Addressed Issues

Here are issues that we’ve recently fixed for Cloud Managed Prisma Access, where you’re using the Prisma Access app as your management interface.
If you’re using Panorama to manage Prisma Access, refer to the Panorama Managed Prisma Access release notes instead for the latest updates.
When first setting up mobile users with GlobalProtect, the button to Set Up Infrastructure Settings might appear to be disabled. Refresh your browser once or twice to fix the issue.
The option to hide the best practice checks panel sometimes does not work, and the panel continues to display.
The Guided Onboarding walkthroughs are for first-time setup. This means that they might not complete if you already have configuration in place. So before you begin, check that the configuration is clear for the type of deployment you want to set up (mobile users, remote networks, or service connections).
If you are configuring multiple service connections to redistribute identity data to remote networks, and you encounter an error saving the data types you want to redistribute, try toggling between the service connection and remote networks configurations to reset the issue:
Authentication rules now require you to specify a Service Entity and URL Category Entity. Previously, these fields weren’t required. Authentication rules that were configured before this changed, will continue to work. However, if you try to modify these rules, you’ll need to add a Service Entity and URL Category Entity to the rule before you can save it.
Setting up an auto-tag based on the description field in an authentication log will show an error. To move forward and bypass the error, modify the filter so that it reads (
contains abcd) and does not use the default filter (
contains abcd).
When viewing only expired certificates on the Certificate Management page (
Certificate Management
), the number indicating the amount of matching certificates continues to display the number of
certificates and is not the number of expired certificates.
SSL/TLS service profiles do not yet provide support for TLS 1.3.
Custom URL categories that are based on a category match are not supported as part of a traffic steering rule.
Auto-tag rules that target the X-Forwarded-For header associated with a log entry are not supported.
ADI-5198, ADI-5196
To add a a source or destination address to a service connection traffic forwarding rule, you must either:
  • directly type in the IP address subnet or
  • create an address object in the Prisma Access location, and add that address object to an address group. Then, reference the address object in the traffic forwarding rule.
If you use an address object that is local to the service connection in a traffic forwarding rule, you'll see an error when you try to save the rule.
Tunnel and config status is sometimes not displayed for a remote network site when you visit the Remote Networks Setup page (Manage > Remote Networks > Remote Networks Setup). Refresh your browser if you see this issue and tunnel and config status will show up.
Cloning a mobile user security policy rule causes the new, cloned rule to appear as a Prisma Access post rule, instead of a security rule that is specific to that mobile user environment.
To set up decryption, you must use custom certificates. The default decryption certificates are not supported.

Recommended For You