Strata Cloud Manager
Known Issues
Table of Contents
Expand All
|
Collapse All
Strata Cloud Manager Docs
Known Issues
See the fixes we're working on, or have recently fixed, in Strata Cloud Manager.
Review the issues we're working to fix in Strata Cloud Manager.
These are known issues found in the Strata Cloud Manager
platform. You can also review in-progress fixes for the subscriptions and products
supported for Strata Cloud Manager here:
- NGFW Release Notes (AIOps for NGFW and Cloud Management for NGFW)
- Prisma Access Release Notes
- Prisma SD-WAN Release Notes
- AI-Powered Autonomous DEM Release Notes
Cloud-Delivered Security Services (CDSS) docs:
Configuration Management Known Issues
| ID | Description |
|---|---|
| ADI-35760 |
On the AI Access Security Use Case page (InsightsAI Access), changing the application tag for a container
app does not automatically update the tags for its child
apps.
|
| ADI-37429 |
Getting error message when you navigate to Authentication ProfilesIdentity ServicesAuthenticationAuthentication Profiles page.
|
|
ADI-35546
|
Two discrete applications with the same App-ID are displayed in
the list of Applications (ManageConfigurationNGFW & Prisma AccessObjectsApplicationApplications) and Application Filters (ManageConfigurationNGFW & Prisma AccessObjectsApplicationApplications Filters) if the application is available as part of the
predefined apps provided with your currently installed dataplane
version and delivered from the App-ID Cloud Engine (ACE). The
two discrete App-IDs may have different attributes, such as Tags
and the Risk Score.
For example, ChatGPT is available as a predefined app and is also
delivered from ACE. In this case, you see two entries of ChatGPT
when you view your Applications and Application Filters.
|
|
ADI-29665
|
Dynamic Privilege Access: Do not use special characters in
project names, otherwise Strata Cloud Manager will issue a
"Malformed Request" error message when you try to save the
project configuration.
|
| ADI-32757 |
When you create a decryption rule locally on the firewall using a
cloned name, the Conflict icon doesn't show for the cloned
object.
|
|
ADI-33262
|
On a Prisma Access tenant where Dynamic Privilege Access is
enabled, a Mobile UserAccess Agent configuration push will fail without first
configuring a project in Strata Cloud Manager.
Workaround: Configure at least one project
before you do a push config.
|
| ADI-33776 | When configuring the Dynamic DNS feature in Prisma Access, ensure that the file name for the key file uploaded for Kerberos or TSIG key file is less than or equal to 32 characters. |
| ADI-33914 | Profile hit counts are not incremented in the URL filtering profile in Strata Cloud Manager. |
| ADI-30768 |
Configure Remote Network TunnelProtocol doesn't support Any as the option for proxy-id-
protocol configuration.
|
| ADI-31823 |
When configuring the Mobile User Infrastructure settings, if you
click the Advanced Settings, the
DDNS Configuration section appears in
red, suggesting as a required configuration, though it is
not.
As a workaround, collapse and reopen the Advanced Settings
section. The DDNS Configuration section won't appear as
required.
|
| ADI-31756 |
When configuring Snippets (ManageConfigurationNGFW and Prisma Access Overview) and expand the Configuration Scope to view the
Snippets, the HTTP server
configuration has an option to configure a password. This causes
the commits to fail on the firewall due to a key sync issue.
|
|
ADI-19128
|
When configuring a Security policy rule (ManageConfigurationNGFW and Prisma AccessSecurity ServicesSecurity Policy), you're able to select address objects created
outside of your scope management configuration (ManageConfigurationNGFW and Prisma AccessAccess ControlScope Management).
|
| ADI-31050 | Proxy zone is not listed in dropdown while creating an interface. Proxy zone is a default zone like local or internet, but in the api response, it doesn't have the interface type/layer values. |
| ADI-30404 | With remote networks internal gateway enabled, when portal authentication profile iss modified from SAML to Local User, the show global-protect-gateway gateway does not show the authentication profile correctly. |
| ADI-30298 | DHCP Relay local config from firewalls does not show conflicts in Strata Cloud Manager for resolved interfaces. |
| ADI-27372 | For Prisma Access (Managed by Panorama) multitenant environments, Policy Analyzer analysis results are not available for sub-tenants. |
| ADI-25671 | If you use a signature in an Anti-Spyware policy rule, you are unable to change the Action that Strata Cloud Manager takes when it detects the signature. |
| ADI-24630 | The following validation error is displayed when you assign
and push the same snippet name and rulebase name: localhost.localdomaincontainerGlobalprerulebasesecurityrules -&Workaround: Use different snippet name and
rulebase name. |
| ADI-22188 | Prisma Access commit opt: Incorrect Prisma Access configuration may not be caught in the Strata Cloud Manager, but fails in firewall and the error is reported back to Strata Cloud Manager post commit. |
| ADI-20068 | ZTNA Connector Microapp on SASE portal for Strata Cloud Manager tenants should not be used by any tenants with 10.2.* AMI version. |
Command Center Known Issues
| ID | Description |
|---|---|
| — |
The Command Center is always updated with the latest
data and metrics, and may not match what is available in
Activity Insights or other
dashboards.
Security subscription counts, action counts, and
metrics provided in the command center bubbles display the
latest data available at the time.
This is due to a few different things:
You may see this data in the following command center
views (including widgets, bubbles, and data flows):
|
| AIOPS-9888 | In the Users tab of Activity Insights, the Monitored Users count does not accurately reflect the total count of actual monitored users. It includes branch user |
|
NETVIS-2017
|
In the Command Center when you have a Data Security license
active, clicking the DLP Inline Total
Incidents value in the Incidents by
Severity widget redirects you to a blank
Enterprise DLP page.
Workaround: After you get redirected to the blank
Enterprise DLP page, click on DLP
Incidents to load the page.
|
| NETVIS-962 | In the views of the command center, public traffic may be classified as Internal Hosts under the Other bubble when security rules are set to Allow All. |
| NETVIS-955 | In the views of the command center, the IoT Devices bubble count does not display the expected count of devices and does not match what is in the (MonitorAssets) dashboard. |
| NETVIS-927 | In the Threats view of the command center, the URL Filtering bubble always shows 0 applications and data transferred when following through to the Monitor dashboard. |
| NETVIS-924 |
The Strata Cloud Manager command center will be
unavailable in the following regions at launch:
|
| NETVIS-919 | In the Data Security view, the sensitive data
users shows users who have uploaded or downloaded any sensitive
data that is detected through Prisma Access or NGFWs, as well as
any internal users and services accounts who have interacted
with sensitive data in any of the connected apps. Because of
this, the number may sometimes be larger than the user count shown
in the Summary view. |
| NETVIS-892 | In the Data Security view of the command
center, the Sensitive Data Users bubble displays the
total count of discovered users, not just sensitive
users. Work around: Use the SaaS Security
dashboard (CASB > SaaS Security). |
| NETVIS-806 | In the command center views, the IoT Devices count bubble may be 0 if Strata Logging Service Next-Generation Firewall logs do not have IoT attributes. |
| NETVIS-736 | In the Operational Health view of the command center, when following through on Device Health links, time-based filters available in the command center are not available in those pages. |
| NETVIS-611 | In the Operational Health view of the command center, when filtering by the NGFW bubble and opening the NGFW Device Health links, the data in the command center may no longer auto refresh every 5 minutes as intended. |
| NETVIS-593 |
In the Threats view of the
command center, when filtering data with the DNS
Security bubble, the malicious requests include
high risk requests, not just malicious requests.
The malicious requests count might appear larger than
it actually is because of this.
|
| NETVIS-535 |
In the Operational Health view of the command
center, all apps will be classified as Internet Apps.
ADEM will be adding support for application
categorization soon.
|
| NETVIS-479 |
In the Data Security view of the command center,
the Incidents count breakdown by Severity may be
lower than anticipated. Severity is not found in all incidents,
resulting in them being classified as “Low” instead of their
actual severity.
|
| NETVIS-477 | In the Data Security view of the command center, the SaaS API incident count in the Security Subscriptions widget is incorrect. |
Prisma Access Browser Visibility Known Issues
| ID | Description |
|---|---|
|
NETVIS-2040
|
In Activity InsightsApplications, the Rule Name column
refers to Prisma Access firewall rules. It isn't applicable
to Prisma Access Browser Standalone tenants and should not be
visible.
|
| NETVIS-1980 | Some Prisma Access Browser data aren't populated as expected when
the same tenant has been activated with Prisma Access and Prisma Access Browser Standalone. The following pages might not show
the Prisma Access Browser changes:
|
| NETVIS-1908 |
Data usage isn't available in Prisma Access Browser
events, so in Activity InsightsApplications details the data transfer widget is empty for a Prisma Access Browser standalone tenant. However, the same might
have data for Prisma Access Browser add-on in the presence of Prisma Access as long as data is flowing through Prisma Access firewalls.
|
| NETVIS-1905 |
Data usage isn't available in Prisma Access Browser
events, so in Activity InsightsApplications the Data Usage column is
empty for a Prisma Access Browser standalone tenant. However, the
same might have data for Prisma Access Browser add-on in the
presence of Prisma Access as long as data is flowing through
Prisma Access firewalls.
|
| NETVIS-1904 |
Threat information isn't available in Prisma Access Browser events so in Activity InsightsApplicationsdetails, the Total Threats by Threat
Type widget is empty for Prisma Access Browser
standalone tenant. However, the same might have data for Prisma Access Browser add-on in the presence of Prisma Access
as long as data is flowing through Prisma Access
firewalls.
|
| NETVIS-1899, NETVIS-1862 | Left navigation menu items in Strata Cloud Manager that are not relevant to Prisma Access Browser standalone tenants are not hidden in this release. This will be taken care of in future releases. |
| NETVIS-1890 | In Dark Mode the Prisma Access Browser pages display with a light background. |
| NETVIS-1555 | An exported PDF from the Activity InsightsUsersdetails page does not include all the columns from the Prisma Access Browser summary table. This is a general issue on the size limitations of PDF exports. |