Prisma Access Addressed Issues
Focus
Focus

Prisma Access Addressed Issues

Table of Contents

Prisma Access Addressed Issues

The following topics describe issues that have been addressed in the Prisma Access 3.1.0 release:

Prisma Access 3.1.0-h75 Addressed Issues

Issue IDDescription
CYR-30319
Fixed an issue where the secret key generation for a Prisma SD-WAN integration with Prisma Access failed.
CYR-29185
Fixed an issue where Administrative users who use role-based access control (RBAC) were not assigned the correct RBAC privileges after a Cloud Services plugin upgrade.
CYR-28926
Fixed an issue where Admin Role Profiles did not have the correct administrative privileges.
CYR-28685
Fixed an incompatibility issue with using Panoramas running 10.1.6-h6 to manage Prisma Access.
CYR-27952
Fixed an issue where, when performing a bulk configuration import for remote networks, a Failed to import IKE Gateway "undefined" error was received when importing the CSV file.
CYR-23526
Fixed an issue where, when changing the Local IP Address in the BGP tab for a Remote Network connection that uses BGP, the following issues could be seen:
  • An Operation Failed window with an Object already exists message might display.
  • The Peer IP Address might be displayed as "Loading..." in the Remote Networks Onboarding section of the Panorama UI.

Prisma Access 3.1.0-h66 Addressed Issues

Issue IDDescription
CYR-27817
Fixed an issue where, after an upgrade to the Cloud Services plugin 3.1.0, bulk importing of Remote Network configurations could not be provisioned to the upgraded plugin with a Failed to load the selected configuration error after selecting Import.
CYR-27558
Fixed an issue where performing a global find operation on the Panorama that manages Prisma Access caused a deletion of the mobile user template and plugin configurations.
CYR-26876
Fixed an issue where, if Clientless VPN is enabled for a Mobile Users - GlobalProtect deployment, the US East location is deselected in the mobile users Locations tab.
CYR-24894
Fixed an issue where the Modified and Created fields appeared blank when viewing security policies in Mobile_User_Device_Group in a Panorama managed Prisma Access deployment.
CYR-24033
Fixed an issue where, when onboarding a remote network and selecting options such as Summarize Mobile User Routes before advertising, Enable BGP, Don't Advertise Prisma Access Routes, or Advertise Default Route, an Object already exists error was displayed.

Prisma Access 3.1.0-h62 Addressed Issues

Issue IDDescription
CYR-26566
Fixed an issue where, as the result of configuring or changing the configuration to Mobile Users—GlobalProtect settings, Clientless VPN was enabled, which caused commit validation errors to display and Troubleshooting Commands information to fail to be retrieved.
CYR-26026
Fixed an issue where an insufficient internal timeout value was causing local commits to Panorama to fail with a timeout error.
CYR-25761
Fixed an issue where logs related to Policy Optimizer were filling up the memory reserved for logs.
CYR-25578
Fixed an issue where the number of Trusted Source Addresses in the Authentication Settings (PanoramaCloud ServicesConfigurationMobile Users—Explicit ProxySettingsAuthentication Settings) was limited to 50,000 entries (the new limit is 100,000 entries).
CYR-24568
Fixed an issue where, in the Policies tab, when you clicked the Preview Rules button, the Export button was clickable but not exporting in PDF/CSV format. This caveat applied to the Explicit_Proxy_Device_Group, Mobile_User_Device_Group, Remote_Network_Device_Group, and Service_Conn_Device_Group.
CYR-25402
Fixed an issue where, when using a 10.2.2 Panorama to manage a Panorama Managed Prisma Access 3.1.2 deployment, when attempting to download Preview Rules in the Mobile_User_Device_Group (PoliciesPreview RulesPDF/CSV), a 500 Internal Server Error was received.

Prisma Access 3.1.0-h50 Addressed Issues

Issue IDDescription
CYR-25637
Fixed an issue where, when enabling allow listing for mobile user IP addresses in a candidate configuration when the active configuration does not have allow listing enabled, not all of the existing IP addresses were allow listed in the candidate configuration.
CYR-24929
Fixed an issue where, when onboarding locations for a Mobile User—GlobalProtect deployment, the Japan Central and Japan South locations were not displayed in the Asia, Australia & Japan section of the Locations tab.
CYR-24800
Fixed an issue where the Enable DDNS check box was not displayed after upgrading from a single tenant to a multitenant deployment.
CYR-24453
Fixed an issue where, when trying to remove locations, existing onboarded locations could not be deselected, or multiple locations were deselected when only a few locations were chosen.
CYR-24377
Fixed an issue where the Bandwidth Usage field was not displaying for aggregate bandwidth remote network deployments.
CYR-23502
Fixed an issue where, when downloading current mobile user information from locations in the Japan Central compute location, the downloaded CSV information differed from the results obtained in the UI.
CYR-22799
Fixed an issue where address blocks in the RFC 6598 subnet (100.64.0.0/10) were not being blocked when configuring the infrastructure subnet, GlobalProtect mobile user IP address pool, or remote network or service connection static subnets.
CYR-21462
Fixed an issue where administrators could add *.*, *.com, *.net, and similar wildcard URLs to bypass Explicit Proxy authentication for all domains in custom EDL categories.
CYR-25131
Fixed an issue where, when setting up Autonomous DEM in a Prisma Access multitenant deployment, bandwidth units were not selectable and were grayed out.

Prisma Access 3.1.0-h25 Addressed Issues

Issue IDDescription
CYR-24578
Fixed an issue where, when renewing the certificate you use for the GlobalProtect app and Autonomous DEM, a message indicated that the certificate generated successfully, but a new certificate was not created because the existing certificate was still valid.
CYR-24263
Fixed an issue where DLP Data Filtering settings were being overwritten by settings in the Cloud Services plugin.

Prisma Access 3.1.0-h10 Addressed Issues

Issue IDDescription
CYR-24244
Fixed an issue where generating a certificate using GlobalProtect App Log Collection and Autonomous DEM in the Prisma Access UI was failing.
CYR-23774
Fixed an issue where you could not add proxy IDs in the Proxy ID tab when onboarding service connections and remote networks.

Prisma Access 3.1.0-h3 Addressed Issues

Issue IDDescription
CYR-23964
Fixed an issue where, when adding IP addresses to the Egress IP Allowlist, an Operation Failed pop-up window displayed with a required_ip_count unexpected here message.
CYR-23515
Fixed an issue where, when migrating to an aggregate bandwidth deployment, a There was an error while trying to migrate message was displayed.
CYR-23456
Fixed an issue where, when switching between tenants in a multi-tenant deployment, a tenant-name is invalid message was displayed.

Prisma Access 3.1.0 Addressed Issues

Issue IDDescription
CYR-23758
Fixed an issue where, when configuring service connections, the Manage Site did not display in the Service Connections tab.
CYR-23668
Fixed an issue where the PanoramaCloud ServicesStatusMonitor page could not display Service Stats except Strata Logging Service. Service Stats for Service Connection, Remote Networks, Mobile Users—GlobalProtect, and Mobile Users—Explicit Proxy were not populated.
CYR-22604
Fixed an intermittent issue where, when Security profiles were attached to a policy, files that were downloaded across TLS sessions decrypted by the firewall were malformed.
CYR-22127
Fixed an issue where, when configuring QoS for a newly-added site (PanoramaCloud ServicesConfigurationRemote NetworksSettingsQoS), the Allocation Ratio displayed as NaN%.
CYR-21756
Fixed an issue where, in a situation where other locations in the same compute region had an autoscale event, a newly-onboarded location might show a Provisioning Status of Not Provisioned in the Egress IP Allow List table (PanoramaCloud ServicesConfigurationMobile Users—GlobalProtect).
CYR-21553
Fixed an issue where, when configuring more than 63 HIP profiles in a Mobile Users—GlobalProtect deployment, an error message with multiple occurrences of the word Error: was received during commit.
CYR-19983
Fixed an issue where, if you Enable IPv6, selected the compute locations in IPv6 Availability, committed and pushed your changes, then deselected Enable IPv6, the selections you made in the IPv6 Availability tab became deselected.
CYR-19017
Fixed an issue where IPv6-related choices under Cloud ServicesConfigurationService ConnectionBGP were displayed, even if IPv6 was not enabled.
CYR-17739
Fixed an issue where, when configuring an Explicit Proxy deployment, if you onboard your deployment, then retrieve the Explicit Proxy public IP addresses, you received the active IP addresses to add to your allow list, but did not receive the pre-allocated backup IP addresses.

Prisma Access 3.0.0-h24 Preferred and Innovation Addressed Issues

Issue IDDescription
CYR-23400
Fixed an issue where, when migrating from a single tenant to a multi tenant Prisma Access-Prisma SD-WAN deployment, remote network tunnels failed during plugin upgrade from 2.0 to 3.0.
CYR-23378
Fixed an issue where, when configuring QoS for remote networks, Guaranteed Bandwidth had to be entered on a per-site level.
CYR-23230
Fixed an issue where remote network tunnels did not migrate successfully when migrating from a single tenant to a multi-tenant Prisma Access-Prisma SD-WAN deployment.
CYR-22200
Fixed an issue where QoS profiles could not be assigned on a per-link basis for remote networks that use multiple ECMP tunnels.
CYR-22127
Fixed an issue where, when configuring QoS for a newly-added site (PanoramaCloud ServicesConfigurationRemote NetworksSettingsQoS), the Allocation Ratio displayed as NaN%.
CYR-21754
Fixed an issue where, when selecting Manual Gateway Locations for a Mobile Users—GlobalProtect deployment, you could not select all gateways, or the gateways you previously selected did not pre-populate in the Manual Gateway Locations tab.
CYR-15338
Fixed an issue where, in a multi-tenant environment, tenant names with a period (.) in the name caused configuration tabs to be grayed out after commit.

Prisma Access 3.0.0-h4 Preferred and Innovation Addressed Issues

Issue IDDescription
CYR-19898
Removed fields related to Network Packet Broker from the Panorama UI in Prisma Access device groups. Network Packet Broker is not applicable to Prisma Access deployments.

Prisma Access 3.0.0 Preferred and Innovation Addressed Issues

Issue IDDescription
CYR-21875
Fixed an issue where, after upgrading to PAN-OS 10.1, some GlobalProtect tunnels fell back to SSL instead of IPSec due to the inadvertent encapsulation of the ICMP keepalive response from the firewall.
CYR-19598
Fixed an issue where, when using explicit proxy, some users might experience an issue where some websites are not able to be accessed after the ACS Cookie Lifetime has expired.
CYR-13662
Fixed an issue where, after you make configuration changes to an existing service connection or remote network connection (for example, changing the bandwidth, region, QoS, or BGP values), the job details in the Deployment Status page (PanoramaCloud ServicesStatusStatusDeployment StatusDetails) might display a value of TIMEOUT, even if the job completed successfully.