Prisma SD-WAN
Known Issues in Prisma SD-WAN ION Releases
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
-
-
-
- 6.5
- 6.4
- 6.3
- 6.2
- 6.1
- 5.6
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Known Issues in Prisma SD-WAN ION Releases
Learn about the known issues in Prisma SD-WAN ION Releases.
This table lists known issues across Prisma SD-WAN ION
releases. Starting with 6.5.0 release, a separate Known Issues document will no longer
be published. Refer to this document for 6.5.0 and any supported release.
Releases marked with an asterisk (*) have reached End-of-Life (EoL). Review
the hardware and software End-of-Life (EoL) information for
products and releases that have reached End-of-Life (EoL) status.
Issue ID | Description | Known in Release/(s) |
---|---|---|
CGSDW-34273 | A memory leak has been identified in the cgnxinfra process. The leak is triggered by a continuous flap in the controller connection, which is often caused by frequent WebSocket disconnections. This issue can lead to an Out of Memory (OOM) event and may cause the device to reboot. | 6.3.6 |
CGSDW-34254 | A crash in the hitflagsd process has been observed on devices in L2 mode. The crash is triggered by a large number of continuous VPN flaps, which causes a timing issue in a datapath backend process. | 6.3.6 |
CGSDW-34106 | After an HA switchover, VPNs configured over bypass ports take longer than expected to reestablish connectivity. This issue is observed on devices with a large number of interfaces, resulting in temporary VPN downtime and traffic loss. | 6.3.6 |
CGSDW-33728 | A memory leak exists in the deprecated NetFlow extension API when configured on a device. This can lead to the device running out of available memory under high-stress conditions, causing it to reboot. | 6.3.6 |
CGSDW-33555 | The dpdk-ctrl-port process on devices may crash due to a timing issue during device initialization after a reboot or upgrade. This can delay the initial bootup process and prevent interfaces from coming back up. | 6.3.6 |
CGSDW-33506 | A crash in the fc-monitor process has been observed on devices after a version upgrade. This is triggered by a corrupted packet that causes a failure in the QAT library during packet handling. | 6.3.6 |
CGSDW-31611 | The fp-rte process may crash due to a timing issue during device initialization after a reboot or upgrade. The crash results in traffic loss and a delay in the device's bootup process. | 6.4.2, 6.3.6 |
CGSDW-16922 | The fp-rte process may crash during device initialization after a version upgrade. The crash, which occurs in the port receiver function, is caused by a timing issue with interface and packet handling on devices with a large number of sub-interfaces and can lead to a delay in the initial boot up process. | 6.4.1, 6.1.5, 6.1.10, 6.1.11, 6.3.6 |
CGSDW-33282 | After any process crash or ION device reboot, the system fails to zip and save the logs directory, leading to unmanaged log accumulation. | 6.3.5, 6.3.4, 6.3.3 |
CGSDW-33237 | After upgrading to ION device 6.x with DPDK, higher control plane latency is observed, primarily because deeper Rx MAC and Intercore FIFOs introduce head-of-line blocking, particularly impacting applications during high-rate scan traffic. | 6.5.2, 6.5.1, 6.3.5, 6.3.4, 6.3.3, 6.1.11 |
CGSDW-32621 | After upgrading from 6.1.x to 6.3.5-b4, standby ION devices are losing connectivity to the controller because a local route entry for the LAN-IP, sharing the same subnet as the controller interface gateway, prevents packets from being locally terminated on the standby device. | 6.3.5, 6.3.4, 6.3.3 |
CGSDW-32177 | After debug logging and filters are enabled, they are not disabled, leading to critical issues and customer outages. | 6.3.5, 6.3.4, 6.3.3 |
CGSDW-31958 | After upgrading to 6.3.5-b4, Virtual Interfaces are experiencing "recvmsg() No buffer space Available" and "fp_drain_exec Resource temporarily unavailable" errors, leading to connectivity loss on ION devices, specifically observed with VPN and HA communication failures, which resulted in a split-brain scenario. | 6.3.5, 6.3.4, 6.3.3 |
CGSDW-31862 | After an fp-rte process crash on 6.3.5-b4, a three-minute split-brain scenario occurrs because the HAM process waits for the fp-rte core dump creation to complete, leading to customer traffic impact. | 6.3.5, 6.3.4, 6.3.3 |
CGSDW-31861 | After configuring enterprise DNS servers on the controller interface, app-probes are being sent relentlessly, leading to continuous CPU spikes and packet drops on lower-end devices, indicating a need for a timeout or limit on probe frequency until a genuine client DNS request fails. | 6.3.5, 6.3.4, 6.3.3 |
CGSDW-31654 This issue is resolved in ION version
6.4.2-b16. | FC crashes at pan_sml_vm_set_field_flag() within the ml7 library. | 6.5.2, 6.5.1, 6.4.1 |
CGSDW-30788 | fp-rte corefile is generated in asymmetric LAN flow with specific policy. | 6.5.2, 6.5.1, 6.4.2 |
CGSDW-30747 | After adding or removing Prisma Access tags from site configurations, or removing circuit tags from physical interfaces, the charon process restarts, unexpectedly triggering an HA switchover, which disrupts customer operations, particularly when rebuilding PA tunnels or migrating branches between regions. | 6.5.2, 6.5.1, 6.4.2, 6.3.5, 6.3.4, 6.3.3, 6.1.11 |
CGSDW-30067 | After deploying ION 3200s in L2 mode on 6.3.4-b2, core.dpdk-ctrl-port issues are observed at ixgbe_dev_clear_queues, indicating a problem with DPDK control plane operations on the device. | 6.3.5, 6.3.4, 6.3.3 |
CGSDW-29960 | If overlapping IP addresses are configured on a branch site, syslogs are not visible on the DC ION. | 6.5.2 6.5.1 |
CGSDW-29923 | The SNMPWALK command from the DC server does not work if overlapping IP addresses are configured on the branch site. | 6.5.2 6.5.1 |
CGSDW-27527 | After experiencing fast path CPU utilization at 100%, device performance degrades for active sessions, exhibiting high latency followed by complete traffic loss and a forwarding system outage, as seen with custom AppMix traffic which recovers only after a device reboot. | 6.4.2, 6.3.3, 6.3.4 |
CGSDW-27241 This issue is resolved in ION version
6.4.2. | After enabling logs for the flow controller, the logs are not rolling over correctly, thus using up all the space in the log directory. | 6.4.2 |
CGSDW-26342 | Prefixes received from a DC on the WAN path are being distributed back to the DC via the Standard VPN path causing a traffic loop. The workaround is to configure a prefix list which explicitly denies the prefixes coming from the DC on the Standard VPN. | 6.5.2 6.5.1 |
CGSDW-26096 | A standby DC ION in a DC cluster does not forward the received traffic on the intra-cluster tunnel. | 6.5.2 6.5.1 |
CGSDW-24973 This issue is resolved in ION version
6.4.1. | Some advertised prefixes are not displayed for a DC ION device after changing the site mode from Control to Disabled and then back to Control. | 6.4.1 |
CGSDW-23582 | OSPF routes are still advertised to the core BGP router even when the WAN paths for OSPF are deleted. | 6.4.1 |
CGSDW-23395 This issue is resolved in ION version
6.3.4. | After upgrading to device software version 6.3.2-b5, the backup ION
device continues to attempt to establish a connection with the
controller. If controller port of the device next hop is pointing to ION
device LAN interface then use the following workaround for this
issue:
| 6.3.2 |
CGSDW-22659 This issue is resolved in ION version
6.4.2. | The system does not display the correct interface speed for interfaces where no link is detected, i.e. when the operational status is down. | 6.1.10 |
CGSDW-21451 This issue is resolved in ION version
6.4.1. | After being assigned to a site, the ION device does not receive the VRF context in time. This causes incorrect mapping between interfaces and VRFs. | 6.3.1 |
CGSDW-21409 This issue is resolved in ION version
6.4.1. | FC crashes when many app-map entries are being created, modified, or deleted in parallel. Resolved an issue where the FC was crashing when many app-map entries were being created, modified, or deleted in parallel. | |
CGSDW-20864 This issue is resolved in ION version
6.4.1. | If the only prefix of a VRF at a branch site is deleted, then the entries leaked to the DC site for the specific VRF are also deleted. The workaround is to configure at least one dummy global prefix for the VRF at the branch site. | 6.3.1 |
CGSDW-20671 This issue is resolved in ION version
6.3.2. | Incidents related to RADIUS server are raised even when a RADIUS server is not configured. | 6.3.1 |
CGSDW-20649 | The SNMP daemon process was slowly consuming the memory in the ION device suggesting a possible memory leak. | 6.3.1 |
CGSDW-19707 This issue is resolved in ION version
6.1.7. | The Standard VPN path is not displayed in the list of paths when configured through easy onboarding. | 6.1.6 |
CGSDW-19357 This issue is resolved in ION version
6.5.1. | When a DC ION receives routes for a /32 prefix from both the underlay and overlay, the DC ION tries to split the route and thus the BGP route selection process fails. | 6.1.9, 6.1.8, 6.1.7, 6.1.6 |
CGSDW-19237 This issue is resolved in ION version
6.1.7. | FC crashes due to stack corruption in ION 5200. | 6.1. |
CGSDW-18905 | First flow of direct VNC traffic gets denied as the server port in the ION app-def is 0-0. | 6.1.9, 6.1.8, 6.1.7, 6.1.6 |
CGSDW-16031 This issue is resolved in ION version
6.1.5. | There is a delay in bringing down the BGP peer of a data center ION device when the remote end of the interface is shut down. | 6.1.4 |
CGSDW-16005 This issue is resolved in ION version
6.1.5. | Resolved an issue where the app-engine was crashing on an ION 2000 device during continuous traffic flow. | 6.1.4 |
CGSDW-15988 This issue is resolved in ION version
6.1.5. | On upgrading the device software, a parent interface with more than 20 subinterfaces flaps, resulting in flapping of the IP addresses of the subinterfaces. | 6.1.4 |
CGSDW-15970 This issue is resolved in ION version
6.1.5. | When rebooting the active device in an HA configuration on the 2000 platform, the bypass pair of the active device does not pass traffic during reload. | 6.1.4 |
CGSDW-15967 This issue is resolved in ION version 6.3.2 and
6.1.7. | High memory consumption by the ADEM process causes ION device reboot. | |
CGSDW-15868 This issue is resolved in ION version
6.1.5. | Resolved an issue wherein high memory consumption by the ADEM process was causing other processes to crash and device to reboot. | 6.1.4 |
CGSDW-15257 This issue is resolved in ION version
6.1.5. | Resolved an issue wherein previously reachable prefixes from a DC ION device became unreachable after upgrading the device software to version 6.1.2. | 6.1.4 |
CGSDW-15027 This issue is closed.
| Incorrect SNMP interface bandwidth reported after a software upgrade from ION device version 5.6. | 6.3.2, 6.1.6 |
CGSDW-14980 This issue is resolved in ION version
6.1.4. | Custom applications with L3/L4 prefixes are not detected when used in security policies. | 6.1.3 |
CGSDW-14456 | The fp-rte process crashes when fetching information on security policy counters and app stats. | 6.1.3 |
CGSDW-14432 This issue is resolved in ION version 6.2.2 and
6.1.6. | The fp-rte process crashes when fetching information on security policy counters and app stats. | 6.1.5, 6.1.4, 6.1.1 |
CGSDW-14344 This issue is resolved in ION version 6.1.3 and
6.2.2. | FC process crashes when traffic is initiated on an idle ION device. | 6.2.1 |
CGSDW-13397 This issue is resolved in ION version
6.1.6. | Core files seen during TCP SYN scan which is using up memory and causing FC to crash. | |
CGSDW-12733 This issue is resolved in ION version
6.4.1. | DPD with IKEv2 on Standard VPN does not bring the tunnel down based on the configuration on the DPD timer. | 6.1.3 |
CGSDW-12698 This issue is resolved in ION version
6.1.5. | Network reachability for WAN to LAN traffic failing for non-CGNX sites. | 6.1.3, 6.1.1 |
CGSDW-12113 | Branch backup ION device displays as partially online following Hood maintenance. | 6.1.3 |
CGSDW-10819 This issue is resolved in ION version 6.0.3*, 6.1.2,
and 6.1.1. | On Prisma SD-WAN switching platforms, multicast packets, such as an LLDP packet, received on one interface of a bypass pair will loop between the two interfaces of the bypass pair. The workaround is to upgrade the device to version 6.1.2 or higher. | 6.1.1 |
CGSDW-8389 This issue is resolved in ION version 6.1.1. | Prisma Access tunnels configured manually will not support ADEM. | 6.1.1 |
CGSDW-7806 This issue is resolved in ION version 6.1.9. | The DHCP Relay chooses the secondary IP address instead of the primary IP address for sending a DHCP request. | 5.6.1 |
CGSDW-3440 | After an NTP time update or manual system time change, SCM fails to poll for stats from services. | 5.6.13 |