Prisma SD-WAN
Addressed Issues in Prisma SD-WAN ION Release 6.3
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
-
-
-
- 5.6
- 6.1
- 6.2
- 6.3
- 6.4
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Addressed Issues in Prisma SD-WAN ION Release 6.3
Learn about the issues addressed in Prisma SD-WAN ION release
6.3.x.
Learn more about the issues addressed in Prisma SD-WAN ION device
release 6.3.
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.5
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.4
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.3
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.2
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.1
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.5
The following table lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.5.
Issue ID | Description |
---|---|
CGSDW-26686 | Resolved an issue where maximum segment size (MSS) clamping was not happening for a PPPoE interface with DPDK after upgrading from software version 5.6.9. |
CGSDW-27359 | Resolved an issue of missing application statistics, when a higher number of application performance SLA thresholds were configured. |
CGSDW-27387 | Resolved an issue where traffic from a Standard VPN tunnel was not being routed to the branch over the fabric through the transit DC on the ION 9000 platform. |
CGSDW-27462 | Resolved an issue where application flow was being dropped after the application was detected on upgrading the device software to version 6.3.3. |
CGSDW-27498 | Resolved an issue where the default route was missing on sub-interfaces after a device reboot. |
CGSDW-27542 | Resolved an issue where the BGP was going down on the active ION device after an HA switchover after upgrading the software version to 6.3.4. |
CGSDW-27728 | Resolved an issue where the fp-rte process was crashing on an upgrade to software version 6.3.4. |
CGSDW-28036 | Resolved an issue where the VPN Object Identifiers were changing for every polling request. |
CGSDW-28049 | Resolved an issue where the dump-support output and dump-support all commands did not capture the syslogs in the ION 9000 platform, if there was a soft link. |
CGSDW-28187 | Resolved an issue where BGP was not being reestablished after a device reboot. |
CGSDW-28214 | Resolved an issue wherein a stand-alone interface of the backup ION device connected via a bypass configuration to the active ION went down, when the active ION device was powered down. |
CGSDW-28329 | Resolved an issue where a backup DC ION device continued to advertise branch prefixes after a BGP reset. |
CGSDW-28712 | Resolved an issue where IP addresses were missing on interfaces. |
CGSDW-29116 | Resolved an issue of the fp-rte process restart, when the max number of VPNs for FEC were exceeded. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.4
The following table lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.4.
Issue ID | Description |
---|---|
CGSDW-19833 | Disabled NR5G SA mode and enabled NR5G NSA mode for 5G IPv6 connectivity. |
CGSDW-20234 | Resolved an issue where a virtual interface with sub-interfaces was not passing traffic. |
CGSDW-20824 | Reduced the downtime in tunnel establishment, such that the ION device re-initiates a new SA with the peer as soon as three tunnel probes fail. |
CGSDW-21115 | Resolved an issue where the FEC action was not being displayed in the Flow Browser for inbound (DC to branch) traffic. |
CGSDW-21176 | Resolved an issue where the SVI interface did not pass traffic. |
CGSDW-21320 | Resolved an issue where the ION device did not respond to DHCP until it was rebooted or there was a change in configuration. |
CGSDW-21512 |
Enabled default behavior for the bypass pair latch only in the
following scenarios:
|
CGSDW-22072 | Resolved an issue where the rtr_mgr_api process was holding a lot of memory. |
CGSDW-22192 | Resolved an issue where core files were being generated and the device was losing connectivity with the controller when traffic on the client side was abruptly stopped and restarted. |
CGSDW-22259 | Resolved an issue where SNMPv3 was not polling all the interfaces on the ION 9200 platform. |
CGSDW-22389 | Resolved an issue where the app probe remained operational after a firewall was removed from the active path. |
CGSDW-22633 | Fixed memory issues that were being caused due to security policy configuration. |
CGSDW-22700 | Resolved an issue where the branch ION device acting as a DHCP relay in a custom VRF configuration was not forwarding requests to the DHCP server at the DC ION device. |
CGSDW-23098 | Resolved an issue where overlapping IP addresses were not working as expected in VRF. |
CGSDW-23221 | Resolved an issue where the ionhwd process was consuming a lot of memory. |
CGSDW-23395 | Resolved an issue in which the backup ION device continued to attempt to establish a connection with the controller on an upgrade. |
CGSDW-23397 | Resolved an issue where the snmp_network_discovery service was restarting every hour on a device which had an attached SNMP discovery profile with an SNMPv3 configuration. |
CGSDW-23429 | Resolved an issue where the remote terminal connection was failing with the used_for_controller interface. |
CGSDW-23493 | Added CPLD reset reasons to the device reboot reasons for better troubleshooting. |
CGSDW-23534 | Resolved an issue where the Ingress displayed a zero value for Bandwidth Utilization. |
CGSDW-23608 | Optimized security policies to prevent the generation of core files for fp-rte. |
CGSDW-23705 | Resolved an issue where stale entries for VPN paths were being retained in the lqm_results.state database. |
CGSDW-23881 | Resolved an issue for a potential DDoS vulnerability wherein the flows now time out correctly. |
CGSDW-23921 | Resolved an issue where BGP sessions were not being re-established after a LAN switch reset for the ION 1200-S platform. |
CGSDW-23928 | Resolved an issue where the snmpwalk command was returning incorrect information. |
CGSDW-24099 | Increased the VRF scale for device interfaces. |
CGSDW-24112 | Resolved an issue where some packages were being skipped for HMAC integrity check during boot up. |
CGSDW-24262 | Resolved an issue where a route, which was not necessarily the best route, was getting selected as the reachable route. |
CGSDW-24269 | Resolved an issue where the APPLICATION_CUSTOM_RULE_CONFLICT incident was being raised for system applications. |
CGSDW-24273 | Resolved an issue where the v6 default routes for Internet and Private WAN were not being removed from the FIB entries even after powering down the interface. |
CGSDW-24400 | Resolved an issue where the User ID agent was crashing when there were IPv6 entries in NGFW. |
CGSDW-24482 | Resolved an issue where HMAC integrity check was failing for the controller_ca_chain.pem. |
CGSDW-24485 | Resolved an issue of FC crashing for flows with path type LAN_TO_PRIVATE_DIRECT. |
CGSDW-24501 | Resolved issues of higher switchover periods in an HA setup. |
CGSDW-24875 | Fixed an issue where the LQM service was crashing. |
CGSDW-25152 | Resolved an issue where custom L3/L4 applications were not being detected properly for UDP traffic after an HA switchover. |
CGSDW-25179 | Resolved an issue wherein the LAN interface on a standby ION device in an HA configuration was sending ARPs causing LAN disruption. |
CGSDW-25586 | Resolved an issue where the GRE tunnel was not being established when in FIPS mode. |
CGSDW-25658 | Resolved an issue of the fp-rte process restarting which was leading to HA fail-over and instability of the device. |
CGSDW-25738 | Resolved an issue for IPFIX, wherein the socket connect was always binding to the device instead of the IP address for non-used-for-controller interfaces. |
CGSDW-26226 | Resolved an issue in which the BGP on a DC ION device did not advertise the /25 route to the core router after multiple VPN flaps (due to switchover in the branch). |
CGSDW-26247 | Resolved an issue where the FC control thread was taking a lot of time to populate fib-leak entries in FIB scale. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.3
The following table lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.3.
Issue ID | Description |
---|---|
CGSDW-21181 | Added support for AWS IMDSv2 for metadata. |
CGSDW-22192 | Resolved an issue where core files were being generated and the device was losing connectivity with the controller when traffic on the client side was abruptly stopped and restarted. |
CGSDW-22281 | Resolved an issue where the application reachability probes were crashing on a branch ION device. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.2
The following table lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.2.
Issue ID | Description |
---|---|
CGSDW-17904 | Resolved an issue where the dump interface status command did not display the Supported Link modes and the Advertised Link modes. |
CGSDW-18954 | Resolved an issue where IPFIX was not working when the controller interface was configured as the source interface. |
CGSDW-19542 | Assessed that the ION device is not vulnerable to a Terrapin attack (CVE-2023-48795). |
CGSDW-19628 | Resolved an issue where return traffic was not seen from the DC ION to the branch ION device. |
CGSDW-20241 | Resolved an issue of packet loss on ICMP traffic on the non-default VRF. |
CGSDW-20382 | Assessed that the ION device is not impacted by OpenSSH:CVE-2023-51385 and CVE-2023-51767. |
CGSDW-20631 | Resolved an issue where the log-agent was not processing all the DHCP messages received from the log-collector-client. |
CGSDW-20649 | Resolved an issue where the SNMP daemon process was slowly consuming the memory in the ION device suggesting a possible memory leak. |
CGSDW-20671 | Resolved an issue where incidents related to RADIUS server were raised even when a RADIUS server was not configured. |
CGSDW-20807 | Resolved an issue where the FIB VPN entries for global VRF were not seen on upgrading the device to software version 6.3.1. |
CGSDW-20864 | Resolved an issue in which on deleting the only prefix of a VRF at a branch site, the entries leaked to the DC site for the specific VRF were also deleted. |
CGSDW-21025 | Resolved an issue where the VPN path was not correct in the performance policy path after detaching and reattaching the circuit on the parent interface. |
CGSDW-21088 | Resolved an issue where the static ARP entry was incorrectly added on the standby ION device. |
CGSDW-21116 | Resolved an issue where the outbound SSH was not supported on the used-for-controller interface. |
CGSDW-21119 | Resolved an issue where the bypass pair ports of a device remained in the bypass pair mode even after the device was declaimed. |
CGSDW-21300 | Resolved an issue where the DHCP server wasn't working with the controller and the LAN interface in the same subnet. |
CGSDW-21381 | Removed the unused memory which was allocated for the app-id-elem objects. |
CGSDW-21580 | Resolved an issue where the backup ION device was unable to connect to the controller in an HA deployment. |
CGSDW-21607 | Resolved a possible sequencing problem that could arise in the ION device if the VRF profile configuration was done after the interface configuration. |
CGSDW-21698 | Resolved an issue where the static ARP was not getting added on the new active device during an HA switchover. |
CGSDW-21836 | Resolved an issue where the VRF creation was failing if the SVI name was longer than nine characters. |
CGSDW-21868 | Resolved an issue where the outbound SSH6 was not working on the ION device. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.1
The following table lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.1.
Issue ID | Description |
---|---|
CGSDW-14344 | Resolved an issue where the FC process was crashing when traffic was initiated on an idle ION device. |
CGSDW-14766 | Resolved an issue wherein the configuration for a BGP peer wasn't removed on deleting the BGP peer. |
CGSDW-15201 | Resolved an issue where the ingress capacity bandwidth calculation was displaying as zero for some WAN links. |
CGSDW-15212 | Resolved an issue where a subinterface on a virtual ION device with DPDK was not passing traffic. |
CGSDW-15258 | Resolved an issue where the device went offline intermittently due to restart of the FC process. |
CGSDW-15661 | Resolved an issue where memory leak was observed in the VPN process. |
CGSDW-16172 | Resolved an issue wherein the ION device with ZBFW was treating the first packet block differently for LAN-to-LAN and LAN-to-WAN traffic. |
CGSDW-16269 | Resolved an issue where high payload traffic sent over Private WAN VPN with a high throughput was dropping. |
CGSDW-16932 | Updated Zoom Phone application definition with additional prefixes. |
CGSDW-17031 | Resolved an issue where the fc-monitor process crashed on ION 2000 during port scanning and restart with an out of memory error. |
CGSDW-17571 | Resolved an issue where incorrect WAN paths were accounted for in the flows. |
CGSDW-17886 | Resolved an issue where a default route was missing in the route table for ION devices with VRF enabled. |
CGSDW-18350 | Resolved an issue where the ION device was dropping LAN-to-LAN traffic due to security policy configuration. |
CGSDW-18816 | Resolved an issue of interface flapping on the ION device after a device software upgrade. |
CGSDW-19466 | Resolved an issue wherein the device to controller connection was taking a long time to establish after a reboot. |
CGSDW-19473 | Resolved an issue of FC restarting after 3 days of running scan tests on interfaces. |
CGSDW-19674 | Resolved an issue where the fc-monitor, fp-metrics, and fp-scm processes were crashing due to buffer overflow in DPDK. |
CGSDW-19778 | Resolved an issue where the blobfish process kept on restarting during remote access of the ION device. |