Prisma SD-WAN
Addressed Issues in Prisma SD-WAN ION Release 6.4
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
-
-
-
- 6.5
- 6.4
- 6.3
- 6.2
- 6.1
- 5.6
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Addressed Issues in Prisma SD-WAN ION Release 6.4
Learn about the issues addressed in Prisma SD-WAN ION release
6.4.x.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Learn more about the issues addressed in Prisma SD-WAN ION device
release 6.4.
- Addressed Issues in Prisma SD-WAN ION Device Release 6.4.3
- Addressed Issues in Prisma SD-WAN ION Device Release 6.4.2
- Addressed Issues in Prisma SD-WAN ION Device Release 6.4.1
To view the consolidated list of addressed issues across Prisma SD-WAN ION releases, see
here.
Addressed Issues in Prisma SD-WAN ION Device Release 6.4.3
The following table lists the issues addressed in Prisma SD-WAN ION device release 6.4.3.
| Issue ID | Description |
|---|---|
| CGSDW-36354 | Resolved an issue where App-ID updates failed due to an app\_id\_map\_alloc failure. This occurred because the system did not release the app\_id\_map when a DNS-based App-ID update request arrived for an existing appmap entry. |
| CGSDW-36339 | Resolved an issue where the wanpaths_vni database was improper after you upgraded from a release earlier than 6.3.1. This occurred because the database migration failed. |
| CGSDW-36237 | Resolved an issue where LAN-to-WAN traffic dropped even though the VPN paths were UP. This occurred because the nsm module did not handle a NULL db_val during a reachability check. |
| CGSDW-36123 | Resolved an issue where an IPv6 BGP peer reset failed when you initiated the action from the controller UI. |
| CGSDW-36102 | Resolved as issues where the system could not achieve consistently high flows per second (FPS) because random packets arriving over a Virtual Private Network (VPN) were unintentionally dropped. |
| CGSDW-35970 | Resolved an issue where the flow controller took 20 to 30 minutes to update path reachability. This occurred due to a performance regression introduced in a prior release. |
| CGSDW-35903 | Resolved an issue where SNMP counters stalled, causing inaccurate bandwidth utilization updates. |
| CGSDW-35701 | Resolved an issue where the LAN egress route table entry was missing on the Active ION device following a switch-over. |
| CGSDW-35622 | Resolved an issue where data traffic incorrectly egressed the DC ION device via the controller port. |
| CGSDW-35543 | Resolved an issue where the BGP peer for a Custom VRF failed to establish a connection. |
| CGSDW-35527 | Resolved an issue where the fc-control process terminated unexpectedly, causing a core dump. This occurred due to a double free error during execution of the app-map filter command. |
| CGSDW-35523 | Resolved an issue where OSPF failed to come up on the DC ION. This occurred because the device did not send OSPF packets, preventing the establishment of OSPF adjacency. |
| CGSDW-35329 | Resolved an issue where the emif process failed on the ION 3200 device, resulting in socket reset errors and watchdog timeouts. This occurred during continuous flapping of the PPPoE interface. |
| CGSDW-35111 | Resolved an issue where the RX/TX statistics displayed in the UI sometimes showed values higher than the maximum interface link speed. |
| CGSDW-35022 | Resolved an issue where Standard VPN tunnels flapped following the detection of a multi IKE session. |
| CGSDW-34933 | Resolved an issue where app_stats were unavailable on the spoke device due to a crash in the SCM worker thread. |
| CGSDW-34703 | Resolved an issue that caused a memory leak and subsequent system memory depletion. This occurred because a worker thread in the bwm_server process became stuck on a network operation, preventing the release of network buffers. |
| CGSDW-34487 | Resolved an issue that caused high memory utilization by the LQM process. This occurred because, when a monitoring thread crashed, LQM failed to clean up its existing Redis connection and continuously retried to establish a new one. |
| CGSDW-34045 | Resolved an issue where the PPPoE manager in the emif process leaked system resources, including memory and Go routines. |
| CGSDW-33778 | Resolved an issue where a BGP peer connection to the next hop's loopback address failed and disconnected. This occurred when the update source used a secondary IP address on the ION device and was triggered by events like an interface bounce. |
| CGSDW-33608 | Resolved an issue that caused a memory leak in the data path thread, which led to an unexpected flow controller restart. |
| CGSDW-33282 | Resolved an issue where the system failed to automatically archive the /log/syslog directory following a process crash or device reboot. |
| CGSDW-32858 | Resolved an issue where multi-hop BGP learnt routes on the DC device were not re-distributed to the Branch. This omission occurred because the system failed to correctly resolve the BGP next-hop via the default route. |
| CGSDW-32621 | Resolved an issue where Standby ION devices lost connectivity to the controller after upgrading from the 6.1.x release. This occurred due to an incorrect local route entry. |
| CGSDW-32436 | Resolved an issue where the ION device silently rejected path policy updates. This failure occurred when the new policy included local prefix-lists that lacked site bindings. |
| CGSDW-32199 | Resolved an issue where Syslog Flow Export failed to send flow logs to the remote Syslog server, even when flow logging was correctly enabled in the configuration. |
| CGSDW-32105 | Resolved an issue where the interface address flapped, which caused instability in BGP, VPN, and HA connections. |
| CGSDW-32075 | Resolved an issue where multi-hop BGP learnt routes on the Hub device became stale and were not correctly removed when the underlying service link tunnel went down. |
| CGSDW-32071 | Resolved an issue that caused the device to reboot unexpectedly. This failure was triggered by a configuration parsing exception within the supervisord process. |
| CGSDW-31935 | Resolved an issue where the system installed only one next-hop in the FIB for OSPF prefixes, even when multiple ECMP routes were present in the OSPF database. |
| CGSDW-31920 | Resolved an issue that caused the fp-rte process to crash unexpectedly. This failure was due to a race condition between two internal processes that resulted in the premature cleanup of a resource entry. |
| CGSDW-31862 | Resolved an issue that caused the High Availability failover mechanism to stall for several minutes following an fp-rte process crash. The extended stall duration caused a service outage and customer traffic impact. |
| CGSDW-31860 | Resolved an issue where the application probe continued unnecessarily, despite successful DNS resolution. This occurred because the probe repeatedly used a common Transaction ID, causing the DNS server to reject the requests. |
| CGSDW-31832 | Resolved an issue where BGP peers failed to re-establish a session after the underlying service link flapped. |
| CGSDW-31702 | Resolved an issue where the Link Layer Discovery Protocol transmit Time-to-Live was insufficient. |
| CGSDW-31684 | Resolved an issue that caused persistent memory growth in the /cgnx/bin/elmgr process. This occurred when an interface state change restarted the DHCP server but failed to clear the stale DHCP daemons. |
| CGSDW-31654 | Resolved an issue that caused the Flow Controller (FC) process to crash unexpectedly. |
| CGSDW-31505 | Resolved an issue where application statistics for LAN-to-LAN traffic were incorrectly exported with the private-direct label. |
| CGSDW-31369 | Resolved an issue where the default gateway failed to configure on the ISP interface after the ION device was unclaimed. |
| CGSDW-30883 | Resolved an issue that caused an exception in the router management process due to a timing issue. This occurred when the system failed to promptly handle updates and deletions for WAN path status keys. |
| CGSDW-30565 | Resolved an issue where traffic was lost after a VPN switchover was triggered on the Spoke device. This occurred because the system failed to update the bridge vector with the new WAN interface details, causing traffic to be forwarded to the old, down VPN interface. |
| CGSDW-30535 | Resolved an issue where the Secure Fabric did not establish connectivity with the backup ION device following a Branch Gateway High Availability (HA) failover. |
| CGSDW-30242 | Resolved an issue where the ION device sometimes displayed an internal reboot code (code: 0x08) with the reason Unknown after an unexpected shutdown. |
| CGSDW-30125 | Resolved an issue where the ION device failed to apply a DNS caching size of 0. This prevented administrators from disabling the DNS cache functionality through configuration. |
| CGSDW-30124 | Resolved an issue where IPFIX data displayed zero values for statistics. This occurred because the system used an incorrect attribute to read the interface ID when processing flow statistics. |
| CGSDW-30073 | Resolved an issue that caused the event_forward process to repeatedly restart on the ION device. This occurred due to a technical incompatibility in the system's priority queue handling following the Python upgrade. |
| CGSDW-30067 | Resolved an issue that caused the dpdk-ctrl-port process to crash on the ION device operating in L2 mode. |
| CGSDW-30053 | Resolved an issue where the Active ION device's controller interface could not reach certain IP addresses. |
| CGSDW-29793 | Resolved an issue where the ION device incorrectly created two separate flows for traffic passing through a GRE tunnel. |
| CGSDW-29556 | Resolved an issue where cgnxinfra, remote login, and service link connections failed on the virtual ION device when operating in FIPS mode. |
| CGSDW-29432 | Resolved an issue where the ION device could not deliver packets when the destination MAC address matched that of one of its own ports. |
| CGSDW-29208 | Resolved an issue where the service link failed to function correctly because the flow controller incorrectly reported the NAT status as false, even when a NAT rule was present. |
| CGSDW-29207 | Resolved an issue where the ION device incorrectly created application probes for WAN-to-WAN initiation failure flows. The system wrongly populated the probe's destination port using the flow's source port, resulting in the creation of many unnecessary probes for the same destination. |
| CGSDW-28712 | Resolved an issue that caused the ifspd process to restart unexpectedly. This failure was due to the system prematurely updating the interface status during configuration parsing. |
| CGSDW-28697 | Resolved an issue where the ION device incorrectly created two flows instead of one for traffic in scenarios involving route leaking with a Service Link (SL) and a Custom Virtual Routing and Forwarding (VRF). |
| CGSDW-28530 | Resolved an issue that caused multiple unexpected Flow Controller (FC) crashes on the ION device. This failure was due to corrupted memory buffer (MBUF) packets re-entering the processing pipeline. |
| CGSDW-28481 | Resolved an issue where the High Availability (HA) controller interface on the ION device took up to 20 minutes to establish internet connectivity after a reboot. |
| CGSDW-28458 | Resolved an issue where the ION device stopped passing traffic after raising the DEVICESW_CONCURRENT_FLOWLIMIT_EXCEEDED alarm. |
| CGSDW-28329 | Resolved an issue where the Backup-DC ION device incorrectly advertised branch prefixes when a core-facing BGP peer flapped. |
| CGSDW-28326 | Resolved an issue where IPv6 ping commands failed to reach a VPN Forwarding Information Base (FIB) host when using the LAN interface IP address as the source IP address on the ION device. |
| CGSDW-28214 | Resolved an issue where the standalone interface on the standby ION device went down when the active ION device was powered down. |
| CGSDW-28187 | Resolved an issue where the ION device failed to initiate a SYN request over TCP port 179 to establish BGP with its peer after a reboot. |
| CGSDW-28049 | Resolved an issue where the dump-support and dump-support all commands failed to capture the system logs and core dumps on the ION device. |
| CGSDW-28036 | Resolved an issue where VPN OIDs changed with every polling request on the ION device. |
| CGSDW-27822 | Resolved an issue where the ION device incorrectly withdrew all BGP routes after an administrator updated the global prefix advertisement setting. This occurred when a local BGP configuration was already present. |
| CGSDW-27728 | Resolved an issue that caused the fp-rte process to crash on the ION device, leading to an immediate High Availability (HA) failover. |
| CGSDW-27708 | Resolved an issue where Branch Gateway sites, after onboarding, incorrectly advertised a default route toward the Palo Alto Networks device over the service link. This advertisement caused routing problems and routing loops on the service provider network. |
| CGSDW-27588 | Resolved an issue where the Performance Policy Alarm failed to display the complete WAN interface information. This occurred because the ION device did not translate the WAN interface ID to its corresponding name when the name was initially empty. |
| CGSDW-27542 | Resolved an issue where BGP failed to establish connectivity after the ION device transitioned to the High Availability (HA) active state. This occurred because the ION device incorrectly processed BGP configuration messages while in standby mode. |
| CGSDW-27498 | Resolved an issue where the default route was missing on subinterfaces after the ION device rebooted. This issue affected virtual interfaces created on specific ports where subinterfaces were then configured on those virtual ports. |
| CGSDW-27393 | Resolved an issue where Syslog Services incorrectly used the controller port's IP address as the source IP address for logs from a VRF interface. The fix ensures the system sets the correct source IP address. |
| CGSDW-27359 | Resolved an issue where application and TCPP global statistics were missing when a high number of application thresholds (50 or more) were configured. This scale issue occurred because the ION device failed to send statistics in a timely manner, causing the data to arrive out of order and resulting in the loss of both types of statistics. |
| CGSDW-26722 | Resolved an issue where static routes were not injected into the kernel after upgrading the ION device, causing traffic failure. This failure occurred due to a connection timeout error that triggered a networking service restart and the removal of interface local routes. |
| CGSDW-26686 | Resolved an issue where MSS clamping failed to occur for PPPoE interfaces on the ION device. This prevented correct TCP session establishment across the link. |
| CGSDW-26319 | Resolved an issue that caused the fp-rte process to crash on the ION device. This failure occurred during high-volume traffic associated with custom application mixes when the system ran out of FDM memory pool entries. |
| CGSDW-25254 | Resolved an issue where a memory buffer (mbuffer) leak was observed in Branch Gateway ION devices. When memory became exhausted, this leak caused VPN disconnections and the loss of connection to the controller. |
| CGSDW-23926 | Resolved an issue where SNMP reported an inconsistent operational status for a Switch Port when compared with the status displayed in the user interface and command line interface. |
| CGSDW-23739 | Resolved an issue where the ION device continued to generate and observe application probe flows even after the feature was disabled in the user interface. The fix ensures that flow observation and generation cease immediately after the feature is disabled. |
| CGSDW-22911 | Resolved an issue that caused the fp-rte process to crash on the ION device when QoS was enabled for UDP traffic on a WAN-to-LAN flow. This failure was due to a timing issue that occurred when one of multiple existing VPNs flapped. The crash happened because packets in the ingress QoS pipeline incorrectly referenced a deallocated structure. The fix ensures that the QoS pipeline safely handles VPN state changes. |
| CGSDW-13551 | Resolved an issue where asymmetry routing failed for TCP traffic between DIA and GRE SL. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.4.2
The following table lists the issues addressed in Prisma SD-WAN ION device release 6.4.2.
| Issue ID | Description |
|---|---|
| CGSDW-34640 | Resolved an issue where the VPN daemon would fail to start after a new configuration was pushed to RMA devices. The fix ensures the daemon starts successfully, allowing VPN services to resume. |
| CGSDW-34006 | Resolved an issue where an upgrade could cause interface gateways to fail, disrupting network traffic. The fix ensures gateways are reliably programmed after an upgrade, restoring network stability. |
| CGSDW-33974 | Resolved an issue where BGP sessions failed to establish after a device reboot. |
| CGSDW-33860 | Resolved an issue that caused high CPU utilization and network performance degradation on devices with large LAN subnets. |
| CGSDW-33778 | Resolved an issue where BGP sessions failed to establish or were unstable, particularly when a secondary IP address was used as the update source. |
| CGSDW-33483 | Resolved an issue that caused a system core dump during application identification. The fix ensures a process's lock is properly released, preventing the crash. |
| CGSDW-33065 | Resolved an issue where the controller interface's gateway failed to program after a device upgrade or reboot. The fix ensures the gateway is properly configured, restoring full network functionality. |
| CGSDW-32992 | Resolved an issue where flows were incorrectly established, leading to resource limits and dropped traffic. The fix ensures a valid three-way TCP handshake is completed before a flow is established. |
| CGSDW-32928 | Resolved an issue where ping failed after a High Availability (HA) switchover. The fix ensures a device's IP address and gateway are properly programmed, restoring network connectivity. |
| CGSDW-32372 | Resolved an issue with DNS-based application prediction that caused inaccurate identification. |
| CGSDW-23049 | Resolved an issue where core files were being generated when the device was being upgraded. |
| CGSDW-23324 | Resolved an issue where the bypass pair Ethernet port configuration was reset after being assigned to a device shell. |
| CGSDW-23398 | Resolved an issue where extra interfaces were seen on SNMPv3 polling. |
| CGSDW-23534 | Resolved an issue where the Ingress displayed a zero value for Bandwidth Utilization. |
| CGSDW-23928 | Resolved an issue where the snmpwalk command was returning incorrect information. |
| CGSDW-24246 | Resolved an issue where the device shell bypass pair on the ION 9200 device was not being configured successfully. |
| CGSDW-24269 | Resolved an issue where the APPLICATION_CUSTOM_RULE_CONFLICT incident was being raised for system applications. |
| CGSDW-25586 | Resolved an issue where the GRE tunnel was not being established when in FIPS mode. |
| CGSDW-25838 | Expedited the OSPF process reset to ensure a quick re-establishment of neighborships. |
| CGSDW-26901 | Resolved an issue where the remote access session for the device toolkit was timing out and closing after logging in from the web interface. |
Addressed Issues in Prisma SD-WAN ION Device Release 6.4.1
The following table lists the issues addressed in Prisma SD-WAN ION device release 6.4.1.
| Issue ID | Description |
|---|---|
| CGSDW-15027 | Resolved an issue where the SNMP interface bandwidth was being reported incorrectly after upgrading the device software version from 5.6.x. |
| CGSDW-20234 | Resolved an issue where a virtual interface with sub-interfaces was not passing traffic. |
| CGSDW-21320 | Resolved an issue where the ION device did not respond to DHCP until it was rebooted or there was a change in configuration. |
| CGSDW-21409 | FC crashes when many app-map entries are being created, modified, or deleted in parallel. |
| CGSDW-22192 | Resolved an issue where core files were being generated and the device was losing connectivity with the controller when traffic on the client side was abruptly stopped and restarted. |
| CGSDW-22281 | Resolved an issue where the application reachability probes were crashing on a branch ION device. |
| CGSDW-23109 | Resolved an issue where newly allocated devices were not able to connect to the controller. |
| CGSDW-23221 | Resolved an issue where the ionhwd process was consuming a lot of memory. |
| CGSDW-24071 | Set the concurrent flow limit to 20K. |
| CGSDW-24262 | Resolved an issue where a route, which was not necessarily the best route, was getting selected as the reachable route. |
| CGSDW-24400 | Resolved an issue where the User ID agent was crashing when there were IPv6 entries in NGFW. |