Addressed Issues in Prisma SD-WAN ION Release 6.3
Focus
Focus
Prisma SD-WAN

Addressed Issues in Prisma SD-WAN ION Release 6.3

Table of Contents

Addressed Issues in Prisma SD-WAN ION Release 6.3

Learn about the issues addressed in Prisma SD-WAN ION release 6.3.x.
Learn more about the issues addressed in Prisma SD-WAN ION device release 6.3.

Addressed Issues in Prisma SD-WAN ION Device Release 6.3.5

The following table lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.5.
Issue IDDescription
CGSDW-26686Resolved an issue where maximum segment size (MSS) clamping was not happening for a PPPoE interface with DPDK after upgrading from software version 5.6.9.
CGSDW-27359Resolved an issue of missing application statistics, when a higher number of application performance SLA thresholds were configured.
CGSDW-27387Resolved an issue where traffic from a Standard VPN tunnel was not being routed to the branch over the fabric through the transit DC on the ION 9000 platform.
CGSDW-27462Resolved an issue where application flow was being dropped after the application was detected on upgrading the device software to version 6.3.3.
CGSDW-27498Resolved an issue where the default route was missing on sub-interfaces after a device reboot.
CGSDW-27542Resolved an issue where the BGP was going down on the active ION device after an HA switchover after upgrading the software version to 6.3.4.
CGSDW-27728Resolved an issue where the fp-rte process was crashing on an upgrade to software version 6.3.4.
CGSDW-28036Resolved an issue where the VPN Object Identifiers were changing for every polling request.
CGSDW-28049Resolved an issue where the dump-support output and dump-support all commands did not capture the syslogs in the ION 9000 platform, if there was a soft link.
CGSDW-28187Resolved an issue where BGP was not being reestablished after a device reboot.
CGSDW-28214Resolved an issue wherein a stand-alone interface of the backup ION device connected via a bypass configuration to the active ION went down, when the active ION device was powered down.
CGSDW-28329Resolved an issue where a backup DC ION device continued to advertise branch prefixes after a BGP reset.
CGSDW-28712Resolved an issue where IP addresses were missing on interfaces.
CGSDW-29116Resolved an issue of the fp-rte process restart, when the max number of VPNs for FEC were exceeded.

Addressed Issues in Prisma SD-WAN ION Device Release 6.3.4

The following table lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.4.
Issue IDDescription
CGSDW-19833Disabled NR5G SA mode and enabled NR5G NSA mode for 5G IPv6 connectivity.
CGSDW-20234Resolved an issue where a virtual interface with sub-interfaces was not passing traffic.
CGSDW-20824Reduced the downtime in tunnel establishment, such that the ION device re-initiates a new SA with the peer as soon as three tunnel probes fail.
CGSDW-21115Resolved an issue where the FEC action was not being displayed in the Flow Browser for inbound (DC to branch) traffic.
CGSDW-21176Resolved an issue where the SVI interface did not pass traffic.
CGSDW-21320Resolved an issue where the ION device did not respond to DHCP until it was rebooted or there was a change in configuration.
CGSDW-21512
Enabled default behavior for the bypass pair latch only in the following scenarios:
  • The device is a backup device in an HA group.
  • The device is powered off.
CGSDW-22072Resolved an issue where the rtr_mgr_api process was holding a lot of memory.
CGSDW-22192Resolved an issue where core files were being generated and the device was losing connectivity with the controller when traffic on the client side was abruptly stopped and restarted.
CGSDW-22259Resolved an issue where SNMPv3 was not polling all the interfaces on the ION 9200 platform.
CGSDW-22389Resolved an issue where the app probe remained operational after a firewall was removed from the active path.
CGSDW-22633Fixed memory issues that were being caused due to security policy configuration.
CGSDW-22700Resolved an issue where the branch ION device acting as a DHCP relay in a custom VRF configuration was not forwarding requests to the DHCP server at the DC ION device.
CGSDW-23098Resolved an issue where overlapping IP addresses were not working as expected in VRF.
CGSDW-23221Resolved an issue where the ionhwd process was consuming a lot of memory.
CGSDW-23395Resolved an issue in which the backup ION device continued to attempt to establish a connection with the controller on an upgrade.
CGSDW-23397Resolved an issue where the snmp_network_discovery service was restarting every hour on a device which had an attached SNMP discovery profile with an SNMPv3 configuration.
CGSDW-23429Resolved an issue where the remote terminal connection was failing with the used_for_controller interface.
CGSDW-23493Added CPLD reset reasons to the device reboot reasons for better troubleshooting.
CGSDW-23534Resolved an issue where the Ingress displayed a zero value for Bandwidth Utilization.
CGSDW-23608Optimized security policies to prevent the generation of core files for fp-rte.
CGSDW-23705Resolved an issue where stale entries for VPN paths were being retained in the lqm_results.state database.
CGSDW-23881Resolved an issue for a potential DDoS vulnerability wherein the flows now time out correctly.
CGSDW-23921Resolved an issue where BGP sessions were not being re-established after a LAN switch reset for the ION 1200-S platform.
CGSDW-23928Resolved an issue where the snmpwalk command was returning incorrect information.
CGSDW-24099Increased the VRF scale for device interfaces.
CGSDW-24112Resolved an issue where some packages were being skipped for HMAC integrity check during boot up.
CGSDW-24262Resolved an issue where a route, which was not necessarily the best route, was getting selected as the reachable route.
CGSDW-24269Resolved an issue where the APPLICATION_CUSTOM_RULE_CONFLICT incident was being raised for system applications.
CGSDW-24273Resolved an issue where the v6 default routes for Internet and Private WAN were not being removed from the FIB entries even after powering down the interface.
CGSDW-24400Resolved an issue where the User ID agent was crashing when there were IPv6 entries in NGFW.
CGSDW-24482Resolved an issue where HMAC integrity check was failing for the controller_ca_chain.pem.
CGSDW-24485Resolved an issue of FC crashing for flows with path type LAN_TO_PRIVATE_DIRECT.
CGSDW-24501Resolved issues of higher switchover periods in an HA setup.
CGSDW-24875Fixed an issue where the LQM service was crashing.
CGSDW-25152Resolved an issue where custom L3/L4 applications were not being detected properly for UDP traffic after an HA switchover.
CGSDW-25179Resolved an issue wherein the LAN interface on a standby ION device in an HA configuration was sending ARPs causing LAN disruption.
CGSDW-25586Resolved an issue where the GRE tunnel was not being established when in FIPS mode.
CGSDW-25658Resolved an issue of the fp-rte process restarting which was leading to HA fail-over and instability of the device.
CGSDW-25738Resolved an issue for IPFIX, wherein the socket connect was always binding to the device instead of the IP address for non-used-for-controller interfaces.
CGSDW-26226Resolved an issue in which the BGP on a DC ION device did not advertise the /25 route to the core router after multiple VPN flaps (due to switchover in the branch).
CGSDW-26247Resolved an issue where the FC control thread was taking a lot of time to populate fib-leak entries in FIB scale.

Addressed Issues in Prisma SD-WAN ION Device Release 6.3.3

The following table lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.3.
Issue IDDescription
CGSDW-21181Added support for AWS IMDSv2 for metadata.
CGSDW-22192Resolved an issue where core files were being generated and the device was losing connectivity with the controller when traffic on the client side was abruptly stopped and restarted.
CGSDW-22281Resolved an issue where the application reachability probes were crashing on a branch ION device.

Addressed Issues in Prisma SD-WAN ION Device Release 6.3.2

The following table lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.2.
Issue IDDescription
CGSDW-17904Resolved an issue where the dump interface status command did not display the Supported Link modes and the Advertised Link modes.
CGSDW-18954Resolved an issue where IPFIX was not working when the controller interface was configured as the source interface.
CGSDW-19542Assessed that the ION device is not vulnerable to a Terrapin attack (CVE-2023-48795).
CGSDW-19628Resolved an issue where return traffic was not seen from the DC ION to the branch ION device.
CGSDW-20241Resolved an issue of packet loss on ICMP traffic on the non-default VRF.
CGSDW-20382Assessed that the ION device is not impacted by OpenSSH:CVE-2023-51385 and CVE-2023-51767.
CGSDW-20631Resolved an issue where the log-agent was not processing all the DHCP messages received from the log-collector-client.
CGSDW-20649Resolved an issue where the SNMP daemon process was slowly consuming the memory in the ION device suggesting a possible memory leak.
CGSDW-20671Resolved an issue where incidents related to RADIUS server were raised even when a RADIUS server was not configured.
CGSDW-20807Resolved an issue where the FIB VPN entries for global VRF were not seen on upgrading the device to software version 6.3.1.
CGSDW-20864Resolved an issue in which on deleting the only prefix of a VRF at a branch site, the entries leaked to the DC site for the specific VRF were also deleted.
CGSDW-21025Resolved an issue where the VPN path was not correct in the performance policy path after detaching and reattaching the circuit on the parent interface.
CGSDW-21088Resolved an issue where the static ARP entry was incorrectly added on the standby ION device.
CGSDW-21116Resolved an issue where the outbound SSH was not supported on the used-for-controller interface.
CGSDW-21119Resolved an issue where the bypass pair ports of a device remained in the bypass pair mode even after the device was declaimed.
CGSDW-21300Resolved an issue where the DHCP server wasn't working with the controller and the LAN interface in the same subnet.
CGSDW-21381Removed the unused memory which was allocated for the app-id-elem objects.
CGSDW-21580Resolved an issue where the backup ION device was unable to connect to the controller in an HA deployment.
CGSDW-21607Resolved a possible sequencing problem that could arise in the ION device if the VRF profile configuration was done after the interface configuration.
CGSDW-21698Resolved an issue where the static ARP was not getting added on the new active device during an HA switchover.
CGSDW-21836Resolved an issue where the VRF creation was failing if the SVI name was longer than nine characters.
CGSDW-21868Resolved an issue where the outbound SSH6 was not working on the ION device.

Addressed Issues in Prisma SD-WAN ION Device Release 6.3.1

The following table lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.1.
Issue IDDescription
CGSDW-14344Resolved an issue where the FC process was crashing when traffic was initiated on an idle ION device.
CGSDW-14766Resolved an issue wherein the configuration for a BGP peer wasn't removed on deleting the BGP peer.
CGSDW-15201Resolved an issue where the ingress capacity bandwidth calculation was displaying as zero for some WAN links.
CGSDW-15212Resolved an issue where a subinterface on a virtual ION device with DPDK was not passing traffic.
CGSDW-15258Resolved an issue where the device went offline intermittently due to restart of the FC process.
CGSDW-15661Resolved an issue where memory leak was observed in the VPN process.
CGSDW-16172Resolved an issue wherein the ION device with ZBFW was treating the first packet block differently for LAN-to-LAN and LAN-to-WAN traffic.
CGSDW-16269Resolved an issue where high payload traffic sent over Private WAN VPN with a high throughput was dropping.
CGSDW-16932Updated Zoom Phone application definition with additional prefixes.
CGSDW-17031Resolved an issue where the fc-monitor process crashed on ION 2000 during port scanning and restart with an out of memory error.
CGSDW-17571Resolved an issue where incorrect WAN paths were accounted for in the flows.
CGSDW-17886Resolved an issue where a default route was missing in the route table for ION devices with VRF enabled.
CGSDW-18350Resolved an issue where the ION device was dropping LAN-to-LAN traffic due to security policy configuration.
CGSDW-18816Resolved an issue of interface flapping on the ION device after a device software upgrade.
CGSDW-19466Resolved an issue wherein the device to controller connection was taking a long time to establish after a reboot.
CGSDW-19473Resolved an issue of FC restarting after 3 days of running scan tests on interfaces.
CGSDW-19674Resolved an issue where the fc-monitor, fp-metrics, and fp-scm processes were crashing due to buffer overflow in DPDK.
CGSDW-19778Resolved an issue where the blobfish process kept on restarting during remote access of the ION device.