Prisma SD-WAN
Addressed Issues in Prisma SD-WAN ION Release 6.3
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
- New Features Guide
-
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
-
-
-
- 6.5
- 6.4
- 6.3
- 6.2
- 6.1
- 5.6
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Addressed Issues in Prisma SD-WAN ION Release 6.3
Learn about the issues addressed in Prisma SD-WAN ION release 6.3.x.
Learn more about the issues addressed in Prisma SD-WAN ION device release 6.3.
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.6
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.5
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.4
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.3
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.2
- Addressed Issues in Prisma SD-WAN ION Device Release 6.3.1
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.6
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.6 and various Hotfixes.
Release 6.3.6
| Issue ID | Description |
|---|---|
| CGSDW-34703 | Resolved an issue where mem leak as one of the bwm_server worker threads stuck on some recv_msg call. |
| CGSDW-33141 | Resolved an issue where Transit Traffic to dst port 67/68/69 are not forwarded by ION (Hub) to its core. |
| CGSDW-32037 | Resolved an issue where Scan traffic should not cause the device to crash/reboot. |
Hotfix Release 6.3.6-b6
| Issue ID | Description |
|---|---|
| CGSDW-35903 | Resolved an issue where 6.3.6-b3 SNMP Counters ifInOctets and ifOutOctets are stalled causing BW utilization update issue for customers. |
Hotfix Release 6.3.6-b5
| Issue ID | Description |
|---|---|
| CGSDW-35784 | Resolved an issue where Port to 6.3.6 - SDWAN Element - Vulnerability: SHA1 deprecated setting for SSH. |
| CGSDW-35761 | Resolved an issue where 6.3.6 Porting : ION3200> admin status is incorrect from snmpwalk retrievals. |
| CGSDW-35701 | Resolved an issue where LAN egress out route table entry was missing in Active ION post switch-over. |
Hotfix Release 6.3.6-b1
| Issue ID | Description |
|---|---|
| CGSDW-33282 | Resolved an issue where Archive and save logs directory after any process crash or device reboot. |
Hotfix Release 6.3.6-a46
| Issue ID | Description |
|---|---|
| CGSDW-31944 | Resolved an issue where snmpd: High Memory Usage. |
| CGSDW-31702 | Resolved an issue where Hello, and the dead timer for LLDP on our ION is 30 seconds. |
Hotfix Release 6.3.6-a32
| Issue ID | Description |
|---|---|
| CGSDW-33237 | Resolved an issue where Control Plane Traffic prioritisation in ION. |
| CGSDW-31862 | Resolved an issue where Split brain for 3 minutes after fp-rte crash - 6.3.5-b4. |
Hotfix Release 6.3.6-a28
| Issue ID | Description |
|---|---|
| CGSDW-32903 | Resolved an issue where Flow getting ESTABLISHED with SYN and SYN-ACK only. |
| CGSDW-32621 | Resolved an issue where After upgrade from 6.1.x to 6.3.5-b4 Standby IONs are losing connectivity to controller. |
| CGSDW-32172 | Resolved an issue where Legitimate DIA traffic flows cause DPDK cores to be overutilized. |
| CGSDW-32075 | Resolved an issue where Stale route entry present when we have route learnt over Mutliple service links. |
Hotfix Release 6.3.6-a23
| Issue ID | Description |
|---|---|
| CGSDW-32551 | Resolved an issue where App-engine Crash: slice bounds out of range [:-1]. |
Hotfix Release 6.3.6-a22
| Issue ID | Description |
|---|---|
| CGSDW-31832 | Resolved an issue where frr closes bgp socket configured over servicelink when it flaps. |
Hotfix Release 6.3.6-a21
| Issue ID | Description |
|---|---|
| CGSDW-31959 | Resolved an issue where 6.3.5-b4 app-engine crash dhcp.go line 99 nil pointer dereference. |
Hotfix Release 6.3.6-a19
| Issue ID | Description |
|---|---|
| CGSDW-31858 | Resolved an issue where App-probe is disabled on element level, but we are still sending probes in 6.3.5-b4. |
Hotfix Release 6.3.6-a18
| Issue ID | Description |
|---|---|
| CGSDW-31505 | Resolved an issue where Stats are getting exported with label as private-direct for LAN to LAN traffic. |
Hotfix Release 6.3.6-a17
| Issue ID | Description |
|---|---|
| CGSDW-31320 | Resolved an issue where Avoid adding 0.0.0.0 to DNS based app-maps. |
Hotfix Release 6.3.6-a15
| Issue ID | Description |
|---|---|
| CGSDW-31237 | Resolved an issue where Propagate the fix to 6.3.6 from 5.6 release. |
Hotfix Release 6.3.6-a12
| Issue ID | Description |
|---|---|
| CGSDW-30883 | Resolved an issue where rtr_mgr_api exception observed due to timing issue in handling wanpaths update & delete. |
Hotfix Release 6.3.6-a8
| Issue ID | Description |
|---|---|
| CGSDW-29556 | Resolved an issue where FIPS: Cgnxinfra, remote login and service link connections are failing with error":"Error decrypting private key" error in FIPS MODE. |
Hotfix Release 6.3.6-a7
| Issue ID | Description |
|---|---|
| CGSDW-30069 | Resolved an issue where ADEM probe not working for the private app over the secure fabric on 6.3.5 and 6.4.1| Bunnings AU PoC. |
Hotfix Release 6.3.6-a6
| Issue ID | Description |
|---|---|
| CGSDW-30052 | Resolved an issue where ION not populating ARP responses on the WAN interface. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.5
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.5 and various Hotfixes.
Release 6.3.5
| Issue ID | Description |
|---|---|
| CGSDW-28329 | Resolved an issue where Backup-DC also advertising branch prefixes when the vyos peer flaps. |
| CGSDW-28214 | Resolved an issue where ION 1200-S 6.1.10-b1 ION2 standalone interface connected via bypass pair on ION2 goes down when ION1 is powered down. |
| CGSDW-28049 | Resolved an issue where dump-support output and dump-support all command does not capture syslog if there is a softlink. |
| CGSDW-28036 | Resolved an issue where The VPN OIDs are changing for each polling request. |
| CGSDW-27728 | Resolved an issue where fp-rte crash on 6.3.4-b2 leading to HA failover HW 5200. |
| CGSDW-26686 | Resolved an issue where Not seeing mss clamping happening for PPPoE interface with dpdk on 6.1.6 after upgrading from 5.6.9. |
Hotfix Release 6.3.5-b10
| Issue ID | Description |
|---|---|
| CGSDW-32105 | Resolved an issue where Interface address flapping caused BGP / VPN / HA flapping. |
Hotfix Release 6.3.5-b2
| Issue ID | Description |
|---|---|
| CGSDW-29116 | Resolved an issue where [6.3.4]: fp-rte restart is seen when fec applied exceeds the max limit/resources. |
Hotfix Release 6.3.5-a16
| Issue ID | Description |
|---|---|
| CGSDW-29042 | Resolved an issue where [ION-6.3.5]LAN sub-interface/virtual interface on passive ION sending ARPs causing LAN disruption. |
Hotfix Release 6.3.5-a15
| Issue ID | Description |
|---|---|
| CGSDW-28712 | Resolved an issue where ifspd - unexpected end of data and other issues noted re DIT-48110. |
Hotfix Release 6.3.5-a11
| Issue ID | Description |
|---|---|
| CGSDW-28187 | Resolved an issue where ION does not initiate SYN request over TCP 179 to establish BGP with the peer after upgrading to 6.1.9-b2. |
| CGSDW-27498 | Resolved an issue where Default route is missing on sub interfaces after element is rebooted. |
| CGSDW-27462 | Resolved an issue where CLONE - Flow dropped after app reclassification. |
Hotfix Release 6.3.5-a7
| Issue ID | Description |
|---|---|
| CGSDW-27542 | Resolved an issue where BGP Went Down when ION1 was made active during MW. |
| CGSDW-27359 | Resolved an issue where Scale Issue - App /TCPP global stats are missing when high number of app thresholds are configured. |
Hotfix Release 6.3.5-a3
| Issue ID | Description |
|---|---|
| CGSDW-27387 | Resolved an issue where Traffic from Standard VPN is not routed to Branch over the fabric through transit DC ( 9000 ). |
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.4
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.4 and various Hotfixes.
Release 6.3.4
| Issue ID | Description |
|---|---|
| CGSDW-22259 | Resolved an issue where SNMPv3 not polling all interfaces on 9200s. |
| CGSDW-21320 | Resolved an issue where DHCP Non responsive on ION1200 SVI until config change or reboot. |
| CGSDW-21176 | Resolved an issue where Failed VLAN configuration not recovered. |
| CGSDW-21115 | Resolved an issue where FEC Action Not Being Displayed in FB For Inbound (DC to Branch). |
| CGSDW-20824 | Resolved an issue where Flush ipsec sa for service-link if service-link probe fails and times out irrespective of DPD timeout. |
| CGSDW-26226 | Resolved an issue where SDWAN-CPT:DC HUB does not advertise route with /25 to core when same route is learnt from wanpaths and edge peer. |
Hotfix Release 6.3.4-a56
| Issue ID | Description |
|---|---|
| CGSDW-26247 | Resolved an issue where fc-monitor crash seen in 9K with 6.3.4-a45. |
Hotfix Release 6.3.4-a48
| Issue ID | Description |
|---|---|
| CGSDW-24262 | Resolved an issue where CGESC-1712 : Select only bestpath as reachable route. |
Hotfix Release 6.3.4-a45
| Issue ID | Description |
|---|---|
| CGSDW-25738 | Resolved an issue where Fixing issue in IPFIX socket connect. |
Hotfix Release 6.3.4-a42
| Issue ID | Description |
|---|---|
| CGSDW-22633 | Resolved an issue where FC security policy build time & memory optimisation improvement. |
| CGSDW-25586 | Resolved an issue where GRE with FIPS mode is not working. |
Hotfix Release 6.3.4-a41
| Issue ID | Description |
|---|---|
| CGSDW-25152 | Resolved an issue where L3/L4 UDP apps classified as unknown post switchover. |
| CGSDW-24485 | Resolved an issue where FC process restart on 6.1.6. |
Hotfix Release 6.3.4-a39
| Issue ID | Description |
|---|---|
| CGSDW-24482 | Resolved an issue where HMAC Integrity failing for controller ca chain. |
| CGSDW-24269 | Resolved an issue where APP CUSTOM RULE CONFLICT (GOOGLE-MEET) is raised for a system app | loyal source government services | sw version: 6.1.8. |
Hotfix Release 6.3.4-a37
| Issue ID | Description |
|---|---|
| CGSDW-24112 | Resolved an issue where HMAC Integrity Check is skipped for python*-cgnx-* packages. |
Hotfix Release 6.3.4-a34
| Issue ID | Description |
|---|---|
| CGSDW-24400 | Resolved an issue where UserID Agent crashes with IPv6 mapping. |
Hotfix Release 6.3.4-a33
| Issue ID | Description |
|---|---|
| CGSDW-24273 | Resolved an issue where Interface shut is not removing v6 default route from FIB entry for internet and privwan. |
Hotfix Release 6.3.4-a32
| Issue ID | Description |
|---|---|
| CGSDW-24099 | Resolved an issue where Some of the interfaces donot have ip rule programming with the 2K VRF and interfaces scaled to 128. |
Hotfix Release 6.3.4-a31
| Issue ID | Description |
|---|---|
| CGSDW-22072 | Resolved an issue where Handling rtr_mgr_api memory increase. |
| CGSDW-20234 | Resolved an issue where Virtual interface not passing traffic. |
Hotfix Release 6.3.4-a27
| Issue ID | Description |
|---|---|
| CGSDW-23395 | Resolved an issue where Backup ION lost controller connections intermittently after the upgrade to 6.3.2-b5. |
Hotfix Release 6.3.4-a23
| Issue ID | Description |
|---|---|
| CGSDW-19833 | Resolved an issue where T-Mobile 5G IPv6 connectivity - Disable NR only mode for TMO. |
| CGSDW-23397 | Resolved an issue where snmp_network_discovery service is restarting every 1 hour on idle machine with snmpv3 configuration. |
Hotfix Release 6.3.4-a20
| Issue ID | Description |
|---|---|
| CGSDW-22389 | Resolved an issue where Removing firewall doesn't stop app probe for a public direct path. |
Hotfix Release 6.3.4-a19
| Issue ID | Description |
|---|---|
| CGSDW-23221 | Resolved an issue where ionhwd process consuming high memory. |
Hotfix Release 6.3.4-a18
| Issue ID | Description |
|---|---|
| CGSDW-23098 | Resolved an issue where Overlapping IPs is broken in VRF. |
| CGSDW-22700 | Resolved an issue where The Overlay dhcp-relay do not work with custom VRF configuration on 6.3.x s/w. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.3
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.3 and various Hotfixes.
Release 6.3.3
| Issue ID | Description |
|---|---|
| CGSDW-22192 | Resolved an issue where SDWAN-CPT:core.fp-rte observed when traffic on the client side traffic is started and stopped abruptly using iperf/hping, controller connectivity is lost and remains down for ~2hrs. |
| CGSDW-22281 | Resolved an issue where app-probe crash seen in a160 image branch device. |
| CGSDW-21181 | Resolved an issue where vION: Need support for AWS IMDSv2 for metadata. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.2
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.2 and various Hotfixes.
Hotfix Release 6.3.2-b5
| Issue ID | Description |
|---|---|
| CGSDW-20631 | Resolved an issue where the log-agent failed to process all DHCP messages received from the log-collector-client. |
Hotfix Release 6.3.2-b3
| Issue ID | Description |
|---|---|
| CGSDW-21868 | Resolved an issue where outbound SSH6 connections from ION devices were not functioning correctly. |
Hotfix Release 6.3.2-b2
| Issue ID | Description |
|---|---|
| CGSDW-21580 | Resolved an issue where backup ION devices were unable to establish a connection to the controller in HA deployments. |
Hotfix Release 6.3.2-b1
| Issue ID | Description |
|---|---|
| CGSDW-21836 | Resolved an issue where SVI VRF creation failed if the SVI name exceeded nine characters. |
Hotfix Release 6.3.2-a114
| Issue ID | Description |
|---|---|
| CGSDW-21116 | Resolved an issue where outbound SSH was not supported on interfaces used for controller connectivity. |
Hotfix Release 6.3.2-a112
| Issue ID | Description |
|---|---|
| CGSDW-21607 | Resolved an issue where the sequencing of VRF profile and interface configurations caused errors during element setup. |
Hotfix Release 6.3.2-a111
| Issue ID | Description |
|---|---|
| CGSDW-21698 | Resolved an issue where static ARP entries were not added correctly during configuration updates. |
Hotfix Release 6.3.2-a104
| Issue ID | Description |
|---|---|
| CGSDW-21300 | Resolved an issue where the DHCP server failed to function if the controller port and LAN interface were in the same subnet. |
| CGSDW-19628 | Resolved an issue where return traffic from the Hub to the Branch device was not visible in the Flow Browser. |
Hotfix Release 6.3.2-a103
| Issue ID | Description |
|---|---|
| CGSDW-21381 | Resolved an issue where unused memory allocated for App-ID element objects was not properly released. |
| CGSDW-21025 | Resolved an issue where the service link path was incorrectly cached in the performance policy after circuit detachment. |
| CGSDW-20241 | Resolved an issue where ICMP traffic experienced packet loss when traversing non-default VRFs. |
Hotfix Release 6.3.2-a101
| Issue ID | Description |
|---|---|
| CGSDW-20382 | Resolved an issue to address security vulnerabilities in OpenSSH (CVE-2023-51385 and CVE-2023-51767). |
Hotfix Release 6.3.2-a100
| Issue ID | Description |
|---|---|
| CGSDW-19542 | Resolved an issue to ensure ION devices are protected against SSH Terrapin attacks (CVE-2023-48795). |
Hotfix Release 6.3.2-a96
| Issue ID | Description |
|---|---|
| CGSDW-21088 | Resolved an issue where static ARP entries were incorrectly applied to standby ION devices in HA configurations. |
Hotfix Release 6.3.2-a95
| Issue ID | Description |
|---|---|
| CGSDW-17904 | Resolved an issue where the interface status command failed to display supported and advertised link modes. |
Hotfix Release 6.3.2-a88
| Issue ID | Description |
|---|---|
| CGSDW-20864 | Resolved an issue where leaked VPN prefixes were incorrectly removed on the Hub device when the prefix was deleted at the branch. |
| CGSDW-20807 | Resolved an issue where VPN forwarding entries for the global VRF were not visible after a software upgrade. |
Hotfix Release 6.3.2-a70
| Issue ID | Description |
|---|---|
| CGSDW-20649 | Resolved a memory leak in the SNMP daemon process that occurred during extended operation. |
Hotfix Release 6.3.2-a58
| Issue ID | Description |
|---|---|
| CGSDW-20671 | Resolved an issue where RADIUS server unreachable incidents were raised even when no RADIUS server was configured. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.3.1
The following section lists the issues addressed in Prisma SD-WAN ION Device Release 6.3.1 and various Hotfixes.
Release 6.3.1
| Issue ID | Description |
|---|---|
| CGSDW-17886 | Resolved an issue where traffic failed to flow correctly over service links in certain configurations. |
| CGSDW-16932 | Resolved an issue where the Zoom Phone application definition was missing several required prefixes. |
| CGSDW-16269 | Resolved an issue where high-payload traffic experienced performance degradation due to insufficient fragment reassembly queue length. |
Hotfix Release 6.3.1-b8
| Issue ID | Description |
|---|---|
| CGSDW-21512 | Resolved an issue where the default bypass pair latch behavior was inconsistent during specific power-off scenarios. |
Hotfix Release 6.3.1-b7
| Issue ID | Description |
|---|---|
| CGSDW-21119 | Resolved an issue where bypass pair ports remained in bypass mode after the device was declaimed. |
Hotfix Release 6.3.1-b5
| Issue ID | Description |
|---|---|
| CGSDW-19674 | Resolved an issue where memory corruption in DPDK mempools caused intermittent system process crashes. |
Hotfix Release 6.3.1-a374
| Issue ID | Description |
|---|---|
| CGSDW-16172 | Resolved an issue where LAN-to-LAN traffic and LAN-to-WAN traffic were treated inconsistently by the Zone-Based Firewall (ZBFW). |
Hotfix Release 6.3.1-a364
| Issue ID | Description |
|---|---|
| CGSDW-19778 | Resolved an issue where the remote access process restarted repeatedly during active ION device management sessions. |
Hotfix Release 6.3.1-a341
| Issue ID | Description |
|---|---|
| CGSDW-19466 | Resolved an issue where the device-to-controller connection took an extended amount of time to establish following a system reboot. |
Hotfix Release 6.3.1-a337
| Issue ID | Description |
|---|---|
| CGSDW-15212 | Resolved an issue where virtual interfaces on specific ION models failed to pass traffic correctly. |
Hotfix Release 6.3.1-a322
| Issue ID | Description |
|---|---|
| CGSDW-18816 | Resolved an issue where interface gateway IP addresses were missing after a software upgrade due to interface flapping. |
Hotfix Release 6.3.1-a314
| Issue ID | Description |
|---|---|
| CGSDW-18954 | Resolved an issue where IPFIX did not function correctly when the controller interface was configured as the source. |
Hotfix Release 6.3.1-a131
| Issue ID | Description |
|---|---|
| CGSDW-15661 | Resolved an issue where a memory leak occurred in the VPN process during ZeroMQ operations. |
Hotfix Release 6.3.1-a124
| Issue ID | Description |
|---|---|
| CGSDW-15258 | Resolved an issue where ION devices went offline intermittently due to repeated Flow Controller process restarts. |
Hotfix Release 6.3.1-a95
| Issue ID | Description |
|---|---|
| CGSDW-15201 | Resolved an issue where the bandwidth utilization for ingress traffic incorrectly displayed a zero value. |
Hotfix Release 6.3.1-a70
| Issue ID | Description |
|---|---|
| CGSDW-14766 | Resolved an issue where stale BGP configurations persisted after a BGP peer was deleted. |