was not getting saved when Panorama was in FIPS-CC mode. |