Prisma Access
Prisma Access Addressed Issues
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Prisma Access Addressed Issues
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The following topics describe issues that have been addressed in Prisma Access 4.0.
Prisma Access 4.0.0-h90 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-41857 | Fixed an issue where if the user did not configure QoS profiles under NetworksQoS Profile, the local commit validation on Panorama plugin was getting skipped. |
| CYR-41569 | Fixed an issue where, when only one region was onboarded in a Mobile Users—GlobalProtect deployment, removing a location in that region resulted in a plugin validation error. |
| CYR-41472 | Fixed an issue in a multitenant environment where, if users did not provide units for Remote Networks or Mobile User in the sub-tenant creation tab, the error message displayed Please specify a bandwidth for your Clean Pipe deployment instead of Please specify a bandwidth for your Remote Networks/Mobile Users. |
| CYR-39874 | Fixed an issue where an Explicit Proxy template was created without Explicit Proxy being onboarded, which caused an issue when Explicit Proxy was onboarded later. |
Prisma Access 4.0.0-h88 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-41084 | Fixed an issue where, after disabling the Cloud Identity Engine integration with Prisma Access, existing Group Mapping Settings caused an error upon commit. |
| CYR-39553 | Fixed an issue where the Autonomous DEM AIOps Allocated Total number was incorrect for multitenant setups. |
| CYR-38605 | Fixed an issue where the rebranded Cortex Data Lake name of Strata Logging Service was not displaying correctly. |
| CYR-29408 | Fixed an issue where the Cloud Services plugin did not manage SDWAN devices that were deployed in Fedramp environments. |
Prisma Access 4.0.0-h83 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-39795 | Fixed an issue where, after installation of the Cloud Services plugin, an Explicit Proxy Kerberos server profile (default_server_profile) was installed by the __cloud_services user, even though Explicit Proxy was not enabled. |
Prisma Access 4.0.0-h80 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-37004 | Fixed an issue where panorama commit was failing with a profiles -> dlp-data-profiles unexpected here error after upgrading the Cloud Services plugin from 3.2.1 to a 4.0.0 or later version. |
| CYR-34770 | Fixed an issue where, if you configured multiple portals in Prisma Access for the Mobile Users—GlobalProtect deployment, you must also configure an authentication profile under Client Authentication on all portals. |
Prisma Access 4.0.0-h78 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-37665 | Fixed an issue where, after migrating a tenant to a multi-tenant deployment, the Explicit_Proxy_Template was not created correctly and commit failed for the first tenant that was migrated. |
| CYR-37562 | Fixed an issue where, when you disable the multiportal feature flag and the Cloud Services plugin from 3.2.1, 4.0.0, or 4.1.0, you still see the option to enable or disable multiportal from the UI. |
| CYR-37244 | Fixed an issue where, after upgrading the Panorama that manages Prisma Access to a PAN-OS version of 11.0.0 or later, the Delete button in the Remote Networks onboarding section was not enabled when a Remote Network was selected. |
| CYR-36895 | Fixed an issue where the IPv6 proxy-ID tab was missing when IPv6 was enabled for multi-tenant setups. |
| CYR-34482 | Fixed an issue where two Data Filtering tabs are seen under the Objects tab and one tab is undefined. |
| CYR-24798 | Fixed an issue where in multi-tenant mode, there is no space between the Unallocated text and unallocated bandwidth number in the multi-tenant bandwidth allocation window. |
| CYR-22671 | Fixed an issue where, in a multi-tenant deployment, the first tenant (the tenant you migrated) had prefixes appended to the device groups, templates, and template stacks such ar mu-dg, rn-tpl, and so forth. Only the tenants you create after you migrate the first tenant should have prefixes appended. |
Prisma Access 4.0.0-h72 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-35838 | Fixed an issue where sub-tenants were being inadvertently deprovisioned during a Panorama commit. This fix includes a plugin enhancement where subtenants will need to be explicitly deprovisioned by the Panorama admin to remove them from the Prisma Access infrastructure. |
Prisma Access 4.0.0-h68 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-36213 | Fixed an issue where an internal daemon was restarting, which caused a configuration sync status issue on Panorama. |
|
CYR-35811
|
Fixed an issue where a Commit and Push
operation was failing due to an empty subtenant ID for a newly
added subtenant.
|
| CYR-34966 | Fixed an issue where, when assigning Customize Per Site values for QoS for remote networks, remapped locations could not be selected or customized. |
Prisma Access 4.0.0-h64 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-37003 |
Fixed an issue where, after upgrading the Panorama that manages
Prisma Access to 10.2, multitenant deployments had one or more
sub-tenants deleted after a local commit was performed. Note
that, after you install the plugin that contains this hotfix and
delete a tenant, the tenant is deleted locally on the Panorama
but its configuration remains in the Prisma Access
infrastructure.
It is recommended that you backup your Panorama configuration
before you delete any sub-tenants.
To completely delete the tenant, reach out to your Palo Alto
Networks account representative or partner, who will contact the
SRE team and submit a request to delete the tenant from your
infrastructure.
|
| CYR-36299 | Fixed an issue where the link for Prisma Access App in the PanoramaCloud ServicesZTNA connector tab was broken. With this fix, Use the Prisma Access tab to use ZTNA Connector redirects users to the correct cloud management URL https://stratacloudmanager.paloaltonetworks.com/settings/ztna-connector/overview to access ZTNA connector configurations. |
Prisma Access 4.0.0-h57 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-34118 | Fixed an issue where, if using Explicit Proxy in multitenant mode and after upgrading to a plugin that is 3.2.0 or later, Block Settings and Authentication Settings migrations did not take place. |
| CYR-35811 | Fixed an issue where a Commit and Push operation was failing due to empty sub-tenant-id for a newly added subtenant. |
Prisma Access 4.0.0-h53 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-33526 | Fixed an issue where Prisma Access attempted to fetch user attributes from Cloud Identity Engine (CIE) on every commit and push instead of just when the Directory Sync Service Group Mapping Settings configuration changed. |
| CYR-33761 | Fixed an issue where, when after clicking Integrate with SDWAN under Cloud Services Configuration, the button is not hidden even though the integration completed successfully. |
Prisma Access 4.0.0-h51 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-35078 | Fixed an issue where an internal DNS domain could not be set and the following message was displayed: Invalid wildcard domain name. The domain name can have only one asterisk in the first position. |
| CYR-34966 | Fixed an issue where remapped compute locations did not display in the QoS settings for remote networks under Customize Per Site. |
| CYR-34616 | Fixed an issue where the PanoramaQoS Statistics page displayed an inflated number of dropped packets. |
| CYR-34429 | Fixed an issue where local commits were failing after an upgrade to the 4.1.0 Cloud Services plugin. |
| CYR-34328 | Fixed an issue where the Prisma Access UI was loading due to feature flags not being present in the setup. |
| CYR-34118 | Fixed an issue where, if using Explicit Proxy in multitenant mode and after upgrading to 3.2.0+ plugin, Block Settings and Authentication Settings migrations did not take place. |
| CYR-34053 | Fixed an issue where, after a compute location was remapped, remote network QoS settings could not be applied to the remapped compute location. |
| CYR-33969 | Fixed an issue where a Mobile Users—GlobalProtect configuration was deleted without the plugin user having deleted the configuration. |
| CYR-33930 | Fixed an issue where an IPv4 validator was used for IPv6 IP address validation in the Mobile Users DNS setting. |
| CYR-33805 | Fixed an issue where the Remote Networks and Mobile Users text in the Multi Tenant creation window was misaligned and did not properly indicate which component the allocation charts were for. |
| CYR-33202 | Fixed an issue where 127.0.0.1 was allowed to be entered for internal DNS resolution settings. |
| CYR-25509 | Fixed an issue where an unsupported debug command was exposed. |
Prisma Access 4.0.0-h41 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-33844 | Fixed an issue where the following Cloud Services
plugin builds were not compatible with the following M-series
Panorama devices:
|
| CYR-33781 | Fixed an issue where a commit failure was received when using the Explicit Proxy Trusted Source Address feature and upgrading from the 3.2.1 Cloud Services plugin to a 4.0 plugin. |
| CYR-33757 | Fixed an issue in the Traffic Steering Rule Source tab where clicking on a Source Address or Address-Group in the drop-down list caused an incorrect item in the list to be selected. |
| CYR-33695 | Fixed an issue where traffic steering rules could not be disabled or moved, and in other cases, a No object to edit in move handler error was encountered and no changes could be applied to the traffic steering rule. |
| CYR-33202 | Fixed an issue where 127.0.0.1 was allowed to be entered for internal DNS resolution settings. |
| CYR-32221 | Fixed an issue where, after clicking on the Connection Name of a Remote Network and then returning back to the previous page, the Peer IP Address displayed as Loading. |
| CYR-32186 | Fixed an issue where a Permission Denied error was received when attempting to delete a remote network. |
Prisma Access 4.0.0-h23 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-33066 | Fixed an issue where, when setting up traffic replication, an error was received if the Member/User field was longer than 31 characters. |
| CYR-32488 | Fixed an issue where ADEM could not be enabled at a remote network compute location, even though the ADEM-AIOPS license was enabled. |
Prisma Access 4.0.0-h20 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-31535 | Fixed an issue where the ADEM-AIOPS SKU did not display in the multi-tenant web interface. |
| CYR-30517 | Fixed an issue where the maximum number of IKE peers per IPSec termination node was not enforced using a validation check. |
| CYR-27018 | Fixed an issue where the Cloud Services Plugin was not able to send dynamic updates requests using nsupdate to the external DNS server. |
Prisma Access 4.0.0-h8 Addressed Issues
| Issue ID | Description |
|---|---|
|
CYR-31173
|
Fixed an issue where when exporting CSV data for all active
mobile users, data for only 9000 users was exported instead of
for all users.
|
|
CYR-29945
|
Fixed an issue where Clientless VPN was getting enabled every
time the cloud configuration was updated, causing commit to
fail.
|
|
CYR-23502
|
Fixed an issue where, when downloading current mobile user
information from locations in the Japan Central compute
location, the downloaded CSV information differed from the
results obtained in the UI.
|
Prisma Access 4.0 Addressed Issues
| Issue ID | Description |
|---|---|
| CYR-44994 | Fixed an issue where remote network documentation was not clear that licensed bandwidth is calculated using the sum of both ingress and egress traffic. |
|
CYR-39553
|
Fixed an issue where the Autonomous DEM AIOps Allocated total
number is incorrect for multitenant setups.
|
|
CYR-37562
|
Fixed an issue where, when you disable the multiportal feature
flag and the 3.2.1, 4.0.0, or 4.1.0 plugin, you still see the
option to enable or disable multiportal from the UI.
|
|
CYR-31236
|
Fixed an issue where the SSH Management Profiles
Settings tab was missing from templates.
|
| CYR-30842 | Fixed an issue where the GlobalProtect App Log certificate was not getting renewed in Panorama. |
| CYR-30729 | Fixed an issue where commit was failing when Clientless VPN and multiple portals were both enabled. |
| CYR-30586 | Fixed an issue where, after enabling X-Authenticated-User (XAU) header on incoming HTTP/HTTPS requests for Identity, the XAU checkbox was deselected. |
| CYR-30208 | Fixed an issue where a commit on a new Panorama appliance with Explicit Proxy configuration failed with a 'missing users' error. |
| CYR-29809 | Fixed an issue where, if the user onboarded mobile users locations and did not choose any locations to be selected on the Manual Gateway Locations tab, subsequent local commits on the Panorama appliance were failing with the 'Failed to find any locations in path: cloud_services/mobile-users/onboarding/entry/manual-gateway/region/entry/locations/memberregions validation for manual-gateway failed for Mobile Users.Failed plugin validation' error. |
| CYR-29464 | Fixed an issue where the Peer IP Address did not display in a multitenant deployment. |
| CYR-29431 | Fixed an issue where an extra SAML IdP configuration was added to the Mobile User Gateway configuration, causing the commit to fail with the error 'interface '-' is not a valid reference'. |
|
CYR-29421
|
Fixed an issue where modifying the Mobile User GlobalProtect
gateway configuration to use a SAML IdP authentication profile
and clicking okay caused an extra configuration to be added to
Panorama, which also caused commit to fail with an error
interface '-' is
not a valid reference'.
|
| CYR-29160 | Fixed an issue where the GlobalProtect App Log cert was not getting saved when Panorama was in FIPS-CC mode. |