Prisma SD-WAN
Addressed Issues in Prisma SD-WAN ION Release 6.3
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
- Prisma SD-WAN Controller
-
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
-
-
-
- 6.5
- 6.4
- 6.3
- 6.1
- 5.6
- Prisma SD-WAN Controller
- Prisma SD-WAN On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Addressed Issues in Prisma SD-WAN ION Release 6.3
Learn about the issues addressed in Prisma SD-WAN ION release 6.3.x.
Learn more about the issues addressed in Prisma SD-WAN ION device release 6.3.
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.6
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.5
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.4
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.3
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.2
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.1
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.6
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.6 and various Hotfixes.
Release 6.3.6
| Issue ID | Description |
|---|---|
| CGSDW-34703 | Resolved an issue where mem leak as one of the bwm_server worker threads stuck on some recv_msg call. |
| CGSDW-33141 | Resolved an issue where Transit Traffic to dst port 67/68/69 are not forwarded by ION (Hub) to its core. |
| CGSDW-32037 | Resolved an issue where Scan traffic should not cause the device to crash/reboot. |
| CGSDW-33282 | Resolved an issue where Archive and save logs directory after any process crash or device reboot. |
| CGSDW-31944 | Resolved an issue where snmpd: High Memory Usage. |
| CGSDW-31702 | Resolved an issue where Hello, and the dead timer for LLDP on our ION is 30 seconds. |
| CGSDW-33237 | Resolved an issue where Control Plane Traffic prioritisation in ION. |
| CGSDW-31862 | Resolved an issue where Split brain for 3 minutes after fp-rte crash - 6.3.5-b4. |
| CGSDW-32903 | Resolved an issue where Flow getting ESTABLISHED with SYN and SYN-ACK only. |
| CGSDW-32621 | Resolved an issue where After upgrade from 6.1.x to 6.3.5-b4 Standby IONs are losing connectivity to controller. |
| CGSDW-32172 | Resolved an issue where Legitimate DIA traffic flows cause DPDK cores to be overutilized. |
| CGSDW-32075 | Resolved an issue where Stale route entry present when we have route learnt over Mutliple service links. |
| CGSDW-32551 | Resolved an issue where App-engine Crash: slice bounds out of range [:-1]. |
| CGSDW-31832 | Resolved an issue where frr closes bgp socket configured over servicelink when it flaps. |
| CGSDW-31959 | Resolved an issue where 6.3.5-b4 app-engine crash dhcp.go line 99 nil pointer dereference. |
| CGSDW-31858 | Resolved an issue where App-probe is disabled on element level, but we are still sending probes in 6.3.5-b4. |
| CGSDW-31505 | Resolved an issue where Stats are getting exported with label as private-direct for LAN to LAN traffic. |
| CGSDW-31320 | Resolved an issue where Avoid adding 0.0.0.0 to DNS based app-maps. |
| CGSDW-31237 | Resolved an issue where Propagate the fix to 6.3.6 from 5.6 release. |
| CGSDW-30883 | Resolved an issue where rtr_mgr_api exception observed due to timing issue in handling wanpaths update & delete. |
| CGSDW-29556 | Resolved an issue where FIPS: Cgnxinfra, remote login and service link connections are failing. |
| CGSDW-30069 | Resolved an issue where the ADEM probe was not working for the private app over the secure fabric. |
| CGSDW-30052 | Resolved an issue where ION not populating ARP responses on the WAN interface. |
Hotfix Release 6.3.6-b6
| Issue ID | Description |
|---|---|
| CGSDW-35903 | Resolved an issue where 6.3.6-b3 SNMP Counters ifInOctets and ifOutOctets are stalled causing BW utilization update issue for customers. |
| CGSDW-35884 | Resolved an issue where the PPPoE manager in the element manager (emif) process leaked resources, including memory and goroutines. |
| CGSDW-35843 | Resolved a memory leak in the bwm_server process caused by a worker thread becoming stuck on a recv_msg system call. |
| CGSDW-35784 | Resolved an issue where Port to 6.3.6 - SDWAN Element - Vulnerability: SHA1 deprecated setting for SSH. |
| CGSDW-35761 | Resolved an issue where 6.3.6 Porting : ION3200> admin status is incorrect from snmpwalk retrievals. |
| CGSDW-35701 | Resolved an issue where LAN egress out route table entry was missing in Active ION post switch-over. |
| CGSDW-35622 | Resolved an issue where data traffic was leaving out of the controller port of the DC ION because the controller prefix was not getting updated with the core peer IP. |
| CGSDW-35415 | Resolved a memory leak in the multicast process observed during continuous multicast traffic and join requests. |
| CGSDW-34795 | Resolved an issue where the default VRF remained down following an HA failover or upgrade. |
| CGSDW-34214 | Validated support for vION on Alibaba Cloud. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.5
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.5 and various Hotfixes.
Release 6.3.5
| Issue ID | Description |
|---|---|
| CGSDW-33555 | Resolved an issue on PA-9000 Series Hub devices where the processes crashed repeatedly. |
| CGSDW-31958 | Resolved an issue on ION devices where virtual interfaces encountered buffer exhaustion. |
| CGSDW-31611 | Resolved a process crash in the init_lan_to_wan_direction function on ION 3200 devices. |
| CGSDW-28329 | Resolved an issue where Backup-DC also advertising branch prefixes when the vyos peer flaps. |
| CGSDW-28214 | Resolved an issue where interface connected via bypass pair on ION2 goes down when ION1 is powered down. |
| CGSDW-28049 | Resolved an issue where dump-support all command does not capture syslog if there is a softlink. |
| CGSDW-28036 | Resolved an issue where The VPN OIDs are changing for each polling request. |
| CGSDW-27728 | Resolved an issue where fp-rte crash on 6.3.4-b2 leading to HA failover HW 5200. |
| CGSDW-26686 | Resolved an issue where Not seeing mss clamping happening for PPPoE interface with dpdk on 6.1.6. |
| CGSDW-27527 | Resolved an issue where the Fast Path CPU reached 100% utilization when processing custom AppMix traffic. |
| CGSDW-29116 | Resolved an issue where fp-rte restart is seen when fec applied exceeds the max limit. |
| CGSDW-29042 | Resolved an issue where LAN sub-interface on passive ION sending ARPs causing LAN disruption. |
| CGSDW-28712 | Resolved an issue where ifspd - unexpected end of data and other issues noted. |
| CGSDW-28187 | Resolved an issue where ION does not initiate SYN request over TCP 179 to establish BGP. |
| CGSDW-27498 | Resolved an issue where Default route is missing on sub interfaces after element is rebooted. |
| CGSDW-27462 | Resolved an issue where Flow dropped after app reclassification. |
| CGSDW-27542 | Resolved an issue where BGP Went Down when ION1 was made active during MW. |
| CGSDW-27359 | Resolved an issue where global stats are missing when high app thresholds are configured. |
| CGSDW-27387 | Resolved an issue where Traffic from Standard VPN is not routed to Branch through transit DC. |
Hotfix Release 6.3.5-b13
| Issue ID | Description |
|---|---|
| CGSDW-33696 | Resolved an issue where environments with large LAN subnets experienced high CPU utilization, latency, and packet loss. |
| CGSDW-33608 | Resolved a memory leak in the data path thread that led to Flow Controller (FC) restarts. |
| CGSDW-33422 | Resolved an issue where the log-agent, device_cert, and arp-monitor services remained active even when Device-ID was not enabled. |
Hotfix Release 6.3.5-b12
| Issue ID | Description |
|---|---|
| CGSDW-33480 | Resolved an issue where the BGP TCP listen socket was incorrectly deleted on Spoke devices when a BGP view was removed. |
| CGSDW-33008 | Resolved an issue where the fast path routing engine (fp-rte) experienced memory leaks and fragmentation under heavy workloads. |
| CGSDW-32984 | Resolved an issue where the resourcemgmt service caused high CPU and memory consumption. |
Hotfix Release 6.3.5-b11
| Issue ID | Description |
|---|---|
| CGSDW-33040 | Resolved an issue where the controller interface failed to program the default gateway following a device upgrade or reboot. |
| CGSDW-32910 | Resolved an issue where traffic failed to pass through bypass pairs following an HA failover. |
| CGSDW-32542 | Resolved an issue on HUB devices where the system incorrectly generated lan/state entries for every site prefix added. |
| CGSDW-32648 | Resolved an issue where the emif process could enter a deadlock, triggering watchdog restarts and interface flaps. |
| CGSDW-32270 | Resolved an issue where the firewall adds 0.0.0.0 to DNS-based application maps. |
Hotfix Release 6.3.5-b9
| Issue ID | Description |
|---|---|
| CGSDW-31276 | Resolved an issue where the fast path routing engine (fp-rte) crashed at fp_nf_bulk_hook. |
Hotfix Release 6.3.5-b8
| Issue ID | Description |
|---|---|
| CGSDW-30481 | Resolved an issue on WASP and SCAM platforms where packets were being dropped and recorded as interface errors. |
| CGSDW-27990 | Resolved an issue where the Flow Controller (FC) experienced memory leaks due to JSON object management. |
| CGSDW-31065 | Resolved an issue where the CPU temperature was not displayed on the controller statistics page. |
| CGSDW-26319 | Resolved an issue where the fast path routing engine (fp-rte) crashed during high-traffic scenarios. |
| CGSDW-27805 | Resolved an issue where the SNMP agent was not responding when a higher number of VPN tunnels were monitored. |
Hotfix Release 6.3.5-b6
| Issue ID | Description |
|---|---|
| CGSDW-30052 | Resolved an issue where ION not populating ARP responses on the WAN interface. |
Hotfix Release 6.3.5-b5
| Issue ID | Description |
|---|---|
| CGSDW-28326 | Resolved an issue where IPv6 ping commands were unable to ping a VPN FIB host using the LAN interface IP. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.4
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.4 and various Hotfixes.
Release 6.3.4
| Issue ID | Description |
|---|---|
| CGSDW-22259 | Resolved an issue where SNMPv3 not polling all interfaces on 9200s. |
| CGSDW-21320 | Resolved an issue where DHCP Non responsive on ION1200 SVI until config change or reboot. |
| CGSDW-21176 | Resolved an issue where Failed VLAN configuration not recovered. |
| CGSDW-21115 | Resolved an issue where FEC Action Not Being Displayed in FB For Inbound (DC to Branch). |
| CGSDW-20824 | Resolved an issue where Flush ipsec sa for service-link if service-link probe fails and times out. |
| CGSDW-26226 | Resolved an issue where DC HUB does not advertise route with /25 to core in certain scenarios. |
| CGSDW-26247 | Resolved an issue where fc-monitor crash seen in 9K with 6.3.4-a45. |
| CGSDW-24262 | Resolved an issue where Select only bestpath as reachable route. |
| CGSDW-25738 | Resolved an issue where Fixing issue in IPFIX socket connect. |
| CGSDW-22633 | Resolved an issue where FC security policy build time & memory optimisation improvement. |
| CGSDW-25586 | Resolved an issue where GRE with FIPS mode is not working. |
| CGSDW-25152 | Resolved an issue where L3/L4 UDP apps classified as unknown post switchover. |
| CGSDW-24485 | Resolved an issue where FC process restart on 6.1.6. |
| CGSDW-24482 | Resolved an issue where HMAC Integrity failing for controller ca chain. |
| CGSDW-24269 | Resolved an issue where APP CUSTOM RULE CONFLICT (GOOGLE-MEET) is raised for a system app. |
| CGSDW-24112 | Resolved an issue where HMAC Integrity Check is skipped for python packages. |
| CGSDW-24400 | Resolved an issue where UserID Agent crashes with IPv6 mapping. |
| CGSDW-24273 | Resolved an issue where Interface shut is not removing v6 default route from FIB entry. |
| CGSDW-24099 | Resolved an issue where some interfaces lack ip rule programming with 2K VRFs. |
| CGSDW-22072 | Resolved an issue where Handling rtr_mgr_api memory increase. |
| CGSDW-20234 | Resolved an issue where Virtual interface not passing traffic. |
| CGSDW-23395 | Resolved an issue where Backup ION lost controller connections intermittently after upgrade. |
| CGSDW-19833 | Resolved an issue where T-Mobile 5G IPv6 connectivity issues. |
| CGSDW-23397 | Resolved an issue where snmp_network_discovery service is restarting every 1 hour. |
| CGSDW-22389 | Resolved an issue where Removing firewall doesn't stop app probe for a public direct path. |
| CGSDW-23221 | Resolved an issue where ionhwd process consuming high memory. |
| CGSDW-23098 | Resolved an issue where Overlapping IPs is broken in VRF. |
| CGSDW-22700 | Resolved an issue where Overlay dhcp-relay do not work with custom VRF. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.3
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.3 and various Hotfixes.
Release 6.3.3
| Issue ID | Description |
|---|---|
| CGSDW-22192 | Resolved an issue where core.fp-rte failure occurred during abrupt traffic stops. |
| CGSDW-22281 | Resolved an issue where app-probe crash seen in branch device. |
| CGSDW-21181 | Resolved an issue where vION needs support for AWS IMDSv2 for metadata. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.2
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.2 and various Hotfixes.
Release 6.3.2
| Issue ID | Description |
|---|---|
| CGSDW-20631 | Resolved an issue where log-agent failed to process all DHCP messages. |
| CGSDW-21868 | Resolved an issue where outbound SSH6 connections were not functioning correctly. |
| CGSDW-21580 | Resolved an issue where backup IONs were unable to establish connection to the controller. |
| CGSDW-21836 | Resolved an issue where SVI VRF creation failed if the name exceeded 9 characters. |
| CGSDW-21116 | Resolved an issue where outbound SSH was not supported on controller interfaces. |
| CGSDW-21607 | Resolved an issue where sequencing of VRF and interface config caused setup errors. |
| CGSDW-21698 | Resolved an issue where static ARP entries were not added correctly during config updates. |
| CGSDW-21300 | Resolved an issue where DHCP server failed with same subnet controller/LAN ports. |
| CGSDW-19628 | Resolved an issue where return traffic from Hub to Branch was invisible in Flow Browser. |
| CGSDW-21381 | Resolved an issue where unused App-ID element memory was not released. |
| CGSDW-21025 | Resolved an issue where service link path was incorrectly cached post-detachment. |
| CGSDW-20241 | Resolved an issue where ICMP traffic experienced packet loss in non-default VRFs. |
| CGSDW-20382 | Addressed security vulnerabilities in OpenSSH (CVE-2023-51385). |
| CGSDW-19542 | Ensured ION devices are protected against SSH Terrapin attacks. |
| CGSDW-21088 | Resolved an issue where static ARP entries were incorrectly applied to standby devices. |
| CGSDW-17904 | Resolved an issue where interface status command failed to display link modes. |
| CGSDW-20864 | Resolved an issue where leaked VPN prefixes were incorrectly removed on the Hub device. |
| CGSDW-20807 | Resolved an issue where VPN forwarding entries for global VRF were invisible post-upgrade. |
| CGSDW-20649 | Resolved a memory leak in the SNMP daemon process. |
| CGSDW-20671 | Resolved false RADIUS server unreachable incidents. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.1
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.1 and various Hotfixes.
Release 6.3.1
| Issue ID | Description |
|---|---|
| CGSDW-17886 | Resolved an issue where traffic failed to flow correctly over service links. |
| CGSDW-16932 | Resolved an issue where the Zoom Phone application definition was missing required prefixes. |
| CGSDW-16269 | Resolved fragment reassembly performance issues. |
| CGSDW-21512 | Resolved inconsistent bypass pair latch behavior during power-off. |
| CGSDW-21119 | Resolved bypass ports remaining in bypass mode after device declaim. |
| CGSDW-19674 | Resolved memory corruption in DPDK mempools. |
| CGSDW-16172 | Resolved ZBFW treatment inconsistency for LAN traffic. |
| CGSDW-19778 | Resolved remote access process restarts during active sessions. |
| CGSDW-19466 | Resolved slow device-to-controller connection establishment post-reboot. |
| CGSDW-15212 | Resolved virtual interface traffic failures on specific ION models. |
| CGSDW-18816 | Resolved missing interface gateway IPs due to flapping post-upgrade. |
| CGSDW-18954 | Resolved IPFIX issues with controller interface source. |
| CGSDW-15661 | Resolved memory leak in VPN process during ZeroMQ operations. |
| CGSDW-15258 | Resolved intermittent offline status due to FC restarts. |
| CGSDW-15201 | Resolved zero value display for ingress bandwidth utilization. |
| CGSDW-14766 | Resolved stale BGP config persistence after peer deletion. |