Strata Cloud Manager
Known Issues
Table of Contents
Known Issues
See the fixes we're working on, or have recently fixed, in Strata Cloud
Manager.
Review the issues we're working to fix in Strata Cloud Manager.
These are known issues found in the Strata Cloud Manager
platform. You can also review in-progress fixes for the subscriptions and products
supported for Strata Cloud Manager here:
Cloud-Delivered Security Services (CDSS) docs:
Management Known Issues
ID | Description |
|---|---|
ADI-28195 | The configuration push fails if you attempt to partially push the
ssl-tls-service-profile with a max version, even when
the service profile doesn't have a max version defined.Workaround : To resolve this issue, you must perform a full
push. |
ADI-19128 | When configuring a Security policy rule ( Manage Configuration NGFW and Prisma Access Security Services Security Policy Manage Configuration NGFW and Prisma Access Access Control Scope Management |
ADI-31050 | Proxy zone is not listed in dropdown while creating an interface.
Proxy zone is a default zone like local or internet, but in the api
response, it doesn't have the interface type/layer values. |
ADI-30721 | Newly onboarded firewall shows conflicts and when clicked on,
there are no conflicts for them. Also, some objects that we don't
support in Strata Cloud Manager are also shown. |
ADI-30404 | With remote networks internal gateway enabled, when portal
authentication profile iss modified from SAML to Local User, the
show global-protect-gateway gateway does not
show the authentication profile correctly. |
ADI-30298 | DHCP Relay local config from firewall comes up with resolved
interfaces, but on Strata Cloud Manager cannot create a conflict
with SET command because its interfaces are variables. |
ADI-30165 | TACACS+ server timeout value is not shown for firewall config
diffs, even though it is configured. |
ADI-30111 | Compare config shows a difference between variable and actual
value. |
ADI-30089 | ECDSA cert reverts back to default when set to None under GP
folder. |
ADI-28737 | Remote networks explicit proxy IP addresses are not visible in
Strata Cloud Manager . |
ADI-28491 | The load config version command throws a 504
Gateway timeout error. |
ADI-27372 | For Panorama-Managed Prisma Access multitenant environments,
Policy Analyzer analysis results are not available for
sub-tenants. |
ADI-26149 | The HTTP header value field supports only 512 characters. |
ADI-25875 | When no remote networks configs are present but cden configs are
present, bandwidth management does not display the per region
bandwidth allocation. Instead, it is set up as day-0. |
ADI-25723 | Call /spiffy/v1/bp/result/policies/security_rule for a
tenant. Result: id = 3 has old check_name 'The rule Description is not
populated'. The response will contain the old name. Even when
new BPA analysis has been completed - the check_name remains the
same. |
ADI-25671 | If you use a signature in an Anti-Spyware policy rule, you are
unable to change the Action that Strata Cloud Manager takes when it
detects the signature. |
ADI-25526 | In Safari browser, the Project tab sometimes disappears. |
ADI-25507 | When you enable Remote Browser Isolation (RBI) widget from the
URL page, do not add any infrastructure settings, and create all RBI
related configs and push, RBI configs are not present on the
firewall. |
ADI-25415 | Navigating to the IP allow list page in Mobile
Users results in an automatic update to allow list
IP addresses. |
ADI-25231 | Creating a new project name may throw an error: "invalid
x-paths". |
ADI-24630 | Validation Error on assign and push:, devices
localhost.localdomain -> container ->Global -> pre-rulebase ->
security -> rules -& |
ADI-22188 | validity-check.xsl transform does not run/catch integrity failure
for Prisma Access configs. |
ADI-20068 | ZTNA Connector microapp for Fawkes tenants on sase portal should
not be used by any tenants with 10.2.* AMI version. |
Command Center Known Issues
ID | Description |
|---|---|
— | The Command Center is always updated with the latest
data and metrics, and may not match what is available in
Activity Insights or other
dashboards.Security subscription counts, action counts, and
metrics provided in the command center bubbles display the
latest data available at the time. This is due to a few different things:
You may see this data in the following command center
views (including widgets, bubbles, and data flows):
|
AIOPS-9888 | In the Users tab of Activity
Insights , the Monitored Users
count does not accurately reflect the total count of actual
monitored users. It includes branch user |
NETVIS-962 | In the views of the command center, public traffic may be
classified as Internal Hosts under the
Other bubble when security rules are set
to Allow All . |
NETVIS-955 | In the views of the command center, the IoT
Devices bubble count does not display the expected
count of devices and does not match what is in the ( dashboard.Monitor Assets |
NETVIS-927 | In the Threats view of the command center, the URL
Filtering bubble always shows 0 applications and data
transferred when following through to the Monitor
dashboard. |
NETVIS-924 | The Strata Cloud Manager command center will be
unavailable in the following regions at launch:
|
NETVIS-919 | In the Data Security view, the sensitive data
users shows users who have uploaded or downloaded any sensitive
data that is detected through Prisma Access or NGFWs, as well as
any internal users and services accounts who have interacted
with sensitive data in any of the connected apps. Summary view. |
NETVIS-892 | In the Data Security view of the command
center, the Sensitive Data Users bubble displays the
total count of discovered users, not just sensitive
users.Work around: Use the SaaS Security
dashboard (CASB > SaaS Security) . |
NETVIS-806 | In the command center views, the IoT Devices count bubble
may be 0 if Strata Logging Service Next-Generation Firewall
logs do not have IoT attributes. |
NETVIS-736 | In the Operational Health view of the command center, when
following through on Device Health links, time-based filters
available in the command center are not available in those
pages. |
NETVIS-611 | In the Operational Health view of the command center, when
filtering by the NGFW bubble and opening the NGFW Device
Health links, the data in the command center may no longer
auto refresh every 5 minutes as intended. |
NETVIS-593 | In the Threats view of the
command center, when filtering data with the DNS
Security bubble, the malicious requests include
high risk requests, not just malicious requests. The malicious requests count might appear larger than
it actually is because of this. |
NETVIS-535 | In the Operational Health view of the command
center, all apps will be classified as Internet Apps . ADEM will be adding support for application
categorization soon. |
NETVIS-479 | In the Data Security view of the command center,
the Incidents count breakdown by Severity may be
lower than anticipated. Severity is not found in all incidents,
resulting in them being classified as “Low” instead of their
actual severity. |
NETVIS-477 | In the Data Security view of the command center, the SaaS
API incident count in the Security Subscriptions widget is
incorrect. |