On This Page
Bugs - Resolved and Unresolved
Overview
The reference table includes bugs resolved in R23-2 and above, as well as unresolved issues across all supported versions. For older resolved bugs, see the relevant release in the Release Notes Knowledge Center.
To filter the results, enter text in one or more of the filter fields. To see all items, clear the filter fields.
Resolved Bugs
Bugs fixed in at least one version of TOS are considered resolved. The reference table below includes:
-
Affected Release: The general availability release (GA or hot fix-HF) in which the bug was reported, as well as other major releases in which it is known to exist. If a bug was found in a release candidate (RC) - also known as early availability - and fixed in GA, the release is not considered affected and will not be listed.
-
Fixed Versions: The first minor version from which the bug was fixed for each Affected Release and/or the GA version of the following release. RC versions will not appear.
Unresolved Issues
Issues that have been reported but not yet fixed are considered unresolved. The Affected Releases column includes the first known affected release as well as the text "and later," in cases where the bug is assumed to exist in subsequent releases.
Reference Table
References |
Affected Releases |
Fixed Versions |
Description |
Tags |
---|---|---|---|---|
TOS-101638 Case 00157014 |
R24-2 |
R24-2 PHF1.2.0 |
SecureChange is inaccessible. |
|
TOS-97897 Case 00149835 |
R24-1 R24-2 |
R24-2 PHF1.0.0 |
For Cisco FMC devices, groups with literal wildcards cause the revision to fail. |
cisco, fmc |
TOS-98443 Case 00152155 |
R24-1 R24-2 |
R24-2 PHF1.0.0 |
Cisco ACI cannot retrieve a revision. Error: <error code="403" text="Token was invalid (Error: Invalid input token data)"/> |
cisco, aci |
TOS-97683 Case 00149835 |
R24-1 R24-2 |
R24-2 PHF1.0.0 |
FMC devices that use legacy UI configured with literal subnets, which contain white spaces at beginning or end, cause the revision to fail. |
fmc |
TOS-98556 Case 00151883 |
R24-1 R24-2 |
R24-2 PHF1.0.0 |
After an upgrade to R24-2 with more than 500 devices, running Verifier returns the following error: Error message: "No revisions were received for this target device (0)" |
verifier, panorama |
TOS-98214 Case 00150752 |
R24-1 R24-2 |
R24-2 PHF1.0.0 |
On Cisco ASA devices, revisions are associated with the wrong accounts in Change Viewer. |
cisco, asa, change viewer |
TOS-97827 Case 00146653 00149146 |
R23-2 R24-1 R24-2 |
R24-2 PHF1.0.0 |
Rule Viewer's Last Hit field displays inaccurate length of time. |
rule viewer, last hit |
TOS-99091 Case 00147952 |
R24-2 |
R24-2 PHF1.0.0 |
Upgrade procedure gets stuck on the bridge-scheduler validation. |
upgrade |
TOS-96071 Case 00148677 |
R24-2 |
R24-2 PHF1.0.0 |
When the network contains two secured hubs, path analysis shows incorrect data. |
path analysis |
TOS-97557 Case 00138877 |
R23-2 R24-1 R24-2 |
R24-2 PHF1.0.0 |
For FMG devices, tickets get stuck and cannot progress unless adjusted manually. |
fmg |
TOS-97969 Case 00151207 |
R24-1 R24-2 |
R24-2 PHF1.0.0 |
Sorting by the “Last Update” column in the Tickets table causes rows to appear out of order when some tickets have update dates in the UTC time zone without milliseconds. |
tickets |
TOS-99238 Case 00152155 |
R24-1 R24-2 |
R24-2 PHF1.0.0 |
Revisions cannot be retrieved from an ACI 5.3 device configured with a transparent proxy in SecureTrack. |
aci |
TOS-97784 Case 00148296 |
R24-1 R24-2 |
R24-2 PHF1.0.0 |
Exporting the Audit trail report fails due to a Null Pointer Exception. |
reports |
TOS-97036 Case 00141223 |
R23-2 R24-1 R24-2 |
R24-2 PHF1.0.0 |
Ticket dependency calculations for group modification tickets on Check Point Devices causes the SecureTrack server to crash due to lack of memory. |
tickets, check point |
TOS-96628 Case 00147151 |
R23-2 R24-1 R24-2 |
R24-2 PHF1.0.0 |
Last Hit is not being updated in Rule Viewer for some large devices when multiple devices with many rules are added. |
rule viewer, last hit |
TOS-96301 Case 00148819 |
R24-1 R24-2 |
R24-2 PHF1.0.0 |
Rules for Cisco XR Routers are missing in Rule Viewer, and in the Compare Revisions page > Rules tab. This occurs when the interface is configured with “!” before the associated Access Control List (ACL). |
cisco, routers, rule viewer |
TOS-96177 Case 00148687 |
R23-2 R24-1 R24-2 |
R24-2 PHF1.0.0 |
Parsing fails to identify SD-WAN routes for Cisco Routers when the output returned from the router starts with information unrelated to the actual routing data. Log message: Finish parsing content. evpn route count: 0. |
cisco, routers |
TOS-99577 TOS-99615 TOS-99685 TOS-99682 Case 00153213 |
R24-1 R24-2 |
R24-1 PHF4.1.0 R24-2 PHF1.0.0
|
After running tos dr switch as part of Disaster Recovery, the cluster does not return to a healthy state. Error messages include:
|
disaster recovery |
TOS-99181 TOS-99182 Case 00154081 |
R24-1 R24-2 |
R24-1 PHF4.1.0 R24-2 PHF1.0.0 |
TOS install and upgrade procedures fail with DNS error message when DNS is configured correctly. Error message: ERROR DNS misconfiguration: lookup test-tufin.local on xx.xx.xx.x:xx: server misbehaving In R24-1, only relevant for PHF4.0.0. |
install, upgrade, dns |
TOS-96848 TOS-96849 Case 00146741 |
R24-1 R24-2 |
R24-1 PHF4.0.0 R24-2 PHF1.0.0 |
After upgrading to R24-1, syslog change manager crashes. |
syslog, upgrade |
TOS-96490 TOS-96567 Case 00146667 |
R24-1 R24-2 |
R24-1 PHF4.0.0 R24-2 PHF1.0.0 |
Prisma/GPCS RN-SPN object does not appear in the Topology Map. |
prisma, topology |
TOS-96206 TOS-96207 Case 00139132 00144092 |
R24-1 R24-2 |
R24-1 PHF4.0.0 R24-2 PHF1.0.0 |
Error page appears shortly after logging in to TOS. Additional information: neo4j timeout error appears in log. |
graphql, backup |
TOS-96191 TOS-96322 Case 00148349 |
R23-1 R23-2 R24-1 R24-2 |
R24-1 PHF4.0.0 R24-2 PHF1.0.0 |
Fortinet firewalls appear connected, but the ADOMs and VDOMs under it show a connection error. |
fortinet |
TOS-96028 TOS-96064 Case 00148528 |
R24-1 R24-2 |
R24-1 PHF4.0.0 R24-2 PHF1.0.0 |
Last hit not working for Azure Firewall rules. |
azure |
TOS-93139 Case 00145499 |
R24-1 |
R24-1 PHF4.0.0 |
The number of pods exceeds the Kubernetes limit of 110. |
pods |
TOS-92774 Case 00144198 |
R24-1 |
R24-1 PHF4.0.0 |
Clean install of R24-1 shows no TLS 1.2 ciphers; however, if you upgrade from a previous version to R24-1, the TLS 1.2 ciphers still exist. |
tls |
TOS-93485 TOS-93476 Case 00146342 |
R24-1 |
R24-1 PHF4.0.0 |
Scheduled reports are not shown in the report repository. |
reports |
TOS-96065 TOS-96064 TOS-96028 Case 00148528 |
R24-1 R24-2 |
R24-1 PHF4.0.0 R24-2 PHF1.0.0 |
No last hits are received on the Azure Firewall due to a case sensitivity issue between the Workspaces API and the Diagnostic Settings API for the workspaceID field. |
azure, api |
TOS-96193 TOS-96306 Case 00147700 |
R24-1 R24-2 |
R24-1 PHF4.0.0 R24-2 PHF1.0.0 |
Import of Panorama devices to TOS fails. Error message: CSM error:General Failure |
panorama, import |
TOS-95518 TOS-96092 Case 00146252 |
R24-1 R24-2 |
R24-1 PHF4.0.0 R24-2 PHF1.0.0 |
For Cisco ACI devices, path analysis shows incorrect contracts when clicking on a matched rule. |
cisco, aci, path analysis |
TOS-96233 TOS-96234 Case 00128075 |
R24-1 R24-2 |
R24-1 PHF4.0.0 R24-2 PHF1.0.0 |
For Azure VNETS, subnets are missing from the topology map. |
azure |
TOS-96339 TOS-96546 Case 00149627 |
R24-1 R24-2 |
R24-1 PHF4.0.0 R24-2 PHF1.0.0 |
Provisioning to a VMware NSX device fails when the rule contains an internet object. |
vmware, nsx |
TOS-96576 TOS-96659 Case 00142305 |
R23-2 R24-1 R24-2 |
R24-1 PHF4.0.0 R24-2 PHF1.0.0 |
In large environments, dashboard widgets USP Compliance and Cleanup are missing data due to Neo4j timeout. Error message: Something went wrong. |
timeout |
TOS-97050 Case 00149833 |
R24-1 |
R24-1 PHF4.0.0 |
Some non-tiered perpetual licenses installed on certain time-zones cause workflows in TOS to be disabled. |
licensing, workflow |
TOS-94476 TOS-93931 TOS-94880 TOS-94881 TOS-94482 Case 00141815 |
R23-2 R24-1 |
R24-1 PHF4.0.0
|
TOS restore fails because of a corrupt postgres database index. |
restore, database |
TOS-95267 Case 00148423 |
R24-1 |
R24-1 PHF4.0.0 |
Designer fails to run on Cisco ASA devices causing a timeout error due to a service_group with type 0. Error message: Designer fails with error (attached). |
designer, cisco, asa |
TOS-95438 TOS-95439 TOS-95440 Case 00148600 |
R24-1 R24-2 |
R24-1 PHF4.0.0 R23-2 PHF1.0.0 |
The Topology Map does not display AWS cloud data if there is no main route table for one of the VPCs, and the VPC has a Transit Gateway (TGW) attachment connected to a subnet without a routing table. |
topology, aws |
TOS-95980 TOS-96177 TOS-96178 Case 00148687 |
R23-2 R24-1 R24-2 |
R24-1 PHF4.0.0 R24-2 PHF1.0.0 |
Parsing fails to identify SD-WAN routes for Cisco Routers when the output returned from the router starts with information unrelated to the actual routing data. Log message: Finish parsing content. evpn route count: 0. |
sd-wan, cisco |
TOS-96198 TOS-96301 TOS-96302 Case 00148819 |
R24-1 R24-2 |
R24-1-PHF4.0.0 R24-2 PHF1.0.0 |
Rules for Cisco XR Routers are missing in Rule Viewer, and in the Compare Revisions page > Rules tab. This occurs when the interface is configured with “!” before the associated Access Control List (ACL). |
compare, cisco |
TOS-96402 Case 00149553 |
R24-1 |
R24-1 PHF4.0.0 |
Scheduled topology sync runs a day late. |
topology |
TOS-96543 TOS-96621 TOS-96628 Case 00147151 |
R23-2 R24-1 R24-2
|
R24-1 PHF4.0.0 R24-2 PHF1.0.0 |
last hit is not being updated in Rule Viewer for some large devices when multiple devices with many rules are added. |
rule viewer |
TOS-93802 TOS-93738 Case 00145647 |
R24-1 |
R24-1 PHF4.0.0 R24-2 PGA.0.0
|
For Cisco devices, incorrect paths are shown in the Topology Map when there are multiple MPLS-VPN next hops. |
cisco, topology |
TOS-94073 TOS-93079 Case 00137167 |
R24-1 |
R24-1 PHF4.0.0 R24-2 PGA.0.0 |
SecureApp application accepts logs that should be excluded according to the configured conditions. |
secureapp |
TOS-94265 TOS-94734 Case 00143135 |
R24-1 |
R24-2 PGA.0.0 |
For Juniper SRX devices, shadowing rules load a blank page in Rule Viewer. In Compare Revision, the Source and Destination are empty. |
juniper, rule viewer |
TOS-94254 TOS-94507 Case 00143746 |
R23-2 R24-1 |
R24-1 PHF4.0.0 R24-2 PGA.0.0 |
FQDN objects in Check Point devices fail to resolve, preventing their use in SecureChange tickets. |
fqdn, check point |
TOS-93621 TOS-93622 TOS-93623 Case 00145833 |
R24-1 |
R24-1 PHF4.0.0 R24-2 PGA.0.0 |
Revisions cannot be retrieved from Cisco FMC devices due to intermittent 401 errors from the device API. Error messages: Access token invalid, unknown error, unable to get configuration |
fmc, revisions |
TOS-95140 TOS-95141 TOS-95142 Case 00148825 |
R23-2 R24-1 |
R24-1 PHF4.0.0 R24-2 PGA.0.0 |
topology-service crashes when there are large amounts of generic routes. |
topology |
TOS-94215 TOS-94932 Case 00140393 |
R23-1 R24-1 |
R24-2 PGA.0.0 |
When attempting to remove access for a NAT rule with multiple source zones on a FortiManager device , Designer displays an incorrect error message. Incorrect error message: Remove Access suggestions for NAT rules are not supported. Correct error message: No suggestions for this request. |
fortimanager, nat, zones |
TOS-95315 TOS-95560 Case 149061 |
R24-1 |
R24-2 PGA.0.0 |
LDAP users are unable to access SecureChange from SecureTrack despite having the appropriate permissions and SSO enabled. Error message: You do not have permission to access the requested page |
ldap |
TOS-93590 TOS-93872 Case 00140802 |
R22-2 R23-1 R24-1 R24-2 |
R24-2 PGA.0.0 |
Destination zones are removed from USP exception calculations after they are edited. |
usp zones |
TOS-95285 TOS-95281 TOS-95341 Case 00147230 |
R23-1 R23-2 R24-1 |
R24-1 PHF4.0.0 R24-2 PGA.0.0 |
Designer gave incorrect suggestions for Fortimanager devices with central NAT enabled. |
designer, fortimanager, fortinet, access request, workflow |
TOS-95423 TOS-95314 TOS-95424 Case 00149133 |
R22-2 R23-1 R23-2 R24-1 |
R24-2 PGA.0.0 R24-1 PHF4.0.0 |
Device revisions fail to appear in TOS when multiple versions are received at once. |
|
TOS-93843 TOS-93511 TOS-93844 TOS-96295 TOS-96755 Case 00146745 |
R24-1 R24-2 R25-1 |
R24-2 PGA.0.0 R24-2 PHF1.0.0 R24-1 PHF4.0.0 |
Provisioning task fails in Designer after 10 minutes. |
provisioning, designer |
TOS-94127 TOS-94126 TOS-94128 Case 00147293 |
R24-1 R25-1 |
R24-2 PGA.0.0 R24-1 PFH4.0.0 |
NSX-T 4.1 objects do not appear in the Compare Revisions tab. |
nsx-t, compare, revisions |
TOS-94357 TOS-93516 TOS-94358
Case 00143648 |
R24-1 R25-1 |
R24-2 PGA.0.0 R24-1 PHF4.0.0 |
Verifier returns only one result for each Cisco FMC device, even when there are multiple relevant policies. As a consequence, incorrect ticket closures may occur. |
verifier, fmc |
TOS-94803 TOS-94103 Case 00136029 |
R23-2 R24-1 |
R24-2 PGA.0.0 R24-1 PHF4.0.0 |
SecureApp performance slows after performing an action with a Server Group that contains several thousand servers. |
secureapp, server group |
TOS-95292 TOS-94743 Case 00147146 |
R24-1 |
R24-2 PGA.0.0 R24-1 PHF4.0.0 |
Policy Change Notifications syslogs are not generated properly when defining a remote server with FQDN. |
fqdn, syslog |
TOS-95753 TOS-95482 TOS-95755 Case 00146974 |
R24-1 R25-1 |
R24-2 PGA.0.0 R24-1 PHF4.0.0 |
SecureTrack cannot retrieve information about rules using this API call: https://<TUFIN_BASE_URL>/securetrack/api/devices/<device_id>/rules/<id>/documentation |
rules, api |
TOS-94002 TOS-93525 TOS-93526 TOS-93531 Case 00146427 |
R22-2 R23-1 R23-2 R24-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
Upgrade to TOS R24-1 fails when database has saved SecureChange search queries that contain parameters with null values. Log entry:
upgrade failed on Error in /opt/tufin/logs/services/upgrade-manager/scw_upgrade_log 2024-05-29T20:12:48,298 DEBUG [c.t.s.u.BaseUpgrade.readFromResultSet] (main:[]) readFromResultSet query= select id, name, user_id from query order by user_id, lower(name) DESC, last_used DESC NULLS LAST; 2024-05-29T20:12:48,298 DEBUG [c.t.s.u.BaseUpgrade.logParams] (main:[]) params= 2024-05-29T20:12:48,310 ERROR [c.t.s.u.UpgradeProcedure.upgradeFailed] (main:[]) Failed to perform upgrade from version 23.2_GA java.lang.NullPointerException: null cannot be cast to non-null type kotlin.Long at com.tufin.securechange.upgrade.UpgradeTo_24_1_RC1.toUserId(UpgradeTo_24_1_RC1.kt:154) ~[tos2-upgrade.jar:?] at com.tufin.securechange.upgrade.UpgradeTo_24_1_RC1.updateQueriesName(UpgradeTo_24_1_RC1.kt:53) ~[tos2-upgrade.jar:?] at com.tufin.securechange.upgrade.UpgradeTo_24_1_RC1.handleQueryTable(UpgradeTo_24_1_RC1.kt:36) ~[tos2-upgrade.jar:?] at com.tufin.securechange.upgrade.UpgradeTo_24_1_RC1.execute(UpgradeTo_24_1_RC1.kt:24) ~[tos2-upgrade.jar:?] at com.tufin.securechange.upgrade.UpgradeProcedure.upgradeToSpecificVersion(UpgradeProcedure.java:287) [tos2-upgrade.jar:?]at com.tufin.securechange.upgrade.UpgradeProcedure.executeUpgradeFrom(UpgradeProcedure.java:263) [tos2-upgrade.jar:?] at com.tufin.securechange.upgrade.UpgradeProcedure.execute(UpgradeProcedure.java:187) [tos2-upgrade.jar:?] at com.tufin.securechange.upgrade.UpgradeProcedure.main(UpgradeProcedure.java:296) [tos2-upgrade.jar:?] 2024-05-29T20:12:48,314 ERROR [c.t.s.u.UpgradeProcedure.upgradeFailed] (main:[]) Performing Rollback |
upgrade, database |
TOS-82487 TOS-83623 TOS-76514 |
R23-1 |
R23-1 PHF3.0.0 R24-1 PGA.0.0 R24-2 PGA.0.0 |
There is an issue with Designer when submitting an access request. Message: Cannot modify the initial default policy. You need to associate a policy with <FW_Name>. |
designer |
TOS-89207 Case 00131167 |
R23-1 R23-2 R24-1 |
R24-2 PGA.0.0 |
In an LDAP group with multiple users, some users cannot log in to TOS Aurora. |
ldap |
TOS-92105 TOS-92096 Case 00146422 |
R24-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
Revisions cannot be fetched from Cisco Layer 2 switches. Error message: Error occurred when pulling configuration from the device: Wrong arguments |
cisco, monitoring, revision |
TOS-92930 TOS-92931 TOS-93098 Case 00141080 |
R24-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
Azure rule usage data cannot be retrieved when one of the workspaces in the Azure subscription does not have a firewall. |
azure, device viewer, monitoring |
TOS-85264 Case 00132604 |
R23-2 R24-1 |
R24-2 PGA.0.0 |
The SecureTrack user interface is not responsive and backups fail. |
interface, backup, database |
TOS-88663 TOS-86210 TOS-88662 Case 00135105 Case 00134604 |
R23-1 R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 R24-2 PGA.0.0 |
A memory leak in the queue-server process causes the device-collector container to receive a signal segmentation violation (SIGSEGV) and terminate. |
memory |
TOS-87755 Case 00130078 |
R23-1 R23-2 R24-1 |
R24-2 PGA.0.0 |
Tufin MIB file does not contain records of all traps that could be sent to the SNMP server. |
snmp, mib |
TOS-92217 Case 00142229 00144867 |
R24-1 |
R24-2 PGA.0.0 |
TOS logs users out after one minute when LDAP names contain special characters. |
performance |
REL-940 TOS-93395 Case 00146342 |
R24-1 PHF2.0.0 only |
R24-1 PHF2.1.0 R24-2 PGA.0.0 |
Affects R24-1 PHF2.0.0 only. Preconfigured and new scheduled SecureTrack reports in SecureTrack will not run. STRE reports are not affected. |
reports |
TOS-85527 Case 00132604 |
R23-2 R24-1 |
R24-2 PGA.0.0 |
Policy configuration files cannot be uploaded via the CLI for offline analysis |
offline, cli |
TOS-88908 Case 00128822 |
R23-1 R23-2 R24-1 |
R24-2 PGA.0.0 |
Designer is not ignoring rules with the legacy automation attribute. |
designer, graphql, rule viewer |
TOS-91546 TOS-91010 Case 00140569 |
R23-2 R24-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
The connection between Azure hubs is not displayed in the Topology Map. |
azure, topology |
TOS-92216 Case 00139204 |
R23-2 R24-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
Topology information cannot be retrieved for AWS gateway load balancers when there is a NAT object on one of the firewall devices in the target group |
aws, topology |
TOS-92626 TOS-92664 Case 00144173 |
R23-2 R23-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
Cisco ASA service groups are parsed incorrectly when revisions from offline versions are uploaded. Critical messages appear in the device log files. |
cisco, asa |
TOS-92748 Case 00137338 |
R23-1 R23-2 R24-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
For Fortinet devices, after running Designer for the first time and selecting Update Devices, there is an error. Error message: Remove network object <object name> from existing group < group name>. |
fortinet, designer |
TOS-91732 Case 00145833 |
R24-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
For Cisco FMC device logs, received an authentication token for the API, but could not get a revision. Error message: 401 invalid session |
cisco, fmc |
TOS-92473 TOS-93494 TOS-93495 Case 00143723 |
R24-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
Source and destination fields are empty in Compare Revision and appear as N/A in Rule Viewer. |
rule viewer, compare |
TOS-91198 TOS-92353 Case 00135272 |
R23-2 R24-1 |
R24-1 PHF3.0.0 |
Tickets cannot be split into smaller tickets when initiated from SecureApp. |
tickets, access request |
TOS-92113 TOS-92291 Case 00142645 |
R23-2 R24-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
SecureTrack cannot retrieve revisions from Cisco Meraki devices when the device contains a WAN interface with a missing gateway. The user interface shows that the device is being monitored correctly. |
meraki, revisions |
TOS-90268 Case 00137969 |
R24-1 R23-2 |
R24-1 PHF3.0.0 |
Designer suggests creating new network objects on Juniper SRX devices that replace existing network objects. The new network objects have larger/smaller subnets. |
srx, designer |
TOS-90846 TOS-64433 Case 00136704 |
R24-1 R23-2 |
R24-1 PHF3.0.0 |
Revisions from Juniper SRX devices are missing NAT objects with 'any' in the rule source or destination. |
srx, revisions |
TOS-91598 |
R24-1 |
R24-1 PHF3.0.0 |
Azure vnets cannot be imported when there is a proxy server with the local DNS disabled configured in the Azure management device. |
azure, vnet, monitoring |
TOS-90662 TOS-90551 Case 00141900 |
R24-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
SecureTrack cannot monitor Cisco layer 3 devices with a custom login prompt. |
cisco, monitoring |
TOS-90763 TOS-91141 Case 00140256 |
R23-1 R23-2 R24-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
SecureChange tickets are displayed incorrectly in the user interface (for example, closed tickets appear open) because of an indexing issue. |
tickets, indexing |
TOS-91048 TOS-91828 Case 00139686 |
R23-2 R24-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
Permitted traffic to Panorama devices is shown as blocked due to a mismatch between the predefined services in TOS and the predefined service on the device. |
palo alto, topology |
TOS-89953 TOS-89954 Case 00139616 |
R22-2 R23-1 R23-2 R24-1 |
R24-1 PHF3.0.0 |
For Cisco ASA devices on a remote collector, rule last hit information is inaccurate. |
cisco, asa, remote collector (rc), rule viewer, last hit |
TOS-90842 Case 00142404 |
R24-1 |
R24-1 PHF3.0.0 |
The content of ACI objects in Panorama dynamic access groups does not appear in TOS when the device Is configured with more than one IP address (on the Panorama side). |
cisco, asa, remote collector (rc), rule viewer, last hit |
TOS-90842 Case 00142404 |
R24-1 |
R24-1 PHF3.0.0 |
The content of ACI objects that appear within Panorama dynamic access groups does not appear in TOS. |
aci, dynamic access group (dag), panorama |
TOS-90740 Case 00141155 |
R24-1 |
R24-1 PHF3.0.0 |
Installation crashes. |
|
TOS-90938 TOS-90963 Case 00141793 |
R23-2 R24-1 |
R24-1 PHF3.0.0
|
Device revisions generate errors for Authorization and Ticket Mapping when a deleted object exists a in closed ticket. |
nsx-t, revisions |
TOS-91570 TOS-91830 Case 00136813 |
R23-2 R24-1 |
R24-2 PGA.0.0 |
SecureApp's application history is incorrect for server groups whose connections were updated via API. |
interface, application |
TOS-92074 TOS-92117 Case 00143723 |
R24-1 |
R24-1 PHF3.0.0 |
For NSX devices, source and destination appear as N/A in Rule Viewer. |
rule viewer, nsx-v, nsx-t |
TOS-90949 Case 00141220 |
R23-2 R24-2 R24-2 |
R24-2 PGA.0.0 |
Provisioning fails when special character ü appears in the rule name from SecureApp. |
provisioning |
TOS-88465 TOS-88282 Case 00137095 |
R23-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
For very large installations, the |
cli, deployment |
TOS-90327 Case 00139216 |
R23-2 |
R23-2 PHF2.0.0 R24-1 PHF3.0.0 |
Designer fails to update Panorama configuration in SecureChange. After clicking UPDATE DEVICE, the following error appears: Unexpected error, please, try again |
designer, panorama |
TOS-90335 Case 00141220 |
R23-2 |
R23-2 PHF1.2.0 R24-1 PHF3.0.0 |
For Fortinet devices, Designer calculations are timing out when the rule name is long and contains special characters. |
fortinet, designer |
TOS-90739 Case 00136704 |
R23-2 R24-1 |
R23-2 PHF1.0.0 R24-1 PHF3.0.0
|
NAT objects (Any, Any-IPv4, and Any-IPv6) do not appear in NST tables. |
juniper, revisions |
TOS-90786 TOS-90816 Case 00142649 Case 00145231 Case 00145677 |
R24-1 |
R24-1 PHF3.0.0 |
Topology Map synchronization does not work after the |
topology, cli |
TOS-90877 TOS-90964 Case 00142644 |
R23-2 |
R24-1 PHF3.0.0 |
After processing a request to delete unused tickets, Verifier results are empty. |
verifier, |
TOS-91360 Case 00142762 |
R23-2 |
R24-1 PHF3.0.0 |
FQDNs are getting removed from the rule when disabling a rule with Rule decommission workflow. |
fqdn, workflow |
TOS-91784 Case 00143903 |
R23-2 |
R24-1 PHF3.0.0 |
Upgrading to R24-1 PHF2.0.0 failed. Error message: Failed to execute topology-facade API call. |
upgrade |
TOS-91784 TOS-91847 Case 00143903 |
R23-2 R24-1 |
R24-1 PHF3.0.0 R24-2 PGA.0.0 |
Upgrading to R24-1 PHF2.0.0 failed. Error message: Failed to execute topology-facade API call. |
upgrade |
TOS-90686 TOS-90685 TOS-90699 |
R23-2 |
R23-2 PHF3.2.0 R24-1 PHF2.0 R24-2 PGA.0.0 |
The tos snapshot restore command fails on TOS R23-2 PHF3.1.0. |
upgrade, tufinos |
TOS-90249 TOS-90413 Case 00140888 |
R23-1 R23-2 R24-1 |
R24-1 PHF2.0.0 R24-2-PGA.0.0 |
Netscreen devices managed by Telnet fail to receive revisions. |
fortinet, revisions |
TOS-90122 TOS-90644 Case 00140908 |
R23-2 R24-1 |
R24-1 PHF2.0.0 R24-2 PGA.0.0 |
Gateway load balancers cannot be imported when traffic is blocked from one or more AWS regions. |
aws, gateway load balancer (gwlb) |
TOS-88758 TOS-88792 Cases 00138801 00136903 00141673 |
R23-2 R24-1 |
R24-1 PHF2.0.0 R24-2 PGA.0.0 |
Fortinet ADOM fails to retrieve a revision when there is a space character in the FQDN name. |
fmg, fqdn |
TOS-88009 TOS-90200 Case 00133017 |
R23-1 R24-1 |
R24-1 PHF2.0.0 |
Tickets page loads slowly if there are more than 10,000 tickets present. In addition to improving performance, users can change the default amount of tickets loaded to a lower number. |
tickets, performance |
TOS-88858 TOS-89238 Case 00136095 |
R23-2 R24-1 |
R24-1 PHF2.0.0 R24-2 PGA.0.0 |
Path analysis queries get stuck and do not return results. |
topology, performance |
TOS-89278 TOS-89279 Case 00138255 |
R23-2 R24-1 |
R24-1 PHF2.0.0 R24-2 PGA.0.0 |
Cleanup rest API call returns General error when getting fully shadowed or disabled rules without including the start and count parameters. |
cleanup, api, shadowed rules, disabled rules |
|
R20-1 and later |
Not fixed |
When logging into TOS, a Vimeo cookie is placed in the browser. |
vimeo, security, cookies |
TOS-90147 TOS-90241 TOS-90297 TOS-90562 Case 00140747 Case 141734 |
R24-1 |
R24-1 PHF2.0.0 R24-2 PGA.0.0 |
Revisions cannot be retrieved from Palo Alto devices. In the Compare Revisions page data for these devices is incomplete, and in the Administration > Status page imported Prisma objects show: Error: unknown error. |
device viewer, device groups, panorama, prisma |
TOS-90248 00141900 TOS-90154 TOS-90192 Case 00139664 |
R24-1 |
R24-1 PHF2.0.0 |
Path analysis is incorrect for Cisco VXLAN when the interfaces all share the same IP address and are in different VRF tables. |
topology, cisco |
TOS-80967 Case 00123548, 00128040, 00128578, 00133201, 00136137, 00141218 |
R23-2 R24-1 |
R23-2 PHF1.0.0 |
For FortiGate 7.2.6v devices, cannot get a new revision. |
fortigate, revisions |
TOS-89913 TOS-89773 Case 00140235 |
R23-2 |
R24-1 PHF2.0.0 |
Unable to open a ticket for a workflow, that includes a script, from the "My request" page. Error message: Could not initialize proxy - no Session |
workflow |
TOS-89372 TOS-89373 Case 00139132 |
R23-2 R24-1 |
R24-1 PHF2.0.0 |
Unable to add Fortinet ADOM when the comment includes an array of strings. Error message: Fail to unmarshal data. |
fortinet |
TOS-89233 TOS-89253 Case 00136569 |
R24-1 |
R24-1 PHF2.0.0 |
Unable to import virtual systems (VSYS) from the PanOS device when the version is 11 or higher. |
panos |
TOS-88624 TOS-87559 Case 00135252 |
R23-2 R24-1 |
R24-1 PHF2.0.0 |
Cisco ASA device fails to provision when editing a rule which contains DM_INLINE group even though Designer suggests using it. |
cisco, asa, designer |
TOS-88475 TOS-88193 Case 00136571 |
R23-2 R24-1 |
R24-1 PHF2.0.0 |
Knowledge Center is unavailable when not connected to the internet. Error message: 503 Service Temporarily Unavailable |
ipv6 |
TOS-88875 Case 00137263 |
R23-1 R24-1 |
R24-1 PHF2.0.0 |
Designer cannot create an object with NAT information if it was added from the Object Browser, from a VIP/MIB NAT policy filter, or from the results of path analysis if there is NAT in the path. Error message: <OBJECT NAME> is defined in Zone A and cannot be used in Zone B. |
designer, fmg |
TOS-90248 Case 00141900 |
R24-1 |
R24-1 PHF2.0.0 |
Unable to connect to Layer 3 devices when using a custom login prompt. |
authentication |
TOS-89950 TOS-90055
|
R24-1 |
R24-1 PHF2.0.0 |
After upgrading to R24-1 on a machine with IPv6 configured, the Topology map fails to load and displays the error message "The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.” |
topology, upgrade |
TOS-89455 TOS-89679 Case 00139534 |
R23-2 R24-1 |
R24-1 PHF2.0.0 |
For very large devices, TOS failed to migrate device from the Central Cluster to the Remote Collector. |
remote collector, devices, upgrade |
TOS-89275 TOS-89442 Case 00134503 |
R23-1 R23-2 R24-1 |
R24-1 PHF2.0.0 |
FMC devices cease to function, with tickets failing to process and an error message “Unknown error.” Evidence of memory leaks appear in the logs. |
aci, fmc |
TOS-89166 TOS-88655 Case 00137340 |
R23-2 R24-1 |
R24-1 PHF2.0.0 |
When running a SecureApp ticket with the internet as a source or destination, Designer fails. |
designer, secureapp |
TOS-88686 TOS-88839 Case 00137782 |
R23-1 R23-2 R24-1 |
R24-1 PHF2.0.0 |
The Cleanup Browser, Object Lookup, and Change Browser pages fail to perform device calculations when a large number of devices are present. |
object lookup, cleanup, change |
TOS-87987 TOS-88199 Case 00136023 |
R23-2 R24-1 |
R24-1 PHF2.0.0 |
Running path analysis when the cloud is the only end point causes broken path. |
path analysis |
TOS-87466 No case |
R22-2 R23-1 R23-2 R24-1 |
R24-1 PHF2.0.0 |
Tickets page always reverts to last saved query when navigating away from the page instead of keeping the query performed by the user. |
securechange, tickets |
TOS-89211 TOS-89172 |
R23-1 R23-2 R24-1 |
R24-2 PGA.0.0 |
tos cluster snapshot create and tos cluster snapshot restore commands cannot be run on remote connector clusters. If you are upgrading TufinOS 3 to 4 on a remote collector cluster, you must use the procedure Upgrade TufinOS 3 to 4 Reinstall on Same VM, which requires reinstalling TOS. In R23-2 PHF3.1.0, R24-1 PHF2.0.0 and later versions of the same releases, these commands are blocked from running on remote clusters |
remote collector, snapshot, tufinOS |
TOS-88660 TOS-88686 TOS-88839 Case 00137782 |
R23-1 R23-2 R24-1 |
R24-1 PHF1.0.0 |
When there are more than 15,000 devices, the SecureTrack Object Lookup page loads initial data, but no buttons work. |
object lookup |
TOS-87558 TOS-87566 Case 00135264 |
R24-1 |
R24-1 PHF1.0.0 |
For north-south, ACI-integrated Panorama paths, topology simulation yields an inaccurate security calculation. Error message: Request input is not supported |
aci, panorama, topology |
TOS-87927 Case 00134578 |
R23-2 R24-1 |
R24-1 PHF1.0.0 |
When running Designer on a device which doesn’t support Provisioning “Not run” appears next to the device name in the SecureChange. |
designer, provisioning |
TOS-85792 TOS-85806 Case 00128917 |
R23-1 R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 |
SecureTrack can't retrieve topology data for Azure Virtual hubs when the next hop type is VPN_S2S_Gateway and there is a path with a range. |
azure, topology |
TOS-87552 Case 00128408 |
R22-2 R23-1 R23-2 |
R23-2 PHF3.0.0 |
When running Designer on a Check Point device with an access request that is shadowing a different access request, Designer returns an error. Error message: Designer is unable to suggest changes for this device. |
access request, designer, check point |
TOS-86966 TOS-87046 Case 00131298 |
R23-1 R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 R24-2 PGA.0.0 |
Cisco MPLS interfaces with a short name are parsed incorrectly and displayed as normal interfaces. |
cisco, topology, path analysis |
TOS-87173 TOS-87371 Case 00136366 |
R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 R24-2 PGA.0.0 |
Access-role and security zone objects are displayed as network objects in the CSV file that is created when exporting Unattached Network Objects from the Cleanup Browser. |
cleanup |
TOS-87256 TOS-87365 Case 00131298 |
R22-2 R23-1 R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 R24-2 PGA.0.0 |
The New Revision report isn't being created when new revisions arrive in SecureTrack, and recipients aren't receiving an email. This occurs when the report is the only report, and it is generated for any changes to any devices. |
reports, revisions |
TOS-87380 TOS-87096 TOS-87381 Case 00133018 |
R22-2 R23-1 R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 R24-2 PGA.0.0 |
The result returned by the security_zones api function is missing zone hierarchies |
api, zones |
TOS-87727 TOS-88373 TOS-87813 TOS-87814 Case 00135080 |
R23-2 R24-1 |
R23-2 PHF2.0.0 R24-1 PGA.0.0 R24-2 PGA.0.0 |
SecureTrack can't retrieve dynamic topology for logical routers belonging to NSX-T devices. cloud-topology-service app.log exception: Internal Server Error: null java.lang.NullPointerException: null at com.tufin.cloudtopology.service.builder.nsx.NsxInterfaceBuilder.containIpAddresses(NsxInterfaceBuilder.java:46) ~[classes/:?] |
path analysis, monitoring, nsx-t |
TOS-87903 TOS-87904 Case 00135249 |
R22-2 R23-2 R24-1 |
R23-2 PHF2.0.0 R24-1 PHF1.0.0 |
Upgrade to R23-2 PHF1.0.0 fails due to license restriction errors. Error message: Upgrade service failed with the following errors:\nService tss failed with error: Failed due to license restrictions |
upgrade |
REL-903 Case 00138348 |
R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0
|
Users with external SSO Authentication lose access to SecureChange after upgrading to affected releases. |
upgrade, authentication |
TOS-87733 TOS-87652 Case 00136639 Case 00137992 |
R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 |
When processing UI requests, TOS virtual network issues yield errors or delays in response. |
web interface |
TOS-87583 TOS-87791 Case 00135634 |
R22-2 R23-1 R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 |
SecureApp fails to add an application while trying to delete an application. |
secureapp |
TOS-87433 TOS-87562 TOS-87563 Case 00131110 |
R23-1 R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 |
Some devices are missing in the path when inbound and outbound VRFs are different. |
path analysis |
TOS-87311 Case 00130377 |
R23-1 R23-2 |
R23-2 PHF3.0.0 |
Connection status is red when it should be green. |
path analysis |
TOS-87224 TOS-87369 Case 00135784 |
R23-1 R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 |
Rule Change report does not send notification emails and is not saved in the repository. |
reports |
TOS-86215 Case 00134994 |
R23-1 R23-2 |
R24-1 PGA.0.0 |
When decommissioning a Juniper SRX device with global zone rules, Designer incorrectly includes these rules in its suggestions that can be provisioned. Provisioning global zone rules is not supported for SRX devices. Designer provides manual suggestions only. |
juniper, srx, designer, provisioning, zones |
TOS-86210 TOS-88662 TOS-88663 Case 00135105 |
R23-1 R23-2 R24-1 |
R23-2 PHF3.0.0 R24-2 PGA.0.0 R24-1 PHF1.0.0 |
Device Collector container crashes with exit code 139 (SIGSEV). Related to memory leak on Queue_Server process. |
139, sigsev, memory, queue, device collector |
TOS-86064 TOS-86020 TOS-86065 Case 00135174 |
R23-1 R23-2 |
R23-2 PHF3.0.0 R24-1 PGA.0.0 |
Path analysis provides an incorrect path for Cisco devices when there is an MPLS route. |
cisco, topology |
TOS-85256 Case 00132604 |
R23-2 |
R24-1 PGA.0.0 |
SecureTrack user interface stops responding and displays the following message: Looks like something went wrong. Performance queries were enhanced to resolve this issue. |
performance, user interface |
TOS-85308 Case 00133746 |
R23-2 |
R24-1 PGA.0.0 |
TOS backup export from external storage is not working. |
backup |
TOS-86097 Case 00135594 |
R23-1 R23-2 |
R24-1 PGA.0.0 |
For Check Point devices, cannot create a rule name with more than 30 characters. |
check point, rules |
TOS-81891 TOS-83443 TOS-82557 TOS-82556 |
R23-2 |
R23-2 PHF2.0.0 |
After restoring from a backup, you may experience one or more of the following: high CPU usage, slow response time, incorrect violation calculations, and other unexpected behavior. After upgrading, make a new backup. |
backup, restore |
TOS-81736 TOS-81737 Case 00125837 |
R23-2 |
R23-2 PHF2.0.0 R24-1 PGA.0.0 |
On the Dashboard, Cleanup Trend data for devices with disabled or shadowed rules includes only the first 100 devices. |
cleanup, dashboard, shadowed rules |
TOS-80744 TOS-81930 Case 00127381 |
R23-2 |
R23-2 PHF2.0.0 |
After committing an update suggested by Designer, the commit status report for the ticket displays an end time that’s different from the ticket history. This causes inconsistencies between the Commit Status Report (available after clicking Commit) and the Ticket History and PDF Exports (available from the Ticket screen). |
designer, history |
TOS-79030 Case 00123865 |
R22-2 and later |
Not fixed |
Revisions cannot be processed for Check Point CMA devices that have ‘@’ in an object name. This can be resolved by removing the @ character from all object names in the policy and fetching the revision again. |
check point, cma, revisions |
TOS-80793 TOS-83531 TOS-83611 Case 00121065 |
R23-2 |
R23-2 PHF2.0.0 |
For Fortinet FMG devices with a single policy that has over 140,000 rules, SecureTrack returns an out-of-memory error and cannot retrieve revisions. |
fortinet, fmg,revisions |
TOS-80822 TOS-81413 TOS-81585 Case 00115997 |
R23-2 |
R23-2 PHF2.0.0 |
Slow FMC syslog messages retrieval by SecureTrack due to logs full of prints by the syslog translator. |
cisco, fmc, syslog |
TOS-81563 TOS-82008 TOS-82025 Case 00115997 |
R22-2 R23-1 R23-2 |
R23-2 PHF2.0.0 |
For Cisco FMC devices with more than 30,000 rules, translating FMC syslog traffic devices takes 50 EPS (events per second) instead of 5000 EPS. |
cisco, fmc, syslog |
TOS-82067 TOS-82784 Case 00128589 |
R22-2 R23-1 R23-2 |
R23-2 PHF2.0.0 |
Following forced removal, devices still appear in the Device Viewer and Rule Viewer. |
rule viewer, device viewer |
TOS-82452 TOS-82577 Case 00130384 |
R23-2 |
R23-2 PHF2.0.0 |
For Cisco FMC devices, after a rule modification in SecureChange, the TRUST action for the rule changes to a BLOCK action on the device. |
cisco, fmc, rule modification |
TOS-83533 TOS-83235 Case 00131700 |
R23-2 |
R23- 2 PHF2.0.0 R24-1 PGA.0.0 |
Failure to import Meraki managed devices. |
cisco, meraki, import |
TOS-82108 TOS-83235 Case 00125832 |
R22-2 R23-1 R23-2 |
R23-2 PHF2.0.0 |
Access list entry removal provisioning fails when there are extra spaces at the end of the remark in the configuration file for Cisco ASA devices. |
provisioning, cisco, asa |
TOS-83918 TOS-84101 Case 00131106 |
R23-1 R23-2 |
R23-2 PHF2.0.0 |
Verifier returns a "User Network zone is not configured" message when the User Network zone has no subnet, but a child zone (of the User Network zone) contains a subnet. |
verifier, zones |
TOS-81698 TOS-81702 Case 00127600 |
R23-1 R23-2 |
R23-2 PHF2.0.0 |
Topology Map shows incorrect routing information when there is an Azure VNET with multiple route circuits. |
azure, vnet, topology |
TOS-81388 TOS-81137 TOS-82330 Case 00127011 |
R23-1 R23-2 |
R23-2 PHF2.0.0 |
Topology and zone mapping incomplete for Cisco Meraki devices. |
topology, zones, cisco, meraki |
TOS-56648 |
R22-1 and later |
Not fixed |
For Check Point management devices, there is a known issue with loading the Automatic Policy Generation (APG) page when there is a special character in the inline-layer group name. There is no workaround for this issue. Avoid using special characters (such as #, %, &) when creating inline-layer groups. | check point, automatic policy generation (apg) |
TOS-71264 Case 00116185 |
R23-1 R23-2 |
Not fixed |
For Palo Alto devices, there is a known issue causing Designer to give a global object a name that already exists. |
palo alto, designer |
TOS-66508 Case 00110830 |
R23-1 R23-2 |
Not fixed |
For FortiManager devices, there is a known issue preventing revisions from being retrieved when there is a policy name containing an en dash character. | fortimanager, revisions |
R23-2 and later |
Not fixed | On rare occasions, older requests do not appear in the Requests list upon TOS startup. If this occurs, wait a few minutes and refresh the page. |
requests |
|
R23-2 and later |
Not fixed |
Rule history is not available for Zscaler devices. |
zscaler, history | |
TOS-74048 TOS-76166 |
R23-2 and later |
Not fixed |
In the Rule History tab, there is no indication of the object type for changes to services or security profiles. |
rule viewer, history |
TOS-48645 |
R21-1 and later |
Not fixed |
When an admin uses Rule Viewer to select rules and open a ticket for them, a new SecureChange tab opens in the browser with a draft of the ticket to be submitted. If the new tab does not display the relevant ticket, you will need to refresh the browser window to see the ticket. This issue occurs with the Rule Modification, Rule Decommission, and Rule Recertification workflows. |
rule viewer, tickets, rule modification, rule recertification, rule decommission |
TOS-80597 |
R23-1 R23-2 |
R24-1 PGA.0.0 | Verifier fails for NSX-V objects with the message: Verifier could not calculate the traffic of the input objects in the access request. Contact Tufin support. | nsx-v, verifier, access request |
TOS-82841 TOS-82842 Case 00130640 |
R23-1 R23-2 |
R23-2 PHF2.0.0 |
Topology Map is not updated due to failure when receiving data from an external OPM agent. This occurs when the amount of topology data is over 15,000 entries. | topology |
TOS-82803 TOS-83424 Case 00127150 |
R22-2 R23-1 R23-2 |
R23-2 PHF2.0.0 |
Designer suggestions for Panorama devices cannot be modified. The following error is returned: Waiting for revision from a conflicting ticket, cannot modify the Designer results. This occurs when Designer is configured to create shared objects. | panorama, designer, tickets |
TOS-81465 TOS-81507 Case 00124227 |
R22-2 R23-1 R23-2 |
R23-2 PHF2.0.0 |
Designer suggests creating new rules to provide access when that access is already provided by existing rules. This behavior occurs when the ticket includes applications, and is a result of traffic miscalculation for apps with the same service in a different port when there is a Cisco ACI device in the path. | designer |
TOS-80622 Case 00123016 |
R23-1 R23-2 |
|
When running path analysis on a shared Azure ExpressRoute, additional VNETs are displayed in the path. | path analysis, azure, vnet |
TOS-81745 TOS-82188 Case 00124898 |
R23-1 R23-2 |
R23-2 PHF2.0.0 |
Cleanup instances do not open in the Cleanup page when the revisions have multiple versions. The following message appears to users: Recalculating Revision results. This can take a while. | cleanup, revisions |
TOS-87079 TOS-87148 TOS-87149 Case 00135795 |
R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 |
Cleanup instances do not open in the Cleanup page when the revisions have multiple versions and there is revision parsing order is inconsistent. The following message appears to uses: Recalculating revision results. This may take a while. |
cleanup, revisions |
TOS-83733 Case 00126772 |
R22-2 R23-1 R23-2 |
R23-2 PHF2.0.0
|
When running tos dr switch or tos dr status, the command fails due to no compatible backup files being found even though completed scheduled backup files exist. | revisions |
TOS-82608 TOS-82493 Case 00128588 |
R23-1 R23-2 |
R23-2 PHF2.0.0 |
After running a scan in RLM, tickets with an expiration date later than the rule recertification date will cause a related ticket to be created in Rule Viewer with an ID of 0. | tickets, rule viewer |
TOS-82829 TOS-82550 Case 00128588 |
R23-1 R23-2 |
R23-2 PHF2.0.0, |
Backup files stored on NFS will cannot be deleted in HA environments with disaster recovery configured. | high availability (ha), disaster recovery, backup |
TOS-80781 Case 00127809 |
R23-1 R23-2 |
|
After new tiered license is activated, SecureChange tickets get stuck on the auto-verifier step and cannot proceed. | licensing, tickets |
TOS-79379 Case 00123476 |
R21-3 R22-1 R22-2 R23-1 R23-2 |
|
Performance issues when connecting to an LDAP server. | ldap |
TOS-83494 TOS-77831 TOS-83495 Case 00131041 |
R23-1 R23-2 |
R23-2 PHF2.0.0, |
When fetching a revision from a Cisco ACI device, a null pointer exception (NullPointerException) occurs. | cisco, asa, revisions |
TOS-84153 TOS-84154 Case 00131095 |
R23-2 |
R23-2 PHF2.0.0 |
Domain information for cloud and network objects is missing from the Path Analysis view in the Topology Map. |
cloud, path analysis, topology |
TOS-79559 TOS-79435 Case 00120593 |
R22-2 R23-1 R23-2 |
R23-2 PHF2.0.0 |
A Certified rule status is being overridden by the rule documentation backward-compatibility API. |
api, documentaton |
TOS-82162 Case 00129097 |
R23-1 R23-2 |
R23-2 PHF2.0.0 |
Using an API call to add multiple ARs to a ticket, and marking the status as Done, removes the last AR. |
api, tickets, access request |
TOS-83501 TOS-83503 Case 00130078 |
R23-1 R23-2 |
R23-2 PHF2.0.0 |
Fields are missing from the MIB file. |
documentaton |
TOS-84094 TOS-85275 TOS-85276 Case 00131641 |
R23-1 R23-2 |
R23-2 PHF2.0.0 |
For Juniper SRX devices, static NAT rules do not contain all source members. |
juniper, srx |
TOS-84633 TOS-84657 TOS-84658 Case 00131309 |
R23-1 R23-2 R24-1 |
R23-2 PHF2.0.0 R24-2 PGA.0.0 |
Automatic target analysis fails for Check Point FQDN objects, even though the objects exists. Topology returns the error message: Internal error occurred |
check point, fqdn, topology |
TOS-85138 TOS-85312 TOS-85313 Case 00132715 Case 00133578 |
R23-1 R23-2 |
R23-2 PHF2.0.0 R24-2 PGA.0.0 |
Running the GET Ticket API returns the error: "Parameter specified as non-null is null." |
api |
TOS-85162 TOS-85491 TOS-85244 Case 00130856 |
R22-1 R22-2 R23-1 R23-2 |
R23-2 PHF2.0.0 R24-1 PGA.0.0
|
An "invalid server certificate" error is returned when logging into devices from TOS using Cyberark for external authentication. |
authentication |
TOS-85070 TOS-85110 TOS-85111 Case 00132624 Case 00133290 |
R23-1 R23-2 |
R23-2 PHF2.0.0 R24-1 PGA.0.0 |
Verifier does not support the icmp-proto service in access requests. |
verifier |
TOS-84627 Case 00131389 |
R23-1 R23-2 |
R23-2 PHF2.0.0 |
Local backup fails. |
backup |
TOS-83662 Case 00132169 |
R23-1 R23-2 |
R23-2 PHF2.0.0 |
Provisioning fails on FortiManager devices with the message: Update FortiManager_for_FFM did not run: Rule contains only IPv4 src or dest addresses, both IPv6 srcAddr and IPv6 dstAddr should be available in a change. This occurs when trying to replace a group. |
provisioning, topology, ipv6 |
TOS-82694 Case 00129609 Case 00114483 |
R22-2 R23-1 R23-2 |
R23-2 PHF2.0.0 |
No requests shown when filtering for closed tickets in a group that contains more then 35310 tickets. |
tickets, requests |
TOS-81384 Case 00126283 |
R23-1 R23-2 |
R23-2 PHF2.0.0 |
Communication between SecureTrack and SecureChange is frequently interrupted. The following message appears: SecureTrack settings:Cannot connect to SecureTrack.Five minutes later, this message appears: SecureTrack settings:Connection successful. |
|
TOS-84941 TOS-85084 Case 00133674 |
R23-1 R23-2 |
R23-2 PHF2.0.0 |
Importing data using the SecureApp Import Applications template fails with error message “Cannot import application data” when empty rows are present. |
secureapp, import, template |
TOS-83357 TOS-83394 TOS-83357 Case 00126123 |
R23-2 |
R23-2 PHF2.0.0 |
Designer failed with the error message "There are matching unresolved FQDN objects. You may be able to resolve the problem by enabling a local DNS." due to FQDN objects containing uppercase letters. |
designer, fqdn, dns |
TOS-82097 TOS-82588 Case 00128812 |
R23-2 |
R23-2 PHF2.0.0 |
Verifier and Path Analysis fail to display rules implemented on a monitored firewall, due to incorrect parsing of network object groups |
verifier, path analysis, groups |
TOS-82566 TOS-83032 Case 00127221 |
R23-2 |
R23-2 PHF2.0.0 |
The error message “Verifier could not calculate the traffic of the input objects in the access request” appears when Verifier is run on NSX-T devices that contain rules with security groups in the Source/Destination. This occurs after upgrading to a new version and running Verifier on an Access Request submitted in the previous version. |
verifier, nsx-t, access request |
TOS-82474 TOS-82832 Case 00130229
|
R23-2 |
R23-2 PHF2.0.0 |
Editing Designer results is not allowed after Designer fails within an auto-step. |
designer, auto-step, access request |
TOS-85144 Case 133815 |
R23-2 |
R23-2 PHF2.0.0 |
“New version verification failed” message displayed when parsing AWS VPC fails due to duplicate objects. |
aws, vpc, duplicate, verification |
TOS-84597 TOS-83682 Case 00133552 |
R23-2 |
R23-2 PHF2.0.0 |
When restarting TOS after running “tos cluster snapshot,” “tos cluster snapshot restore” fails with error “no global configuration found”. |
snapshot, restore |
TOS-80139 TOS-80551 Case 00124301 |
R23-2 |
R23-2 PHF2.0.0 |
Application interfaces can’t be retrieved via API when the same server is used for both the application pack and the connection to application pack. |
secureapp, interface, api |
TOS-85704 TOS-85561 Case 00131777 |
R23-2 |
R23-2 PHF2.0.0 R24-1 PGA.0.0 |
Topology information cannot be retrieved from AWS devices when there is a gateway load balancer linked to multiple AWS accounts. |
topology, aws, amazon |
TOS-82077 Case 00130053 |
R23-2 |
R23-2 PHF2.0.0 |
Users are not able to use the Server Lookup page to find objects in the apps they created. The View all applications permit is incorrectly required. |
secureapp, search, application |
TOS-85814 TOS-85438 Case 00126032 Case 00130632 Case 00133278 |
R23-2 |
R23-2 PHF2.0.0 R24-1 PGA.0.0 |
Revisions cannot be retrieved. Caused by a failure in the device collector service |
revisions, monitoring |
TOS-85567 TOS-85841 Case 00130394 |
|
R24-1 PGA.0.0
|
Comments are duplicated to Cisco FMC rules when Rule Decommission workflow changes are provisioned. |
cisco, fmc, rule decommission, workflow |
TOS-86118 TOS-86145 Case 00133299 |
|
R24-1 PGA.0.0 |
Tos backup create suffers performance issues when configured to local storage. |
backup, storage |
TOS-86008
|
|
R24-1 PGA.0.0 |
During upgrades, TOS status displays “Checker failure” and upgrade fails. |
upgrade |
TOS-87324 Case 00136556 |
R23-2 |
R23-2 PHF3.0.0 R24-1 PGA.0.0 |
Revision retrieval fails due to a single client running on two different pods. |
revisions |
TOS-87853 TOS-87517 Case 00135870 Case 00133044 |
R22-2 R23-1 R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 |
TOS pages (including Cleanup Browser, Object Lookup, and others) have loading times of 2-5 minutes when more than 10,000 devices are present in the environment. |
performance |
TOS-87594 Case 00136555 |
R23-2 |
R23-2 PHF3.0.0 |
After upgrading to R23-2 PHF3.0.0 when the jvm.extraOpts parameter is present, calling the logs of SecureTrack jobs returns the message ERROR unable to locate appender "${env:logging.appender}" for logger config "root." |
upgrade |
TOS-87096 TOS-87380 TOS-87381 Case 00133018 |
R22-2 R23-1 R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 |
The API /securetrack/api/security_zones takes over 10 seconds to respond. |
performance, api |
TOS-86887 TOS-87103 Case 00130227 |
R23-1 R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 |
For Cisco routers, rule numbers are parsed incorrectly when the device is not configured to collect rule usage analysis. As a result, attempts to provision ACL removal fail. |
cisco, ios |
TOS-88316 TOS-88327 TOS-88328 TOS-88334 Case 00138348 |
R23-2 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 |
After upgrading, users belonging to nested groups can not access SecureChange. |
upgrade |
TOS-85794 Case 00129891 |
R23-1 R23-2 |
R23-2 PHF3.0.0 |
Revision fetching for NSX-T devices was not triggered when the NSX Manager NSX-T revisions fail to be retrieved when the NSX Manager hostname is an FQDN. |
nsx-t, syslog, revisions |
TOS-85470 TOS-87815 TOS-87816 Case 00133673 |
R23-2 R24-1 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 |
For Panorama 10.2 devices, Provisioning fails. |
upgrade, provisioning |
TOS-88154 TOS-85046 TOS-88157 Case 00133483 |
R23-1 R23-2 R24-1 |
R24-1 PHF2.0.0 |
After upgrading, TOS fails to receive device revisions if monitored Check Point devices use LEA authentication on RC. |
upgrade, panorama |
TOS-87237 TOS-87893 TOS-87892 TOS-87891 Case 00133117 |
R22-2 R23-1 R23-2 |
R23-2 PHF3.0.0 R24-1 PHF1.0.0 |
Designer fails when in topology mode, when a specific domain is selected, returning message "<Firewall> not in path". This occurs because Designer looks for the path outside of the currently selected domain. |
designer |
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague