Fixed an issue where, when trying to remove locations, existing onboarded locations could not be deselected, or multiple locations were deselected when only a few locations were chosen.

Fixed an issue where DLP Data Filtering settings were being overwritten by settings in the Cloud Services plugin.

Fixed an issue where, in a multi-tenant environment, tenant names with a period (.) in the name caused configuration tabs to be grayed out after commit.

Fixed an issue where address blocks in the RFC 6598 subnet (100.64.0.0/10) were not being blocked when configuring the infrastructure subnet, GlobalProtect mobile user IP address pool, or remote network or service connection static subnets.

Removed fields related to Network Packet Broker from the Panorama UI in Prisma Access device groups. Network Packet Broker is not applicable to Prisma Access deployments.

Fixed an issue where, after you make configuration changes to an existing service connection or remote network connection (for example, changing the bandwidth, region, QoS, or BGP values), the job details in the Deployment Status page (PanoramaCloud ServicesStatusStatusDeployment StatusDetails) might display a value of TIMEOUT, even if the job completed successfully.

Fixed an issue where, in a multi-tenant environment, tenant names with a period (.) in the name caused configuration tabs to be grayed out after commit.

Fixed an issue where the secret could not be retrieved to allow communication between Prisma SD-WAN and Prisma Access.

Fixed an issue where, when attempting to select a Master Device in a Mobile Users—GlobalProtect, Mobile Users—Explicit Proxy, or Remote Network deployment, an Operation Failed message was received.

Fixed an issue where, when entering CLI commands on a multitenant Prisma Access deployment, the command returned an error of Invalid syntax.

Fixed an issue where, if you are configuring multiple Prisma Access components and select multiple components in the Push Scope, an error is returned that not all commit jobs were triggered.

If you cannot upgrade your Panorama version to 10.1.4, the workaround is to select CommitCommit and Push, Edit Selections, and in the Prisma Access tab, make sure that the Push Scope includes the changes you made for the Prisma Access configuration. Depending on the changes you made, select one or more of the Remote Networks, Mobile Users, Service Setup, and Explicit Proxy choices.

Fixed an issue where, after onboarding a service connection, you could not add additional subnets for static routes.

Fixed an issue where, after an upgrade to 2.2 Preferred, an error was received when making configuration changes to remote networks.

Fixed an issue where, after a commit and push operation, jobs either become stuck in init state or fail to complete.

Workaround: The issue might be with an EDL update being processed at the same time as the commit operation. To workaround the issue, select ObjectsExternal Dynamic Lists and change the Check for updates setting from Every five minutes to Hourly or later.

Fixed an issue where Prisma Access reported spurious errors when making configuration changes if Internal Host Detection was enabled.

Fixed an issue where, after a Cloud Services plugin upgrade, after selecting PanoramaCloud ServicesStatusMonitor and then selecting either Service Connection or Mobile Users, a new window with additional information did not display when you select a region in the map.

Fixed an issue where, if you are configuring multiple Prisma Access components and select multiple components in the Push Scope, an error is returned that not all commit jobs were triggered.

If you cannot upgrade your Panorama version to 10.1.4, the workaround is to select CommitCommit and Push, Edit Selections, and in the Prisma Access tab, make sure that the Push Scope includes the changes you made for the Prisma Access configuration. Depending on the changes you made, select one or more of the Remote Networks, Mobile Users, Service Setup, and Explicit Proxy choices.

Fixed an issue where locations could not be added during Prisma Access mobile user onboarding.

Fixed an issue where, after configuring the Internal Domain List during service infrastructure configuration, Prisma Access returned a Failed plugin validation error after commit.

Fixed an issue where, in a multi-tenant configuration, one or more tenants had a configuration status display as Configuration is not in sync after a successful commit operation.

Fixed an issue where, when importing a CSV file to onboard remote networks, an error message of type constraints failed : the local ID type is invalid displayed. This condition only occurs when the Secondary WAN is enabled and the Local-ID and Type are set in the IKE Gateway Profile.

Fixed an issue where, after clicking the Monitor tab to check service connection or mobile user details, the UI did not display pertinent data.

Fixed an issue where, when you selected PanoramaCloud ServicesStatusMonitorStrata Logging Service, the Service Status area displayed No data to display, even though Strata Logging Service was working normally.

Fixed an issue where a commit error was received after upgrading from Prisma Access 1.7 or 1.8 to 2.0 Preferred.

Fixed an issue where Prisma Access reported spurious errors when making configuration changes if Internal Host Detection was enabled.

Fixed an issue where the license expiration date was displayed in an incorrect format.

Fixed an issue where, after an upgrade from a legacy Prisma Access license to the new Prisma Access Edition licenses, the legacy Prisma Access licenses were still being displayed.

Fixed an issue where, because an internal symmetric check was removed for traffic between service connections (Corporate Access Nodes) starting with Prisma Access 2.0 Preferred, some datacenter-to-datacenter (service connection-to-service connection) traffic originating from or behind a service connection could bypass an application override.

Fixed an issue where, during a restart or reboot of Panorama, existing cloud licenses were not being correctly detected.

Fixed an issue where invalid domain names with wildcards such as .panw.*local were not called out as invalid during a commit operation. Domain names with wildcards such as *.panw.local are allowed.

Fixed an issue where, in a multi-tenant deployment, exception errors were displayed because of inconsistent internal database entries.

Fixed an issue where, if you have DLP on Prisma Access enabled for more than one Prisma Access instance in a single Customer Support Portal (CSP) account, data filtering profiles were synchronized across all instances.

Fixed the following issues when viewing the status information for a Clean Pipe deployment:

Fixed an issue where an error was received while generating a client certificate using CLI. This certificate allows communication between the GlobalProtect app and Strata Logging Service.

Fixed an issue where data filtering profiles were not being created for mobile user device groups.

Fixed an issue where, if you were using URLs or URL categories as a match criteria in a policy-based forwarding rule for traffic steering, the initial packets (for example, a TCP handshake) intermittently did not match the rule for the users who connected to a matching URL for the first time.