Strata Cloud Manager
Addressed Issues
Table of Contents
Expand All
|
Collapse All
Strata Cloud Manager Docs
Addressed Issues
Review the issues we have recently fixed in Strata Cloud Manager.
Review the issues we have recently fixed in Strata Cloud Manager.
These are addressed issues found in the Strata Cloud Manager
platform. You can also review in-progress fixes for the subscriptions and products
supported for Strata Cloud Manager here:
- NGFW Release Notes (AIOps for NGFW and Cloud Management for NGFW)
- Prisma Access Release Notes
- Prisma SD-WAN Release Notes
- AI-Powered Autonomous DEM Release Notes
Cloud-Delivered Security Services (CDSS) docs:
ADI-43740 2025.r4.0 |
Fixed an issue where SSL decryption certificates were not
automatically configured. If decryption is required, you must
configure certificate settings manually before pushing the
configuration to the device.
To configure:
|
ADI-43675 2025.r3.1 |
Fixed an issue where the firewall upgrades failed at the initial
stage with the message: "Version 11.1.0 not downloaded /
uploaded".
|
ADI-44340 2025.r3.0 |
Fixed an issue where a commit would fail on the Firewall if a
decryption policy is configured with SSL forward proxy did not
include an SSL decrypt certificate. To avoid commit failure, ensure
that an SSL decrypt certificate is configured.
|
ADI-31756 2025.r3.0 |
Fixed an issue where configuring Snippets by navigating to ManageConfigurationNGFW and Prisma Access Overview and expanding the Configuration Scope to view
Snippets resulted in commit failures on
the firewall. The issue was caused by a key synchronization issue
due to an HTTP server configuration option requiring a password.
|
ADI-24630 2025.r3.0 | Fixed an issue where a validation error appeared when assigning
and pushing a snippet and rulebase with the same name. This occurred
in the following navigation path: localhost.localdomaincontainerGlobalprerulebasesecurityrulesWorkaround: Use unique names for snippet and
rulebase to avoid this error. |
ADI-27372 2025.r3.0 | Fixed an issue where Policy Analyzer analysis results were not available for sub-tenants in Prisma Access (Managed by Panorama) multitenant environments. |
ADI-41084 2025.r1.0 |
Fixed an issue The GP Portal node will get pruned if the interface is
used in GP Portal is not local to the FW i.e. it has come from
SCM.
|
ADI-38277 2025.r1.0 |
Fixed an issue where editing an existing WebSec rule and saving it
caused a partial push to the firewall, resulting in a validation job
failure.
|
ADI-39966 2025.r1.0 |
Fixed an issue where onboarding of mobile user failed with the tenant
default configuration, due to the missing dir-sync
configuration.
|
ADI-40138 2025.r1.0 |
Fixed an issue where the certificate profile was missing in the
GlobalProtect configuration within the imported snippet.
|
ADI-40206 2025.r1.0 | Fixed an issue where the authentication profile was missing in the client authentication of the GlobalProtect Auth Profile. |
ADI-40218 2025.r1.0 |
Fixed an issue where client certificates from Strata Cloud Manager
pushed configurations were pruned during reverse transformation.
This caused the certificates to be missing when pushing the
associated snippet to the firewall.
|
ADI-40217 2025.r1.0 |
Fixed an issue where interface and SSL/TLS service profiles from the
Strata Cloud Manager pushed configurations were missing in the
GlobalProtect portal. These profiles were pruned during reverse
transformation to the Strata Cloud Manager.
|
ADI-40420 2025.r1.0 |
Fixed an issue where Gateway Satellite Tunnel Monitoring and Network
Settings were pruned after reverse transform and push to firewall 2,
making them unavailable post push.
|
ADI-40951 2025.r1.0 |
Fixed an issue where downgrading the firewall from Release 11.2.x to
Release 10.2.using the software upgrade feature was not
possible.
|
ADI-41054 2025.r1.0 |
Fixed an issue where pushing a configuration that is referencing
another serial number caused the push to fail on the targeted
firewall pair.
|
ADI-41080 2025.r1.0 |
Fixed an issue where all configurations in the client-less VPN node
were being pruned when pushed to a different firewall.
|
ADI-41722 2025.r1.0 |
Fixed an issue that caused the bootstrap process to fail due to a
software installation error.
|
ADI-32757 2025.r1.0 |
Fixed an issue where creating a decryption rule locally on the
firewall using a cloned object name did not display the Conflict
icon for the cloned object.
|
ADI-37429 2025.r1.0 |
Fixed an issue where an error message appeared when navigating to Authentication ProfilesIdentity ServicesAuthenticationAuthentication Profiles page.
|
ADI-38973 September 2024 |
Fixed an issue where users had to create a new policy after adding an
SLS license for firewalls to begin sending logs to SLS. Existing
policies pushed before the license change will not send logs to
SLS.
|
ADI-34609 September 2024 | Fixed an issue that allowed the disassociation of snippets even when the referenced HIP objects were linked to HIP profiles in the associated folder. The disassociation process didn't validate these references, leading to commit failures when users pushed changes. Consequently, administrators mist either clone the referenced objects to their folder or remove the referring profiles. |
ADI-36127 September 2024 | Fixed an issue where customers were unable to configure regular routing type entry due to regex inconsistencies between PAN-OS and Strata Cloud Manager. |
ADI-35300 September 2024 | Fixed an issue where customers were unable to configure Source IP for Path Monitoring in a static route from the Strata Cloud Manager. |
ADI-34819 September 2024 | Fixed an issue where the view and edit functionality was broken for Address Groups when they were referenced by other rules. |
ADI-36624 September 2024 | Fixed an issue where the Description column for HIP Object and HIP Profile was previously hidden, causing styling issues. It is now available by default. |
ADI-37190 September 2024 | Fixed an issue where clicking on the config version difference for a firewall with device scope disabled resulted in an error. |
ADI-36387 September 2024 | Fixed an issue where the filter option in Strata Cloud Manager required a refresh after clearing the filter. You can now clear the filter without needing a refresh. |
ADI-35489 September 2024 | Fixed an issue where some tenants were seeing multiple snippets under security rules due to missing UUIDs. This has been addressed by ensuring all the flows have UUIDs. |
ADI-36043 September 2024 | Fixed an issue in the Strata Cloud Manager where, after cloning a snippet, users encountered a "Failed to find obj-uuid for command get" error when attempting to edit a variable or save other configurations. This prevented any changes to the newly cloned snippet. |
ADI-35656 September 2024 | Fixed an issue where devices in device associations were inaccessible, preventing certain customers from adding a new folder in Strata Cloud Manager due to a null pointer exception. |
ADI-36179 September 2024 | Fixed an issue where tenants with only an NGFW license and no PA license had the Data Loss Prevention Profile selection hidden. This option is now available to all the Strata Cloud Manager tenants and users who have a DLP instance. |
ADI-36114 September 2024 | Fixed an issue where the Strata Cloud Manager Snippet configuration page didn't load for a tenant due to un-pushed changes, which were affected by a service restart. |
ADI-26131 September 2024 | Fixed an issue where the Show/Hide checkbox for the Action column was not functioning properly for EDL. |
ADI-37100 September 2024 | Fixed an issue that caused slowness on the Push Config page due to data-related problems. |
ADI-36050 September 2024 | Fixed an issue where inherited interface variables from the global settings were causing errors in folders when referenced. Support has been implemented to clone routers and zones successfully. |
ADI-35919 September 2024 | Fixed an issue where there were inconsistencies in the HA pair display. |
ADI-35445 September 2024 |
Fixed an issue where the HA cluster configuration displayed two
clusters with the same name in the UI. Additionally, attempting to
edit the HA pair resulted in a blank screen, preventing any
modifications.
|
ADI-33775 September 2024 | Fixed an issue where the Configure button for Forwarding Profiles
redirected to the wrong page when Mobile Users was not enabled.
Workaround: Enable Mobile Users. |
ADI-34294
September 2024
|
Fixed an issue where the target device count on the
Schedules page displayed as zero, even
though the associated rule had target devices.
Workaround: Clear the browser cache and reload
the page. The target devices count should then display
correctly.
|
ADI-31823 July 2024 |
Fixed an issue where configuring the Mobile User Infrastructure
settings, if you click the Advanced Settings,
the DDNS Configuration section appears in
red, suggesting as a required configuration, though it is not.
As a workaround, collapse and reopen the Advanced Settings section.
The DDNS Configuration section won't appear as required.
|
ADI-34607
July 2024
|
Fixed an issue where PAC files larger than approximately 150 KB was
failing to upload to Strata Cloud Manager, resulting in a request
failed with status code 414 error.
|
ADI-30026
July 2024
| Fixed an issue where the DHCP local pool value was displaying incorrectly. This was due to local configuration management computations not being performed on DHCP objects, which prevented conflicts from being shown. |
ADI-33316 July 2024 | Fixed an issue where data filtering profiles, whether custom or default, were being pruned when imported or displayed in Strata Cloud Manager. |
ADI-29956
July 2024
| Fixed an issue where profiles with passwords were shown as not matching, though they were. |
ADI-29989 July 2024 | Fixed an issue with the Application UI that caused timeouts when editing a static IP pool with up to 5000 records. While the timeout issue has been fixed, there's still a delay when editing pages with a large number of records. |
ADI-33909 July 2024 |
Fixed an issue where ConfigPush was failing due to Layer 3 Aggregate
Ethernet group in the imported snippet.
|
ADI-31750
June 2024
|
Fixed an issue where the performance was impacted if the number of IP
pools per project exceeded 50.
|
ADI-30165 June 2024 | Fixed an issue where TACACS+ server timeout value was not shown for firewall configuration diff, even though it was configured. |
ADI-30721 June 2024 | Fixed an issue where newly onboarded firewall displayed conflicts when there were no conflicts. Also, some Strata Cloud Manager unsupported objects were shown. |
ADI-32068 June 2024 |
Fixed an issue where the Mobile UserDDNS Configuration page didn't show the previously configured Dynamic
DNS settings.
As a workaround, click on a different section and then return to the Mobile UserDDNS Configuration.
|
ADI-32094 June 2024 | Fixed an issue where the Dynamic DNS Support page on the Infrastructure SettingsAdvanced Settings displayed a section for enabling advanced RCODE support, which is not related to the Dynamic DNS feature. |
ADI-32181
June 2024
| Fixed an issue where importing of a local configuration with an invalid master key did not throw any error message. Nodes that required encryption was disregarded which resulted in fail validation on attempt to associate snippet or push to a device. |
ADI-31538
June 2024
|
Fixed an issue where, when setting up a forwarding profile, the
forwarding profile Type was displayed as ZTNA Agent instead
of Prisma Access Agent. Also, if you selected Add Forwarding
Profile, the drop-down displayed ZTNA Agent instead of
Prisma Access Agent.
|
ADI-33611 June 2024 |
Fixed an issue where custom certificates at the device level were
moved up to All container in Strata Cloud Manager. When
certificates were pushed from the Strata Cloud Manager, they were
also being pushed along. If you do not want to push certificates to
other devices, it's advisable to move the certificates to the device
level.
|
ADI-31502 June 2024 |
Added a validation to check agent configuration is not set to tunnel
or hybrid mode when Enable Portal only for Proxy Mode on
GlobalProtect is enabled under GlobalProtect setup.
|
ADI-23905 June 2024 | Fixed an issue where unsupported Colo-Connect regions were getting displayed. |
ADI-31713
June 2024
| Fixed an issue where pushed configurations used in local configuration as references couldn't be imported during the Snippet import process. |
ADI-32781
June 2024
|
Fixed an issue where the push with an incomplete HA pair was not
working. To support HA devices in an Auto VPN cluster, both devices
in the HA pair must be present together in the cluster. There is no
validation in place for this and will fail the push.
|
ADI-32883
June 2024
| Fixed an issue where the auto generated configurations such as configurations from web security and Auto VPN which caused conflicts were not marked as conflicts in the Local Configuration. |
ADI-30721 June 2024 | Newly onboarded firewall shows conflicts and when clicked on, there are no conflicts for them. Also, some objects that we don't support in Strata Cloud Manager are also shown. |
ADI-25507 May 2024 | When you enable Remote Browser Isolation (RBI) widget from the URL page, do not add any infrastructure settings, and create all RBI related configs and push, RBI configs are not present on the firewall. |
ADI-25875 May 2024 | When no remote networks configs are present but cden configs are present, bandwidth management does not display the per region bandwidth allocation. Instead, it is set up as day-0. |
ADI-26149 May 2024 | The HTTP header value field supports only 512 characters. |
ADI-28737 May 2024 | Remote networks explicit proxy IP addresses are not visible in Strata Cloud Manager. |
ADI-28491 May 2024 | The load config version command throws a 504 Gateway timeout error. |
ADI-28737 May 2024 | Remote networks explicit proxy IP addresses are not visible in Strata Cloud Manager. |
ADI-30089 May 2024 | ECDSA cert reverts back to default when set to None under GP folder. |
ADI-30111 | Compare config shows a difference between variable and actual value. |
ADI-28195
April 2024
| The configuration push fails if you attempt to partially push the ssl-tls-service-profile with a max version, even when the service profile doesn't have a max version defined. To resolve this issue, you must perform a full push. |
ADI-25662
April 2024
|
Fixed an issue where you were allowed to create more than one project
with the same domain and user groups if the projects were configured
from different configuration snippets.
|
ADI-28726
April 2024
| Fixed an issue where, the users who were not on the Allow List were able to authenticate. |
ADI-30111
April 2024
| Fixed an issue on the Compare Config page where the VLAN value differed between Configs in Cloud and Configs on Device. |
ADI-30901
April 2024
| Fixed an issue where, creating a dummy Kerberos server profile, along with Kerberos server was required for creating a Kerberos authentication profile. |
ADI-28491 April 2024 | Fixed an issue where, the load config version command was throwing a 504 Gateway timeout error. |
ADI-30165
April 2024
| Fixed an issue where, the TACACS+ server timeout value was not shown for firewall config diffs, even though it was configured. |
ADI-30111
April 2024
| Fixed an issue where, the compare configuration was showing a difference between variable and actual value. |
ADI-30089
April 2024
| Fixed a decryption settings issue wherein the PA level certificates need to be set to None before setting the child level certificates to None. |
ADI-28737
April 2024
| Fixed an issue where the Remote Networks Explicit Proxy IP addresses were not visible in Strata Cloud Manager. |
ADI-25875
April 2024
|
Fixed an issue where the Bandwidth Management tab displayed a blank
page if the MCW configuration was present under remote networks.
|
ADI-25723 January 2024 |
Call /spiffy/v1/bp/result/policies/security_rule for a tenant.
Result: id = 3 has old check_name 'The rule Description is not
populated'. The response will contain the old name. Even when new
BPA analysis has been completed - the check_name remains the
same.
|
ADI-25415 January 2024 | Navigating to the IP allow list page in Mobile Users results in an automatic update to allow list IP addresses. |
ADI-25723
January 2024
|
Fixed an issue where changing the configuration was necessary to
generate the new BPA report.
|
ADI-25415
January 2024
| Fixed an issue where navigating to the Mobile UsersIP Allow List page resulted in an automatic update to allow list IP addresses without saving it. |
ADI-26149
January 2024
| Increased the HTTP header value to support a maximum of 16K characters. |
ADI-25541
|
Fixed an issue, where pushing any Auto VPN configuration changes
resulted in all admin changes being applied to all devices within
the pushed VPN cluster.
|
ADI-25507
|
Fixed an issue, wherein enabling Remote Browser Isolation (RBI)
without adding any infrastructure settings and subsequently pushing
the configuration changes to a remote network led to a successful
push, yet the RBI configuration remained unavailable on the
firewall.
|
ADI-25415
|
Fixed an issue, where the egress IP allowlist would update
automatically upon navigating to WorkflowsPrisma Access SetupGlobalProtectPrisma Access Locations page.
|
ADI-20135
|
Fixed an issue where the configured GlobalProtect IPSec Crypto
profile couldn’t be deleted or cloned since the WorkflowsPrisma Access SetupGlobalProtectGlobalProtect AppGlobal App Settings page did not show the configured GlobalProtect IPSec
Crypto profiles.
|
ADI-21401
|
Fixed an issue where the IP Restrictions weren’t accurately enforced
when configured with an IP address range.
|
Command Center Known Issues
ID | Description |
---|---|
NETVIS-2017
|
In the Command Center when you have a Data Security license
active, clicking the DLP Inline Total
Incidents value in the Incidents by
Severity widget redirects you to a blank
Enterprise DLP page.
Workaround: After you get redirected to the blank
Enterprise DLP page, click on DLP
Incidents to load the page.
|
NETVIS-611 | In the Operational Health view of the command center, when filtering by the NGFW bubble and opening the NGFW Device Health links, the data in the command center may no longer auto refresh every 5 minutes as intended. |
NETVIS-593 |
In the Threats view of the
command center, when filtering data with the DNS
Security bubble, the malicious requests include
high risk requests, not just malicious requests.
The malicious requests count might appear larger than
it actually is because of this.
|
NETVIS-535 |
In the Operational Health view of the command
center, all apps will be classified as Internet Apps.
ADEM will be adding support for application
categorization soon.
|
NETVIS-477 | In the Data Security view of the command center, the SaaS API incident count in the Security Subscriptions widget is incorrect. |