Known Issues in VM-Series Plugin 1.0.11
Table of Contents
Expand all | Collapse all
-
-
-
-
- Features Introduced in Zero Touch Provisioning 2.0
- Known Issues in the Zero Touch Provisioning 2.0.4 Release
- Known Issues in the Zero Touch Provisioning 2.0.3 Release
- Known Issues in the Zero Touch Provisioning 2.0.2 Release
- Known Issues in the Zero Touch Provisioning 2.0.1 Release
- Known Issues in the Zero Touch Provisioning 2.0.0 Release
- Limitations
-
-
Known Issues in VM-Series Plugin 1.0.11
The following list describes known issues in the VM-Series
Plugin 1.0.11.
PLUG-4654
In some cases, a VM-Series firewall configuration
with SRIOV on KVM might not boot in DPDK mode.
To ensure that firewall boots in DPDK mode, edit
the Guest VM XML configuration on the KVM hypervisor as follows:
This ensures that the CPU flags are exposed. To verify that the CPU flags are exposed on the VM:<cpu mode='host-passthrough' check='none'/>
cat /proc/cpuinfo
In the flags output,
look for the following flags:
- For PAN-OS 9.1 with DPDK 1.11, you need AVX, or AES and SSE.
- For PAN-OS 9.1 or later with DPDK version 18.11, you need AVX or SSE.
This behavior is documented in the VM-Series Deployment Guide,
version 9.1.
PLUG-4394
On Azure, Active/Passive HA configurations
that use a floating IP address sometimes experience loss of traffic
after failover.
Upon failover, Azure starts moving the floating
IP address from the primary to the secondary. If the HA pair is
restored and control returns to the primary before the IP address
moves to the secondary, traffic is lost.
Workaround:
To restore traffic, you must temporarily suspend
the primary so that the secondary (which has the floating IP address)
is active.
This issue is fixed in VM-Series plugin version 1.0.12.
PLUG-3721
On VM-Series firewalls deployed using
a flexible Pay-As-You-Go (PAYG) license, the Dashboard and
under DeviceLicenses in
the web interface or using request license info in
the CLI displays the capacity license as VM-300 regardless of the
capacity license applied.
Workaround: Execute the command show system info to
verify the capacity license applied to your VM-Series firewall.
PLUG-3650
HA behavior is inconsistent for VM-Series
firewalls deployed on Azure.
This issue is fixed in VM-Series plugin version 1.0.12.
PLUG-3509
HA behavior is inconsistent for VM-Series
firewalls deployed on Azure.
This issue is fixed in VM-Series plugin version 1.0.12.
PLUG-3562
In OCI, if you assign secondary IP addresses
to HA interfaces, those IP addresses are incorrectly moved to the
passive HA peer in the event of a failover.