Prisma Access Addressed Issues

The following topics describe issues that have been addressed in Prisma Access:

Prisma Access 2.2.0-h44 Preferred Addressed Issues

Issue ID
Description
CYR-24578
Fixed an issue where, when renewing the certificate you use for the GlobalProtect app and Autonomous DEM, a message indicated that the certificate generated successfully, but a new certificate was not created because the existing certificate was still valid.
CYR-24263
Fixed an issue where DLP Data Filtering settings were being overwritten by settings in the Cloud Services plugin.

Prisma Access 2.2.0-h42 Preferred Addressed Issues

Issue ID
Description
CYR-23400
Fixed an issue where, when migrating from a single tenant to a multi tenant Prisma Access-Prisma SD-WAN deployment, remote network tunnels failed during plugin upgrade to 3.
x
.
CYR-23230
Fixed an issue where remote network tunnels did not migrate successfully when migrating from a single tenant to a multi-tenant Prisma Access-Prisma SD-WAN deployment.
CYR-22269
Fixed an issue where the remote network Inbound Access tab did not display in the Panorama UI.

Prisma Access 2.2.0-h40 Preferred Addressed Issues

Issue ID
Description
CYR-22125
Fixed an issue where you could not export security policy rules from the Mobile_User_Device_Group and Remote_Network_Device_Group.
CYR-21880
Fixed an issue where a Prisma Access FedRAMP deployment had a default portal name of gpcloudservice.com instead of fed.prismaaccess.com.
CYR-22937
Fixed an issue where an incorrect message was displayed after enabling the Directory Sync component of the Cloud Identity Engine in Prisma Access.
CYR-23453
Fixed an issue where the Cloud Services Plugin 2.2.0 hotfix version blocked service connections and remote network connections that have identical BGP Primary and Secondary WAN IP Local Addresses (either IPv4 or IPv6 addresses).
CYR-15338
Fixed an issue where, in a multi-tenant environment, tenant names with a period (.) in the name caused configuration tabs to be grayed out after commit.

Prisma Access 2.2.0-h35 Preferred Addressed Issues

Issue ID
Description
CYR-22745
Fixed an issue where the secret could not be retrieved to allow communication between Prisma SD-WAN and Prisma Access.

Prisma Access 2.2.0-h34 Preferred Addressed Issues

Issue ID
Description
CYR-22234
Fixed an issue where, when attempting to select a Master Device in a Mobile Users—GlobalProtect, Mobile Users—Explicit Proxy, or Remote Network deployment, an
Operation Failed
message was received.

Prisma Access 2.2.0-h30 Preferred Addressed Issues

Issue ID
Description
CYR-21950
Fixed an issue where, after installing a Prisma SD-WAN CloudBlade for use with Prisma Access, the message
Migration is in progress. Will retry in some time again
persisted after 12 hours.
CYR-21949
Fixed an error where, during Prisma SD-WAN CloudBlade setup with Prisma Access, an error relating to an SSL certificate problem was received.
CYR-21801
Fixed an issue where commit validation allowed the use of a multicast IPv6 range in the infrastructure subnet.
CYR-21434
Fixed an issue where, when entering CLI commands on a multitenant Prisma Access deployment, the command returned an error of
Invalid syntax
.

Prisma Access 2.2.0-h25 Preferred Addressed Issues

Issue ID
Description
CYR-21636
Fixed an issue related to onboarding Prisma SD-WAN to a Prisma Access deployment.
CYR-19816
Fixed an issue where, if you are configuring multiple Prisma Access components and select multiple components in the Push Scope, an error is returned that not all commit jobs were triggered.
This fix requires that the Panorama that manages Prisma Access is running a minimum version of 10.1.4.
If you cannot upgrade your Panorama version to 10.1.4, the workaround is to select
Commit
Commit and Push
,
Edit Selections
, and in the
Prisma Access
tab, make sure that the
Push Scope
includes the changes you made for the Prisma Access configuration. Depending on the changes you made, select one or more of the
Remote Networks
,
Mobile Users
,
Service Setup
, and
Explicit Proxy
choices.

Prisma Access 2.2.0-h22 Preferred Addressed Issues

Issue ID
Description
CYR-21049
Fixed an issue where, after an Autonomous DEM evaluation license expired and you selected
Disable Autonomous DEM
, the UI displayed a pop-up window that indicated that there was an error when disabling Autonomous DEM.
CYR-20966
Fixed an issue where EDL status could not be retrieved in the Troubleshooting Commands area of Panorama.
CYR-19657
Prisma Access has been authorized for FedRAMP Moderate support.
CYR-1049
Fixed an issue where, after onboarding a service connection, you could not add additional subnets for static routes.

Prisma Access 2.2.0-h7 Preferred Addressed Issues

Issue ID
Description
CYR-20369
Fixed an issue where, after an upgrade to 2.2 Preferred, an error was received when making configuration changes to remote networks.

Prisma Access 2.2.0 Preferred Addressed Issues

Issue ID
Description
CYR-19566
Fixed issues related to cleanup of the Prisma Access backend after a delete operation.
CYR-19350
Fixed an issue where, when any change was made to an authentication profile, the LDAP server or local user database in a shared context removes the user group mapping information from Prisma Access.
CYR-17710
Fixed an issue where, when using DLP to check a downloaded .xlsx file, the original size of the file is below the maximum DLP file size. However, after the file is extracted, the file size exceeds the maximum file size for DLP and a
400 Bad request
error is received.
CYR-16549
Fixed an issue where, after a commit and push operation, jobs either become stuck in
init
state or fail to complete.
Workaround
: The issue might be with an EDL update being processed at the same time as the commit operation. To workaround the issue, select
Objects
External Dynamic Lists
and change the
Check for updates
setting from
Every five minutes
to
Hourly
or later.

Prisma Access 2.1.0-h8 Preferred Addressed Issues

Issue ID
Description
CYR-17975
Fixed an issue where, after an upgrade to the 2.0 or 2.1 Preferred plugin, you could not view status information for a location.
CYR-17039
Fixed an issue where, after clicking the
Monitor
tab to check service connection or mobile user details, the UI did not display pertinent data.
CYR-15937
Fixed an issue where Prisma Access reported spurious errors when making configuration changes if Internal Host Detection was enabled.

Prisma Access 2.1.0-h4 Preferred Addressed Issues

Issue ID
Description
CYR-18368
Fixed an issue where, if you had a Prisma Access Edition license that is for Mobile Users only or Remote Networks only, the URL example that displayed in the API key window under the existing API endpoint section was incorrect.
CYR-17829
Fixed the following issues regarding admin users in a multi-tenant deployment:
  • A user made configuration changes, but the changes could not be committed, and the UI displays a
    No pending change to commit
    message.
  • A user who can make changes to more than one tenant (that is, a user who has been assigned multiple access domains) received an
    Unauthorized request
    error when switching between tenants.
CYR-16572
Fixed an issue where, after a Cloud Services plugin upgrade, after selecting
Panorama
Cloud Services
Status
Monitor
and then selecting either
Service Connection
or
Mobile Users
, a new window with additional information did not display when you select a region in the map.

Prisma Access 2.1.0-h11 Innovation Addressed Issues

Issue ID
Description
CYR-19864
Fixed an issue where, when importing a CSV file to onboard remote networks, an error message of
type constraints failed : the local ID type is invalid
displayed. This condition only occurs when the
Secondary WAN
is enabled and the
Local-ID
and
Type
are set in the IKE Gateway Profile.

Prisma Access 2.1.0-h6 Innovation Addressed Issues

Issue ID
Description
CYR-19128
Fixed an issue where, after an upgrade from 2.0 Preferred to 2.1 Innovation, DNS proxy settings were removed in the UI and an error
domain-list-unexpected here
was displayed.
CYR-18703
Fixed an issue where, when configuring Explicit Proxy, a PAC file that was more than 2 KB could not be uploaded successfully. Explicit proxy supports a maximum PAC file size of 256 KB.
CYR-17039
Fixed an issue where, after clicking the
Monitor
tab to check service connection or mobile user details, the UI did not display pertinent data.

Prisma Access 2.1.0 Innovation Addressed Issues

Issue ID
Description
CYR-18368
Fixed an issue where, if you had a Prisma Access Edition license that is for Mobile Users only or Remote Networks only, the URL example that displayed in the API key window under the existing API endpoint section was incorrect.
CYR-17868
Fixed an issue where, when attempting to retrieve Logging Status information from Troubleshooting Commands (
Panorama
Cloud Services
Configuration
Service Setup
Service Operations
Troubleshooting Commands
) and selecting
All
locations or
All
remote networks, the request timed out.
CYR-17421
Fixed an issue where, when changing the Backbone Routing modes, administrators were not made aware that changing the modes could result in a brief interruption (up to two minutes) to the traffic flow between service connections.
CYR-17402
Fixed an issue where remote networks that aggregate bandwidth by compute location instead of by location could not be onboarded in bulk by exporting, modifying, and then importing a CSV file.
CYR-17274
Fixed an issue where, after a dataplane upgrade in a multi-tenant deployment, checking the status of a tenant from
Panorama
Cloud Services
Status
showed an inconsistent state.
CYR-16875
Fixed an issue where an administrator could not import a domain list in Mobile Users and Remote network configurations (
Panorama
Cloud Services
Configuration
Mobile Users / Remote Networks
Onboarding
Network Services
Internal Domain
Domain List
Import
) from any Windows client browsers.
CYR-16664
Fixed an issue where, if Directory Sync is enabled for explicit proxy, the current user count displayed as 0, but the 90 days count displayed correctly.
CYR-16662
Fixed an issue where, when in multi-tenant mode, an empty field displayed in the
Push Scope
.
CYR-16448
Fixed an issue where, on rare occasions, Open Shortest Path First (OSPF) links flapped.
CYR-14383
Fixed an issue where, when using an antivirus profile attached to a security policy rule, files were not being scanned during an FTP session.
CYR-13702
Fixed an issue where, when you selected
Panorama
Cloud Services
Status
Monitor
Cortex Data Lake
, the Service Status area displayed
No data to display
, even though Cortex Data Lake was working normally.

Prisma Access 2.0.0-h10 Preferred Addressed Issues

Issue ID
Description
CYR-17034
Fixed an issue where a commit error was received after upgrading from Prisma Access 1.7 or 1.8 to 2.0 Preferred.

Prisma Access 2.0.0-h9 Preferred Addressed Issues

Issue ID
Description
CYR-17034
Fixed an issue where, when adding bandwidth for a new remote network, Prisma Access incorrectly displayed a message that the available bandwidth was exceeded.
CYR-15937
Fixed an issue where Prisma Access reported spurious errors when making configuration changes if Internal Host Detection was enabled.

Prisma Access 2.0.0-h6 Preferred Addressed Issues

Issue ID
Description
CYR-17421
Fixed an issue where, when changing the
Backbone Routing
modes, administrators were not made aware that changing the modes could result in a brief interruption (up to two minutes) to the traffic flow between service connections.
CYR-17240
Fixed an issue where the URL of the endpoint did not populate in the API Key window (
Panorama
Cloud Services
Configuration
Service Setup
Generate API Key
).
CYR-17100
Fixed an issue where the license expiration date was displayed in an incorrect format.

Prisma Access 2.0.0-h2 Preferred Addressed Issues

Issue ID
Description
CYR-17244
Fixed an issue where, after an upgrade from DLP on Prisma Access to the DLP plugin, there was a conflict between the Cloud Services plugin and the DLP plugin when rendering pages in the
Monitor
tab in Panorama.
CYR-17184
Fixed an issue where invalid domain names with wildcards such as .panw.*local were not called out as invalid during a commit operation. Domain names with wildcards such as *.panw.local are allowed.
CYR-17066
Fixed an issue where, in a multi-tenant deployment, exception errors were displayed because of inconsistent internal database entries.
CYR-16972
Fixed an issue with the license expiration warning for Prisma Access Edition licenses when the license was within 90 days of expiring.
CYR-16969
Fixed an issue where, after an upgrade from a legacy Prisma Access license to the new Prisma Access Edition licenses, the legacy Prisma Access licenses were still being displayed.

Prisma Access 2.0 Preferred Addressed Issues

Issue ID
Description
CYR-16435
Fixed an issue where GlobalProtect user traffic did not correctly match Security policy rules that had host information profile (HIP) objects and profiles.
CYR-16423
Fixed an issue where Data Loss Prevention (DLP) did not support the upload of Office Open XML (OOXML) files generated from Google suite applications such as Google Docs, Slides, and Sheets.
CYR-15981
Fixed an issue where, in a multi-tenant deployment, exception errors were displayed because of inconsistent internal database entries.
CYR-15904
Fixed an issue where, after selecting Enable automatic IKE peer host routes for Remote Networks and Service Connections, the static IKE peer host route IP address was not installed.
CYR-15867
Fixed an issue where an error was received while generating a client certificate using CLI. This certificate allows communication between the GlobalProtect app and Cortex Data Lake.
CYR-15321
Fixed an issue where, when mobile users were logging in to GlobalProtect, the one-time push (OTP) window that had the information required to log in using multi-factor authentication (MFA) was hidden behind the MFA window.
CYR-15099
Fixed an issue where new shared objects that are created after enabling multi-tenancy are not available for selection in a traffic steering rule.
CYR-15042
Fixed an issue where auto-population of users and user groups from a master device were not supported in multi-tenant mode.
CYR-14961
Fixed an issue where, because an internal symmetric check was removed for traffic between service connections (Corporate Access Nodes) starting with Prisma Access 2.0 Preferred, some datacenter-to-datacenter (service connection-to-service connection) traffic originating from or behind a service connection might be logged twice.
CYR-14876
Fixed an issue where, if you edit traffic steering rules or enable a default route over service connections after you migrate from single tenant to multi-tenant mode, the push scope for Prisma Access Device Groups is not populated.
CYR-14584
Fixed an issue where UDP packets that Prisma Access received between 1439 and 1500 bytes were dropped in some situations (for example, if NAT Traversal is enabled).
CYR-14535
Fixed an issue where, because an internal symmetric check was removed for traffic between service connections (Corporate Access Nodes) starting with Prisma Access 2.0 Preferred, some datacenter-to-datacenter (service connection-to-service connection) traffic originating from or behind a service connection could bypass an application override.

Prisma Access 2.0.0-h6 Innovation Addressed Issues

Issue ID
Description
CYR-17204
Fixed an issue where, during a restart or reboot of Panorama, existing cloud licenses were not being correctly detected.
CYR-16801
Fixed an issue where, when using explicit proxy, large HTTP file downloads are frequently interrupted.
Workaround
: Keep resuming the download until the file is completely downloaded. This issue is not seen when downloading HTTPS files.

Prisma Access 2.0.0-h5 Innovation Addressed Issues

Issue ID
Description
CYR-17240
Fixed an issue where the URL of the endpoint did not populate in the API Key window (
Panorama
Cloud Services
Configuration
Service Setup
Generate API Key
).
CYR-16972
Fixed an issue where invalid domain names with wildcards such as .panw.*local were not called out as invalid during a commit operation. Domain names with wildcards such as *.panw.local are allowed.

Prisma Access 2.0.0-h3 Innovation Addressed Issues

Issue ID
Description
CYR-17244
Fixed an issue where, after an upgrade from DLP on Prisma Access to the DLP plugin, there was a conflict between the Cloud Services plugin and the DLP plugin when rendering pages in the
Monitor
tab in Panorama.
CYR-17184
Fixed an issue where invalid domain names with wildcards such as .panw.*local were not called out as invalid during a commit operation. Domain names with wildcards such as *.panw.local are allowed.
CYR-17066
Fixed an issue where, in a multi-tenant deployment, exception errors were displayed because of inconsistent internal database entries.

Prisma Access 2.0 Innovation Addressed Issues

Issue ID
Description
CYR-16435
Fixed an issue where GlobalProtect user traffic did not correctly match Security policy rules that had host information profile (HIP) objects and profiles.
CYR-16423
Fixed an issue where Data Loss Prevention (DLP) did not support the upload of Office Open XML (OOXML) files generated from Google suite applications such as Google Docs, Slides, and Sheets.
CYR-15981
Fixed an issue where, in a multi-tenant deployment, exception errors were displayed because of inconsistent internal database entries.
CYR-15904
Fixed an issue where, after selecting Enable automatic IKE peer host routes for Remote Networks and Service Connections, the static IKE peer host route IP address was not installed.
CYR-15867
Fixed an issue where an error was received while generating a client certificate using CLI. This certificate allows communication between the GlobalProtect app and Cortex Data Lake.
CYR-15321
Fixed an issue where, when mobile users were logging in to GlobalProtect, the one-time push (OTP) window that had the information required to log in using multi-factor authentication (MFA) was hidden behind the MFA window.
CYR-15099
Fixed an issue where new shared objects that are created after enabling multi-tenancy are not available for selection in a traffic steering rule.
CYR-15042
Fixed an issue where auto-population of users and user groups from a master device were not supported in multi-tenant mode.
CYR-14961
Fixed an issue where, because an internal symmetric check was removed for traffic between service connections (Corporate Access Nodes) starting with Prisma Access 2.0 Preferred, some datacenter-to-datacenter (service connection-to-service connection) traffic originating from or behind a service connection might be logged twice.
CYR-14876
Fixed an issue where, if you edit traffic steering rules or enable a default route over service connections after you migrate from single tenant to multi-tenant mode, the push scope for Prisma Access Device Groups is not populated.
CYR-14584
Fixed an issue where UDP packets that Prisma Access received between 1439 and 1500 bytes were dropped in some situations (for example, if NAT Traversal is enabled).
CYR-14535
Fixed an issue where, because an internal symmetric check was removed for traffic between service connections (Corporate Access Nodes) starting with Prisma Access 2.0 Preferred, some datacenter-to-datacenter (service connection-to-service connection) traffic originating from or behind a service connection could bypass an application override.
CYR-14382
Fixed an issue where, when using WildFire in remote network deployments, if you upgraded your Prisma Access dataplane to a version of 10.0.3 or later, you could not retrieve the latest WildFire signatures in real-time.
CYR-13370
Fixed an issue where External Dynamic Lists (EDLs) were not supported when using traffic forwarding rules to direct internet-based traffic to service connections.
CYR-10623
Fixed an issue where, when you checked the status in a multi-tenant deployment by selecting
Panorama
Cloud Services
Status
, the information in the
All Tenants
area displayed twice.
CYR-10387
Fixed an issue where, if you have DLP on Prisma Access enabled for more than one Prisma Access instance in a single Customer Support Portal (CSP) account, data filtering profiles were synchronized across all instances.

Prisma Access 1.8.0-h3 Addressed Issues

Issue ID
Description
CYR-16148
Fixed the following issues when viewing the status information for a Clean Pipe deployment:
  • Status showed as not being configured when it was configured.
  • Status information was out of sync with the actual configuration.

Prisma Access 1.8.0-h2 Addressed Issues

Issue ID
Description
CYR-15981
Fixed an issue where, in a multi-tenant deployment, exception errors were displayed because of inconsistent internal database entries.
CYR-15904
Fixed an issue where, after selecting
Enable automatic IKE peer host routes for Remote Networks and Service Connections
, the static IKE peer host route IP address was not installed.
CYR-15867
Fixed an issue where an error was received while generating a client certificate using CLI. This certificate allows communication between the GlobalProtect app and Cortex Data Lake.

Prisma Access 1.8.0-h1 Addressed Issues

Issue ID
Description
CYR-15346
Fixed an issue where data filtering profiles were not being created for mobile user device groups.

Prisma Access 1.8 Addressed Issues

Issue ID
Description
CYR-15095
Fixed an issue where, when using Panoramas with a version of 10.0 to manage Prisma Access, if you reference an EDL with a Type of Predefined URL List in a security policy rule, commits failed with an error indicating a disallowed keyword, invalid reference, or invalid category.
CYR-14902
Fixed an issue where, if you allocated bandwidth when onboarding a remote network location and then reselected the same location or choose another location in the same compute location without clicking
OK
, the allocate bandwidth window redisplayed.
CYR-14278
Fixed an issue where, when you make changes to traffic steering forwarding rules, then commit and push your changes, your changes do not appear in the Push Scope.
CYR-14259
Fixed an issue where, when you created a traffic forwarding rule for traffic steering, predefined URL categories might display as choices.
CYR-13772
Fixed an issue where External Dynamic Lists (EDLs) were not supported when using traffic forwarding rules to direct internet-based traffic to service connections.
CYR-13652
Fixed an issue where, if you configured traffic steering in multi-tenancy mode, the Target Service Connections did not display in the policy-based traffic steering rule.
CYR-13290
Fixed an issue where, if you were using URLs or URL categories as a match criteria in a policy-based forwarding rule for traffic steering, the initial packets (for example, a TCP handshake) intermittently did not match the rule for the users who connected to a matching URL for the first time.

Recommended For You