Bugs - Resolved and Unresolved

Overview

The reference table includes bugs resolved in R23-2 and above, as well as unresolved issues across all supported versions. For older resolved bugs, see the relevant release in the Release Notes Knowledge Center.

To filter the results, enter text in one or more of the filter fields. To see all items, clear the filter fields.

Resolved Bugs

Bugs fixed in at least one version of TOS are considered resolved. The reference table below includes: 

  • Affected Release: The general availability release (GA or hot fix-HF) in which the bug was reported, as well as other major releases in which it is known to exist. If a bug was found in a release candidate (RC) - also known as early availability - and fixed in GA, the release is not considered affected and will not be listed.

  • Fixed Versions: The first minor version from which the bug was fixed for each Affected Release and/or the GA version of the following release. RC versions will not appear.

Unresolved Issues

Issues that have been reported but not yet fixed are considered unresolved. The Affected Releases column includes the first known affected release as well as the text "and later," in cases where the bug is assumed to exist in subsequent releases.

Reference Table

References

Affected Releases

Fixed Versions

Description

Tags

TOS-101638

Case 00157014

R24-2

R24-2 PHF1.2.0

SecureChange is inaccessible.
Error 503 appears when going to SecureChange using UI or API.

 

TOS-97897

Case 00149835

R24-1

R24-2

R24-2 PHF1.0.0

For Cisco FMC devices, groups with literal wildcards cause the revision to fail.

cisco, fmc

TOS-98443

Case 00152155

R24-1

R24-2

R24-2 PHF1.0.0

Cisco ACI cannot retrieve a revision.

Error: <error code="403" text="Token was invalid (Error: Invalid input token data)"/>

cisco, aci

TOS-97683

Case 00149835

R24-1

R24-2

R24-2 PHF1.0.0

FMC devices that use legacy UI configured with literal subnets, which contain white spaces at beginning or end, cause the revision to fail.

fmc

TOS-98556

Case 00151883

R24-1

R24-2

R24-2 PHF1.0.0

After an upgrade to R24-2 with more than 500 devices, running Verifier returns the following error:

Error message: "No revisions were received for this target device (0)"

verifier, panorama

TOS-98214

Case 00150752

R24-1

R24-2

R24-2 PHF1.0.0

On Cisco ASA devices, revisions are associated with the wrong accounts in Change Viewer.

cisco, asa, change viewer

TOS-97827

Case 00146653

00149146

R23-2

R24-1

R24-2

R24-2 PHF1.0.0

Rule Viewer's Last Hit field displays inaccurate length of time.

rule viewer, last hit

TOS-99091

Case 00147952

R24-2

R24-2 PHF1.0.0

Upgrade procedure gets stuck on the bridge-scheduler validation.

upgrade

TOS-96071

Case 00148677

R24-2

R24-2 PHF1.0.0

When the network contains two secured hubs, path analysis shows incorrect data.

path analysis

TOS-97557

Case 00138877

R23-2

R24-1

R24-2

R24-2 PHF1.0.0

For FMG devices, tickets get stuck and cannot progress unless adjusted manually.

fmg

TOS-97969

Case 00151207

R24-1

R24-2

R24-2 PHF1.0.0

Sorting by the “Last Update” column in the Tickets table causes rows to appear out of order when some tickets have update dates in the UTC time zone without milliseconds.

tickets

TOS-99238

Case 00152155

R24-1

R24-2

R24-2 PHF1.0.0

Revisions cannot be retrieved from an ACI 5.3 device configured with a transparent proxy in SecureTrack.

aci

TOS-97784

Case 00148296

R24-1

R24-2

R24-2 PHF1.0.0

Exporting the Audit trail report fails due to a Null Pointer Exception.

reports

TOS-97036

Case 00141223

R23-2

R24-1

R24-2

R24-2 PHF1.0.0

Ticket dependency calculations for group modification tickets on Check Point Devices causes the SecureTrack server to crash due to lack of memory.

tickets, check point

TOS-96628

Case 00147151

R23-2

R24-1

R24-2

R24-2 PHF1.0.0

Last Hit is not being updated in Rule Viewer for some large devices when multiple devices with many rules are added.

rule viewer, last hit

TOS-96301

Case 00148819

R24-1

R24-2

R24-2 PHF1.0.0

Rules for Cisco XR Routers are missing in Rule Viewer, and in the Compare Revisions page > Rules tab. This occurs when the interface is configured with “!” before the associated Access Control List (ACL).

cisco, routers, rule viewer

TOS-96177

Case 00148687

R23-2

R24-1

R24-2

R24-2 PHF1.0.0

Parsing fails to identify SD-WAN routes for Cisco Routers when the output returned from the router starts with information unrelated to the actual routing data.

Log message: Finish parsing content. evpn route count: 0.

cisco, routers

TOS-99577

TOS-99615

TOS-99685

TOS-99682

Case 00153213

R24-1

R24-2

R24-1 PHF4.1.0

R24-2 PHF1.0.0

 

After running tos dr switch as part of Disaster Recovery, the cluster does not return to a healthy state.

Error messages include:
Kafka out of sync.
Running tos status returns checker failure for the Cassandra database.

 

disaster recovery

TOS-99181

TOS-99182

Case 00154081

R24-1

R24-2

R24-1 PHF4.1.0

R24-2 PHF1.0.0

TOS install and upgrade procedures fail with DNS error message when DNS is configured correctly.

Error message: ERROR DNS misconfiguration:

lookup test-tufin.local on xx.xx.xx.x:xx: server misbehaving

In R24-1, only relevant for PHF4.0.0.

install, upgrade, dns

TOS-96848

TOS-96849

Case 00146741

R24-1

R24-2

R24-1 PHF4.0.0

R24-2 PHF1.0.0

After upgrading to R24-1, syslog change manager crashes.

syslog, upgrade

TOS-96490

TOS-96567

Case 00146667

R24-1

R24-2

R24-1 PHF4.0.0

R24-2 PHF1.0.0

Prisma/GPCS RN-SPN object does not appear in the Topology Map.

prisma, topology

TOS-96206

TOS-96207

Case 00139132

00144092

R24-1

R24-2

R24-1 PHF4.0.0

R24-2 PHF1.0.0

Error page appears shortly after logging in to TOS. Additional information: neo4j timeout error appears in log.

graphql, backup

TOS-96191

TOS-96322

Case 00148349

R23-1

R23-2

R24-1

R24-2

R24-1 PHF4.0.0

R24-2 PHF1.0.0

Fortinet firewalls appear connected, but the ADOMs and VDOMs under it show a connection error.

fortinet

TOS-96028

TOS-96064

Case 00148528

R24-1

R24-2

R24-1 PHF4.0.0

R24-2 PHF1.0.0

Last hit not working for Azure Firewall rules.

azure

TOS-93139

Case 00145499

R24-1

R24-1 PHF4.0.0

The number of pods exceeds the Kubernetes limit of 110.

pods

TOS-92774

Case 00144198

R24-1

R24-1 PHF4.0.0

Clean install of R24-1 shows no TLS 1.2 ciphers; however, if you upgrade from a previous version to R24-1, the TLS 1.2 ciphers still exist.

tls

TOS-93485

TOS-93476

Case 00146342

R24-1

R24-1 PHF4.0.0

Scheduled reports are not shown in the report repository.

reports

TOS-96065

TOS-96064

TOS-96028

Case

00148528

R24-1

R24-2

R24-1 PHF4.0.0

R24-2 PHF1.0.0

No last hits are received on the Azure Firewall due to a case sensitivity issue between the Workspaces API and the Diagnostic Settings API for the workspaceID field.

azure, api

TOS-96193

TOS-96306

Case

00147700

R24-1

R24-2

R24-1 PHF4.0.0

R24-2 PHF1.0.0

Import of Panorama devices to TOS fails.

Error message: CSM error:General Failure

panorama, import

TOS-95518

TOS-96092

Case

00146252

R24-1

R24-2

R24-1 PHF4.0.0

R24-2 PHF1.0.0

For Cisco ACI devices, path analysis shows incorrect contracts when clicking on a matched rule.

cisco, aci, path analysis

TOS-96233

TOS-96234

Case

00128075

R24-1

R24-2

R24-1 PHF4.0.0

R24-2 PHF1.0.0

For Azure VNETS, subnets are missing from the topology map.

azure

TOS-96339

TOS-96546

Case

00149627

R24-1

R24-2

R24-1 PHF4.0.0

R24-2 PHF1.0.0

Provisioning to a VMware NSX device fails when the rule contains an internet object.

vmware, nsx

TOS-96576

TOS-96659

Case 00142305

R23-2

R24-1

R24-2

R24-1 PHF4.0.0

R24-2 PHF1.0.0

In large environments, dashboard widgets USP Compliance and Cleanup are missing data due to Neo4j timeout.

Error message: Something went wrong.

timeout

TOS-97050

Case 00149833

R24-1

R24-1 PHF4.0.0

Some non-tiered perpetual licenses installed on certain time-zones cause workflows in TOS to be disabled.

licensing, workflow

TOS-94476

TOS-93931

TOS-94880

TOS-94881

TOS-94482

Case 00141815

R23-2

R24-1

R24-1 PHF4.0.0

 

TOS restore fails because of a corrupt postgres database index.

restore, database

TOS-95267

Case 00148423

R24-1

R24-1 PHF4.0.0

Designer fails to run on Cisco ASA devices causing a timeout error due to a service_group with type 0. Error message: Designer fails with error (attached).

designer, cisco, asa

TOS-95438

TOS-95439

TOS-95440

Case 00148600

R24-1

R24-2

R24-1 PHF4.0.0

R23-2 PHF1.0.0

The Topology Map does not display AWS cloud data if there is no main route table for one of the VPCs, and the VPC has a Transit Gateway (TGW) attachment connected to a subnet without a routing table.

topology, aws

TOS-95980

TOS-96177

TOS-96178

Case 00148687

R23-2

R24-1

R24-2

R24-1 PHF4.0.0

R24-2 PHF1.0.0

Parsing fails to identify SD-WAN routes for Cisco Routers when the output returned from the router starts with information unrelated to the actual routing data.

Log message: Finish parsing content. evpn route count: 0.

sd-wan, cisco

TOS-96198

TOS-96301

TOS-96302

Case 00148819

R24-1

R24-2

R24-1-PHF4.0.0

R24-2 PHF1.0.0

Rules for Cisco XR Routers are missing in Rule Viewer, and in the Compare Revisions page > Rules tab. This occurs when the interface is configured with “!” before the associated Access Control List (ACL).

compare, cisco

TOS-96402

Case 00149553

R24-1

R24-1 PHF4.0.0

Scheduled topology sync runs a day late.

topology

TOS-96543

TOS-96621

TOS-96628

Case 00147151

R23-2

R24-1

R24-2

 

R24-1 PHF4.0.0

R24-2 PHF1.0.0

last hit is not being updated in Rule Viewer for some large devices when multiple devices with many rules are added.

rule viewer

TOS-93802

TOS-93738

Case

00145647

R24-1

R24-1 PHF4.0.0

R24-2 PGA.0.0

 

For Cisco devices, incorrect paths are shown in the Topology Map when there are multiple MPLS-VPN next hops.

cisco, topology

TOS-94073

TOS-93079

Case

00137167

R24-1

R24-1 PHF4.0.0

R24-2 PGA.0.0

SecureApp application accepts logs that should be excluded according to the configured conditions.

secureapp

TOS-94265

TOS-94734

Case

00143135

R24-1

R24-2 PGA.0.0

For Juniper SRX devices, shadowing rules load a blank page in Rule Viewer. In Compare Revision, the Source and Destination are empty.

juniper, rule viewer

TOS-94254

TOS-94507

Case

00143746

R23-2

R24-1

R24-1 PHF4.0.0

R24-2 PGA.0.0

FQDN objects in Check Point devices fail to resolve, preventing their use in SecureChange tickets.

fqdn, check point

TOS-93621

TOS-93622

TOS-93623

Case 00145833

R24-1

R24-1 PHF4.0.0

R24-2 PGA.0.0

Revisions cannot be retrieved from Cisco FMC devices due to intermittent 401 errors from the device API.

Error messages: Access token invalid, unknown error, unable to get configuration

fmc, revisions

TOS-95140

TOS-95141

TOS-95142

Case

00148825

R23-2

R24-1

R24-1 PHF4.0.0

R24-2 PGA.0.0

topology-service crashes when there are large amounts of generic routes.

topology

TOS-94215

TOS-94932

Case 00140393

R23-1

R24-1

R24-2 PGA.0.0

When attempting to remove access for a NAT rule with multiple source zones on a FortiManager device , Designer displays an incorrect error message.

Incorrect error message: Remove Access suggestions for NAT rules are not supported.

Correct error message: No suggestions for this request.

fortimanager, nat, zones

TOS-95315

TOS-95560

Case 149061

R24-1

R24-2 PGA.0.0

LDAP users are unable to access SecureChange from SecureTrack despite having the appropriate permissions and SSO enabled.

Error message: You do not have permission to access the requested page

ldap

TOS-93590

TOS-93872

Case 00140802

R22-2

R23-1

R24-1

R24-2

R24-2 PGA.0.0

Destination zones are removed from USP exception calculations after they are edited.

usp

zones

TOS-95285

TOS-95281

TOS-95341

Case

00147230

R23-1

R23-2

R24-1

R24-1 PHF4.0.0

R24-2 PGA.0.0

Designer gave incorrect suggestions for Fortimanager devices with central NAT enabled.

designer, fortimanager, fortinet, access request, workflow

TOS-95423

TOS-95314

TOS-95424

Case

00149133

R22-2

R23-1

R23-2

R24-1

R24-2 PGA.0.0

R24-1 PHF4.0.0

Device revisions fail to appear in TOS when multiple versions are received at once.

 

TOS-93843

TOS-93511

TOS-93844

TOS-96295

TOS-96755

Case 00146745

R24-1

R24-2

R25-1

R24-2 PGA.0.0

R24-2 PHF1.0.0

R24-1 PHF4.0.0

Provisioning task fails in Designer after 10 minutes.

provisioning, designer

TOS-94127

TOS-94126

TOS-94128

Case 00147293

R24-1

R25-1

R24-2 PGA.0.0

R24-1 PFH4.0.0

NSX-T 4.1 objects do not appear in the Compare Revisions tab.

nsx-t, compare, revisions

TOS-94357

TOS-93516

TOS-94358

 

Case 00143648

R24-1

R25-1

R24-2 PGA.0.0

R24-1 PHF4.0.0

Verifier returns only one result for each Cisco FMC device, even when there are multiple relevant policies. As a consequence, incorrect ticket closures may occur.

verifier, fmc

TOS-94803

TOS-94103

Case 00136029

R23-2

R24-1

R24-2 PGA.0.0

R24-1 PHF4.0.0

SecureApp performance slows after performing an action with a Server Group that contains several thousand servers.

secureapp, server group

TOS-95292

TOS-94743

Case 00147146

R24-1

R24-2 PGA.0.0

R24-1 PHF4.0.0

Policy Change Notifications syslogs are not generated properly when defining a remote server with FQDN.

fqdn, syslog

TOS-95753

TOS-95482

TOS-95755

Case 00146974

R24-1

R25-1

R24-2 PGA.0.0

R24-1 PHF4.0.0

SecureTrack cannot retrieve information about rules using this API call: https://<TUFIN_BASE_URL>/securetrack/api/devices/<device_id>/rules/<id>/documentation

rules, api

TOS-94002

TOS-93525

TOS-93526

TOS-93531

Case 00146427

R22-2

R23-1

R23-2

R24-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

Upgrade to TOS R24-1 fails when database has saved SecureChange search queries that contain parameters with null values.

upgrade, database

TOS-82487

TOS-83623

TOS-76514

R23-1

R23-1 PHF3.0.0

R24-1 PGA.0.0

R24-2 PGA.0.0

There is an issue with Designer when submitting an access request.

Message: Cannot modify the initial default policy. You need to associate a policy with <FW_Name>.

designer

TOS-89207

Case 00131167

R23-1

R23-2

R24-1

R24-2 PGA.0.0

In an LDAP group with multiple users, some users cannot log in to TOS Aurora.

ldap

TOS-92105

TOS-92096

Case 00146422

R24-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

Revisions cannot be fetched from Cisco Layer 2 switches.

Error message: Error occurred when pulling configuration from the device: Wrong arguments

cisco, monitoring, revision

TOS-92930

TOS-92931

TOS-93098

Case 00141080

R24-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

Azure rule usage data cannot be retrieved when one of the workspaces in the Azure subscription does not have a firewall.

azure, device viewer, monitoring

TOS-85264

Case 00132604

R23-2

R24-1

R24-2 PGA.0.0

The SecureTrack user interface is not responsive and backups fail.

interface, backup, database

TOS-88663

TOS-86210

TOS-88662

Case 00135105

Case 00134604

R23-1

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

R24-2 PGA.0.0

A memory leak in the queue-server process causes the device-collector container to receive a signal segmentation violation (SIGSEGV) and terminate.

memory

TOS-87755

Case

00130078

R23-1

R23-2

R24-1

R24-2 PGA.0.0

Tufin MIB file does not contain records of all traps that could be sent to the SNMP server.

snmp, mib

TOS-92217

Case

00142229

00144867

R24-1

R24-2 PGA.0.0

TOS logs users out after one minute when LDAP names contain special characters.

performance

REL-940

TOS-93395

Case 00146342

R24-1

PHF2.0.0 only

R24-1 PHF2.1.0

R24-2 PGA.0.0

Affects R24-1 PHF2.0.0 only. Preconfigured and new scheduled SecureTrack reports in SecureTrack will not run. STRE reports are not affected.

reports

TOS-85527

Case 00132604

R23-2

R24-1

R24-2 PGA.0.0

Policy configuration files cannot be uploaded via the CLI for offline analysis

offline, cli

TOS-88908

Case 00128822

R23-1

R23-2

R24-1

R24-2 PGA.0.0

Designer is not ignoring rules with the legacy automation attribute.

designer, graphql, rule viewer

TOS-91546

TOS-91010

Case 00140569

R23-2

R24-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

The connection between Azure hubs is not displayed in the Topology Map.

azure, topology

TOS-92216

Case 00139204

R23-2

R24-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

Topology information cannot be retrieved for AWS gateway load balancers when there is a NAT object on one of the firewall devices in the target group

aws, topology

TOS-92626

TOS-92664

Case 00144173

R23-2

R23-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

Cisco ASA service groups are parsed incorrectly when revisions from offline versions are uploaded. Critical messages appear in the device log files.

cisco, asa

TOS-92748

Case 00137338

R23-1

R23-2

R24-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

For Fortinet devices, after running Designer for the first time and selecting Update Devices, there is an error.

Error message: Remove network object <object name> from existing group < group name>.

fortinet, designer

TOS-91732

Case 00145833

R24-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

For Cisco FMC device logs, received an authentication token for the API, but could not get a revision.

Error message: 401 invalid session

cisco, fmc

TOS-92473

TOS-93494

TOS-93495

Case 00143723

R24-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

Source and destination fields are empty in Compare Revision and appear as N/A in Rule Viewer.

rule viewer, compare

TOS-91198

TOS-92353

Case 00135272

R23-2

R24-1

R24-1 PHF3.0.0

Tickets cannot be split into smaller tickets when initiated from SecureApp.

tickets, access request

TOS-92113

TOS-92291

Case 00142645

R23-2

R24-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

SecureTrack cannot retrieve revisions from Cisco Meraki devices when the device contains a WAN interface with a missing gateway. The user interface shows that the device is being monitored correctly.

meraki, revisions

TOS-90268

Case 00137969

R24-1

R23-2

R24-1 PHF3.0.0

Designer suggests creating new network objects on Juniper SRX devices that replace existing network objects. The new network objects have larger/smaller subnets.

srx, designer

TOS-90846

TOS-64433

Case 00136704

R24-1

R23-2

R24-1 PHF3.0.0

Revisions from Juniper SRX devices are missing NAT objects with 'any' in the rule source or destination.

srx, revisions

TOS-91598

R24-1

R24-1 PHF3.0.0

Azure vnets cannot be imported when there is a proxy server with the local DNS disabled configured in the Azure management device.

azure, vnet, monitoring

TOS-90662

TOS-90551

Case 00141900

R24-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

SecureTrack cannot monitor Cisco layer 3 devices with a custom login prompt.

cisco, monitoring

TOS-90763

TOS-91141

Case 00140256

R23-1

R23-2

R24-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

SecureChange tickets are displayed incorrectly in the user interface (for example, closed tickets appear open) because of an indexing issue.

tickets, indexing

TOS-91048

TOS-91828

Case 00139686

R23-2

R24-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

Permitted traffic to Panorama devices is shown as blocked due to a mismatch between the predefined services in TOS and the predefined service on the device.

palo alto, topology

TOS-89953

TOS-89954

Case 00139616

R22-2

R23-1

R23-2

R24-1

R24-1 PHF3.0.0

For Cisco ASA devices on a remote collector, rule last hit information is inaccurate.

cisco, asa, remote collector (rc), rule viewer, last hit

TOS-90842

Case 00142404

R24-1

R24-1 PHF3.0.0

The content of ACI objects in Panorama dynamic access groups does not appear in TOS when the device Is configured with more than one IP address (on the Panorama side).

cisco, asa, remote collector (rc), rule viewer, last hit

TOS-90842

Case 00142404

R24-1

R24-1 PHF3.0.0

The content of ACI objects that appear within Panorama dynamic access groups does not appear in TOS.

aci, dynamic access group (dag), panorama

TOS-90740

Case 00141155

R24-1

R24-1 PHF3.0.0

Installation crashes.

 

TOS-90938

TOS-90963

Case 00141793

R23-2

R24-1

R24-1 PHF3.0.0

 

Device revisions generate errors for Authorization and Ticket Mapping when a deleted object exists a in closed ticket.

nsx-t, revisions

TOS-91570

TOS-91830

Case 00136813

R23-2

R24-1

R24-2 PGA.0.0

SecureApp's application history is incorrect for server groups whose connections were updated via API.

interface, application

TOS-92074

TOS-92117

Case 00143723

R24-1

R24-1 PHF3.0.0

For NSX devices, source and destination appear as N/A in Rule Viewer.

rule viewer, nsx-v, nsx-t

TOS-90949

Case 00141220

R23-2

R24-2

R24-2

R24-2 PGA.0.0

Provisioning fails when special character ü appears in the rule name from SecureApp.

provisioning

TOS-88465

TOS-88282

Case 00137095

R23-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

For very large installations, the tos start command almost times out.

cli, deployment

TOS-90327

Case 00139216

R23-2

R23-2 PHF2.0.0

R24-1 PHF3.0.0

Designer fails to update Panorama configuration in SecureChange. After clicking UPDATE DEVICE, the following error appears: Unexpected error, please, try again

designer, panorama

TOS-90335

Case 00141220

R23-2

R23-2 PHF1.2.0

R24-1 PHF3.0.0

For Fortinet devices, Designer calculations are timing out when the rule name is long and contains special characters.

fortinet, designer

TOS-90739

Case 00136704

R23-2

R24-1

R23-2 PHF1.0.0

R24-1 PHF3.0.0

 

NAT objects (Any, Any-IPv4, and Any-IPv6) do not appear in NST tables.

juniper, revisions

TOS-90786

TOS-90816

Case 00142649

Case 00145231

Case 00145677

R24-1

R24-1 PHF3.0.0

Topology Map synchronization does not work after the tos vacuum command runs.

topology, cli

TOS-90877

TOS-90964

Case 00142644

R23-2

R24-1 PHF3.0.0

After processing a request to delete unused tickets, Verifier results are empty.

verifier,

TOS-91360

Case 00142762

R23-2

R24-1 PHF3.0.0

FQDNs are getting removed from the rule when disabling a rule with Rule decommission workflow.

fqdn, workflow

TOS-91784

Case 00143903

R23-2

R24-1 PHF3.0.0

Upgrading to R24-1 PHF2.0.0 failed. Error message: Failed to execute topology-facade API call.

upgrade

TOS-91784

TOS-91847

Case 00143903

R23-2

R24-1

R24-1 PHF3.0.0

R24-2 PGA.0.0

Upgrading to R24-1 PHF2.0.0 failed. Error message: Failed to execute topology-facade API call.

upgrade

TOS-90686

TOS-90685

TOS-90699

R23-2

R23-2 PHF3.2.0

R24-1 PHF2.0

R24-2 PGA.0.0

The tos snapshot restore command fails on TOS R23-2 PHF3.1.0.

upgrade, tufinos

TOS-90249

TOS-90413

Case 00140888

R23-1

R23-2

R24-1

R24-1 PHF2.0.0

R24-2-PGA.0.0

Netscreen devices managed by Telnet fail to receive revisions.

fortinet, revisions

TOS-90122

TOS-90644

Case 00140908

R23-2

R24-1

R24-1 PHF2.0.0

R24-2 PGA.0.0

Gateway load balancers cannot be imported when traffic is blocked from one or more AWS regions.

aws, gateway load balancer (gwlb)

TOS-88758

TOS-88792

Cases 00138801 00136903 00141673

R23-2

R24-1

R24-1 PHF2.0.0

R24-2 PGA.0.0

Fortinet ADOM fails to retrieve a revision when there is a space character in the FQDN name.

fmg, fqdn

TOS-88009

TOS-90200

Case 00133017

R23-1

R24-1

R24-1 PHF2.0.0

Tickets page loads slowly if there are more than 10,000 tickets present. In addition to improving performance, users can change the default amount of tickets loaded to a lower number.

tickets, performance

TOS-88858

TOS-89238

Case 00136095

R23-2

R24-1

R24-1 PHF2.0.0

R24-2 PGA.0.0

Path analysis queries get stuck and do not return results.

topology, performance

TOS-89278

TOS-89279

Case 00138255

R23-2

R24-1

R24-1 PHF2.0.0

R24-2 PGA.0.0

Cleanup rest API call returns General error when getting fully shadowed or disabled rules without including the start and count parameters.

cleanup, api, shadowed rules, disabled rules

 

R20-1 and later

Not fixed

When logging into TOS, a Vimeo cookie is placed in the browser.

vimeo, security, cookies

TOS-90147

TOS-90241

TOS-90297

TOS-90562

Case 00140747

Case 141734

R24-1

R24-1 PHF2.0.0

R24-2 PGA.0.0

Revisions cannot be retrieved from Palo Alto devices. In the Compare Revisions page data for these devices is incomplete, and in the Administration > Status page imported Prisma objects show: Error: unknown error.

device viewer, device groups, panorama, prisma

TOS-90248

00141900

TOS-90154

TOS-90192

Case 00139664

R24-1

R24-1 PHF2.0.0

Path analysis is incorrect for Cisco VXLAN when the interfaces all share the same IP address and are in different VRF tables.

topology, cisco

TOS-80967

Case 00123548, 00128040, 00128578, 00133201, 00136137, 00141218

R23-2

R24-1

R23-2 PHF1.0.0

For FortiGate 7.2.6v devices, cannot get a new revision.

fortigate, revisions

TOS-89913

TOS-89773

Case 00140235

R23-2

R24-1 PHF2.0.0

Unable to open a ticket for a workflow, that includes a script, from the "My request" page.

Error message: Could not initialize proxy - no Session

workflow

TOS-89372

TOS-89373

Case 00139132

R23-2

R24-1

R24-1 PHF2.0.0

Unable to add Fortinet ADOM when the comment includes an array of strings.

Error message: Fail to unmarshal data.

fortinet

TOS-89233

TOS-89253

Case 00136569

R24-1

R24-1 PHF2.0.0

Unable to import virtual systems (VSYS) from the PanOS device when the version is 11 or higher.

panos

TOS-88624

TOS-87559

Case 00135252

R23-2

R24-1

R24-1 PHF2.0.0

Cisco ASA device fails to provision when editing a rule which contains DM_INLINE group even though Designer suggests using it.

cisco, asa, designer

TOS-88475

TOS-88193

Case 00136571

R23-2

R24-1

R24-1 PHF2.0.0

Knowledge Center is unavailable when not connected to the internet.

Error message: 503 Service Temporarily Unavailable

ipv6

TOS-88875

Case 00137263

R23-1

R24-1

R24-1 PHF2.0.0

Designer cannot create an object with NAT information if it was added from the Object Browser, from a VIP/MIB NAT policy filter, or from the results of path analysis if there is NAT in the path.

Error message: <OBJECT NAME> is defined in Zone A and cannot be used in Zone B.

designer, fmg

TOS-90248

Case 00141900

R24-1

R24-1 PHF2.0.0

Unable to connect to Layer 3 devices when using a custom login prompt.

authentication

TOS-89950

TOS-90055

 

R24-1

R24-1 PHF2.0.0

After upgrading to R24-1 on a machine with IPv6 configured, the Topology map fails to load and displays the error message "The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.”

topology, upgrade

TOS-89455

TOS-89679

Case 00139534

R23-2

R24-1

R24-1 PHF2.0.0

For very large devices, TOS failed to migrate device from the Central Cluster to the Remote Collector.

remote collector, devices, upgrade

TOS-89275

TOS-89442

Case 00134503

R23-1

R23-2

R24-1

R24-1 PHF2.0.0

FMC devices cease to function, with tickets failing to process and an error message “Unknown error.” Evidence of memory leaks appear in the logs.

aci, fmc

TOS-89166

TOS-88655

Case 00137340

R23-2

R24-1

R24-1 PHF2.0.0

When running a SecureApp ticket with the internet as a source or destination, Designer fails.

designer, secureapp

TOS-88686

TOS-88839

Case 00137782

R23-1

R23-2

R24-1

R24-1 PHF2.0.0

The Cleanup Browser, Object Lookup, and Change Browser pages fail to perform device calculations when a large number of devices are present.

object lookup, cleanup, change

TOS-87987

TOS-88199

Case 00136023

R23-2

R24-1

R24-1 PHF2.0.0

Running path analysis when the cloud is the only end point causes broken path.

path analysis

TOS-87466

No case

R22-2

R23-1

R23-2

R24-1

R24-1 PHF2.0.0

Tickets page always reverts to last saved query when navigating away from the page instead of keeping the query performed by the user.

securechange, tickets

TOS-89211

TOS-89172

R23-1

R23-2

R24-1

R24-2 PGA.0.0

tos cluster snapshot create and tos cluster snapshot restore commands cannot be run on remote connector clusters. If you are upgrading TufinOS 3 to 4 on a remote collector cluster, you must use the procedure Upgrade TufinOS 3 to 4 Reinstall on Same VM, which requires reinstalling TOS.

In R23-2 PHF3.1.0, R24-1 PHF2.0.0 and later versions of the same releases, these commands are blocked from running on remote clusters

remote collector, snapshot, tufinOS

TOS-88660

TOS-88686

TOS-88839

Case 00137782

R23-1

R23-2

R24-1

R24-1 PHF1.0.0

When there are more than 15,000 devices, the SecureTrack Object Lookup page loads initial data, but no buttons work.

object lookup

TOS-87558

TOS-87566

Case 00135264

R24-1

R24-1 PHF1.0.0

For north-south, ACI-integrated Panorama paths, topology simulation yields an inaccurate security calculation.

Error message: Request input is not supported

aci, panorama, topology

TOS-87927

Case 00134578

R23-2

R24-1

R24-1 PHF1.0.0

When running Designer on a device which doesn’t support Provisioning “Not run” appears next to the device name in the SecureChange.

designer, provisioning

TOS-85792

TOS-85806

Case 00128917

R23-1

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

SecureTrack can't retrieve topology data for Azure Virtual hubs when the next hop type is VPN_S2S_Gateway and there is a path with a range.

azure, topology

TOS-87552

Case 00128408

R22-2

R23-1

R23-2

R23-2 PHF3.0.0

When running Designer on a Check Point device with an access request that is shadowing a different access request, Designer returns an error.

Error message: Designer is unable to suggest changes for this device.

access request, designer, check point

TOS-86966

TOS-87046

Case 00131298

R23-1

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

R24-2 PGA.0.0

Cisco MPLS interfaces with a short name are parsed incorrectly and displayed as normal interfaces.

cisco, topology, path analysis

TOS-87173

TOS-87371

Case 00136366

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

R24-2 PGA.0.0

Access-role and security zone objects are displayed as network objects in the CSV file that is created when exporting Unattached Network Objects from the Cleanup Browser.

cleanup

TOS-87256

TOS-87365

Case 00131298

R22-2

R23-1

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

R24-2 PGA.0.0

The New Revision report isn't being created when new revisions arrive in SecureTrack, and recipients aren't receiving an email. This occurs when the report is the only report, and it is generated for any changes to any devices.

reports, revisions

TOS-87380

TOS-87096

TOS-87381

Case 00133018

R22-2

R23-1

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

R24-2 PGA.0.0

The result returned by the security_zones api function is missing zone hierarchies

api, zones

TOS-87727

TOS-88373

TOS-87813

TOS-87814

Case 00135080

R23-2

R24-1

R23-2 PHF2.0.0

R24-1 PGA.0.0

R24-2 PGA.0.0

SecureTrack can't retrieve dynamic topology for logical routers belonging to NSX-T devices.

cloud-topology-service app.log exception:

Internal Server Error: null

java.lang.NullPointerException: null

at com.tufin.cloudtopology.service.builder.nsx.NsxInterfaceBuilder.containIpAddresses(NsxInterfaceBuilder.java:46) ~[classes/:?]

path analysis, monitoring, nsx-t

TOS-87903

TOS-87904

Case 00135249

R22-2

R23-2

R24-1

R23-2 PHF2.0.0

R24-1 PHF1.0.0

Upgrade to R23-2 PHF1.0.0 fails due to license restriction errors.

Error message: Upgrade service failed with the following errors:\nService tss failed with error: Failed due to license restrictions

upgrade

REL-903

Case 00138348

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

 

Users with external SSO Authentication lose access to SecureChange after upgrading to affected releases.

upgrade, authentication

TOS-87733

TOS-87652

Case 00136639

Case 00137992

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

When processing UI requests, TOS virtual network issues yield errors or delays in response.

web interface

TOS-87583

TOS-87791

Case 00135634

R22-2

R23-1

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

SecureApp fails to add an application while trying to delete an application.

secureapp

TOS-87433

TOS-87562

TOS-87563

Case 00131110

R23-1

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

Some devices are missing in the path when inbound and outbound VRFs are different.

path analysis

TOS-87311

Case 00130377

R23-1

R23-2

R23-2 PHF3.0.0

Connection status is red when it should be green.

path analysis

TOS-87224

TOS-87369

Case 00135784

R23-1

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

Rule Change report does not send notification emails and is not saved in the repository.

reports

TOS-86215

Case 00134994

R23-1

R23-2

R24-1 PGA.0.0

When decommissioning a Juniper SRX device with global zone rules, Designer incorrectly includes these rules in its suggestions that can be provisioned. Provisioning global zone rules is not supported for SRX devices. Designer provides manual suggestions only.

juniper, srx, designer, provisioning, zones

TOS-86210

TOS-88662

TOS-88663

Case 00135105

R23-1

R23-2

R24-1

R23-2 PHF3.0.0

R24-2 PGA.0.0

R24-1 PHF1.0.0

Device Collector container crashes with exit code 139 (SIGSEV). Related to memory leak on Queue_Server process.

139, sigsev, memory, queue, device collector

TOS-86064

TOS-86020

TOS-86065

Case 00135174

R23-1

R23-2

R23-2 PHF3.0.0

R24-1 PGA.0.0

Path analysis provides an incorrect path for Cisco devices when there is an MPLS route.

cisco, topology

TOS-85256

Case 00132604

R23-2

R24-1 PGA.0.0

SecureTrack user interface stops responding and displays the following message: Looks like something went wrong. Performance queries were enhanced to resolve this issue.

performance, user interface

TOS-85308

Case 00133746

R23-2

R24-1 PGA.0.0

TOS backup export from external storage is not working.

backup

TOS-86097

Case 00135594

R23-1

R23-2

R24-1 PGA.0.0

For Check Point devices, cannot create a rule name with more than 30 characters.

check point, rules

TOS-81891

TOS-83443

TOS-82557

TOS-82556

R23-2

R23-2 PHF2.0.0

After restoring from a backup, you may experience one or more of the following: high CPU usage, slow response time, incorrect violation calculations, and other unexpected behavior. After upgrading, make a new backup.

backup, restore

TOS-81736

TOS-81737

Case 00125837

R23-2

R23-2 PHF2.0.0

R24-1 PGA.0.0

On the Dashboard, Cleanup Trend data for devices with disabled or shadowed rules includes only the first 100 devices.

cleanup, dashboard, shadowed rules

TOS-80744

TOS-81930

Case 00127381

R23-2

R23-2 PHF2.0.0

After committing an update suggested by Designer, the commit status report for the ticket displays an end time that’s different from the ticket history. This causes inconsistencies between the Commit Status Report (available after clicking Commit) and the Ticket History and PDF Exports (available from the Ticket screen).

designer, history

TOS-79030

Case 00123865

R22-2 and later

Not fixed

Revisions cannot be processed for Check Point CMA devices that have ‘@’ in an object name. This can be resolved by removing the @ character from all object names in the policy and fetching the revision again.

check point, cma, revisions

TOS-80793

TOS-83531

TOS-83611

Case 00121065

R23-2

R23-2 PHF2.0.0

For Fortinet FMG devices with a single policy that has over 140,000 rules, SecureTrack returns an out-of-memory error and cannot retrieve revisions.

fortinet, fmg,revisions

TOS-80822

TOS-81413

TOS-81585

Case 00115997

R23-2

R23-2 PHF2.0.0

Slow FMC syslog messages retrieval by SecureTrack due to logs full of prints by the syslog translator.

cisco, fmc, syslog

TOS-81563

TOS-82008

TOS-82025

Case 00115997

R22-2

R23-1

R23-2

R23-2 PHF2.0.0

For Cisco FMC devices with more than 30,000 rules, translating FMC syslog traffic devices takes 50 EPS (events per second) instead of 5000 EPS.

cisco, fmc, syslog

TOS-82067

TOS-82784

Case 00128589

R22-2

R23-1

R23-2

R23-2 PHF2.0.0

Following forced removal, devices still appear in the Device Viewer and Rule Viewer.

rule viewer, device viewer

TOS-82452

TOS-82577

Case 00130384

R23-2

R23-2 PHF2.0.0

For Cisco FMC devices, after a rule modification in SecureChange, the TRUST action for the rule changes to a BLOCK action on the device.

cisco, fmc, rule modification

TOS-83533

TOS-83235

Case 00131700

R23-2

R23- 2 PHF2.0.0

R24-1 PGA.0.0

Failure to import Meraki managed devices.

cisco, meraki, import

TOS-82108

TOS-83235

Case 00125832

R22-2

R23-1

R23-2

R23-2 PHF2.0.0

Access list entry removal provisioning fails when there are extra spaces at the end of the remark in the configuration file for Cisco ASA devices.

provisioning, cisco, asa

TOS-83918

TOS-84101

Case 00131106

R23-1

R23-2

R23-2 PHF2.0.0

Verifier returns a "User Network zone is not configured" message when the User Network zone has no subnet, but a child zone (of the User Network zone) contains a subnet.

verifier, zones

TOS-81698

TOS-81702

Case 00127600

R23-1

R23-2

R23-2 PHF2.0.0

Topology Map shows incorrect routing information when there is an Azure VNET with multiple route circuits.

azure, vnet, topology

TOS-81388

TOS-81137

TOS-82330

Case 00127011

R23-1

R23-2

R23-2 PHF2.0.0

Topology and zone mapping incomplete for Cisco Meraki devices.

topology, zones, cisco, meraki

TOS-56648

R22-1 and later

Not fixed

For Check Point management devices, there is a known issue with loading the Automatic Policy Generation (APG) page when there is a special character in the inline-layer group name. There is no workaround for this issue. Avoid using special characters (such as #, %, &) when creating inline-layer groups. check point, automatic policy generation (apg)

TOS-71264

Case 00116185

R23-1

R23-2

Not fixed

For Palo Alto devices, there is a known issue causing Designer to give a global object a name that already exists.

palo alto, designer

TOS-66508

Case 00110830

R23-1

R23-2

Not fixed

For FortiManager devices, there is a known issue preventing revisions from being retrieved when there is a policy name containing an en dash character. fortimanager, revisions
 

R23-2 and later

Not fixed On rare occasions, older requests do not appear in the Requests list upon TOS startup. If this occurs, wait a few minutes and refresh the page.

requests

 

R23-2 and later

Not fixed

Rule history is not available for Zscaler devices.

zscaler, history

TOS-74048

TOS-76166

R23-2 and later

Not fixed

In the Rule History tab, there is no indication of the object type for changes to services or security profiles.

rule viewer, history

TOS-48645

R21-1 and later

Not fixed

When an admin uses Rule Viewer to select rules and open a ticket for them, a new SecureChange tab opens in the browser with a draft of the ticket to be submitted. If the new tab does not display the relevant ticket, you will need to refresh the browser window to see the ticket. This issue occurs with the Rule Modification, Rule Decommission, and Rule Recertification workflows.

rule viewer, tickets, rule modification, rule recertification, rule decommission
TOS-80597

R23-1

R23-2

R24-1 PGA.0.0 Verifier fails for NSX-V objects with the message: Verifier could not calculate the traffic of the input objects in the access request. Contact Tufin support. nsx-v, verifier, access request

TOS-82841

TOS-82842

Case 00130640

R23-1

R23-2

R23-2 PHF2.0.0

Topology Map is not updated due to failure when receiving data from an external OPM agent. This occurs when the amount of topology data is over 15,000 entries. topology

TOS-82803

TOS-83424

Case 00127150

R22-2

R23-1

R23-2

R23-2 PHF2.0.0

Designer suggestions for Panorama devices cannot be modified. The following error is returned: Waiting for revision from a conflicting ticket, cannot modify the Designer results. This occurs when Designer is configured to create shared objects. panorama, designer, tickets

TOS-81465

TOS-81507

Case 00124227

R22-2

R23-1

R23-2

R23-2 PHF2.0.0

Designer suggests creating new rules to provide access when that access is already provided by existing rules. This behavior occurs when the ticket includes applications, and is a result of traffic miscalculation for apps with the same service in a different port when there is a Cisco ACI device in the path. designer

TOS-80622

Case 00123016

R23-1

R23-2

 

When running path analysis on a shared Azure ExpressRoute, additional VNETs are displayed in the path. path analysis, azure, vnet

TOS-81745

TOS-82188

Case 00124898

R23-1

R23-2

R23-2 PHF2.0.0

Cleanup instances do not open in the Cleanup page when the revisions have multiple versions. The following message appears to users: Recalculating Revision results. This can take a while. cleanup, revisions

TOS-87079

TOS-87148

TOS-87149

Case 00135795

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

Cleanup instances do not open in the Cleanup page when the revisions have multiple versions and there is revision parsing order is inconsistent. The following message appears to uses: Recalculating revision results. This may take a while.

cleanup, revisions

TOS-83733

Case 00126772

R22-2

R23-1

R23-2

R23-2 PHF2.0.0

When running tos dr switch or tos dr status, the command fails due to no compatible backup files being found even though completed scheduled backup files exist. revisions

TOS-82608

TOS-82493

Case 00128588

R23-1

R23-2

R23-2 PHF2.0.0

After running a scan in RLM, tickets with an expiration date later than the rule recertification date will cause a related ticket to be created in Rule Viewer with an ID of 0. tickets, rule viewer

TOS-82829

TOS-82550

Case 00128588

R23-1

R23-2

R23-2 PHF2.0.0,

Backup files stored on NFS will cannot be deleted in HA environments with disaster recovery configured. high availability (ha), disaster recovery, backup

TOS-80781

Case 00127809

R23-1

R23-2

 

After new tiered license is activated, SecureChange tickets get stuck on the auto-verifier step and cannot proceed. licensing, tickets

TOS-79379

Case 00123476

R21-3

R22-1

R22-2

R23-1

R23-2

 

Performance issues when connecting to an LDAP server. ldap

TOS-83494

TOS-77831

TOS-83495

Case 00131041

R23-1

R23-2

R23-2 PHF2.0.0,

When fetching a revision from a Cisco ACI device, a null pointer exception (NullPointerException) occurs. cisco, asa, revisions

TOS-84153

TOS-84154

Case 00131095

R23-2

R23-2 PHF2.0.0

Domain information for cloud and network objects is missing from the Path Analysis view in the Topology Map.

cloud, path analysis, topology

TOS-79559

TOS-79435

Case 00120593

R22-2

R23-1

R23-2

R23-2 PHF2.0.0

A Certified rule status is being overridden by the rule documentation backward-compatibility API.

api, documentaton

TOS-82162

Case 00129097

R23-1

R23-2

R23-2 PHF2.0.0

Using an API call to add multiple ARs to a ticket, and marking the status as Done, removes the last AR.

api, tickets, access request

TOS-83501

TOS-83503

Case 00130078

R23-1

R23-2

R23-2 PHF2.0.0

Fields are missing from the MIB file.

documentaton

TOS-84094

TOS-85275

TOS-85276

Case 00131641

R23-1

R23-2

R23-2 PHF2.0.0

For Juniper SRX devices, static NAT rules do not contain all source members.

juniper, srx

TOS-84633

TOS-84657

TOS-84658

Case 00131309

R23-1

R23-2

R24-1

R23-2 PHF2.0.0

R24-2 PGA.0.0

Automatic target analysis fails for Check Point FQDN objects, even though the objects exists. Topology returns the error message: Internal error occurred

check point, fqdn, topology

TOS-85138

TOS-85312

TOS-85313

Case 00132715

Case 00133578

R23-1

R23-2

R23-2 PHF2.0.0

R24-2 PGA.0.0

Running the GET Ticket API returns the error: "Parameter specified as non-null is null."

api

TOS-85162

TOS-85491

TOS-85244

Case 00130856

R22-1

R22-2

R23-1

R23-2

R23-2 PHF2.0.0

R24-1 PGA.0.0

 

An "invalid server certificate" error is returned when logging into devices from TOS using Cyberark for external authentication.

authentication

TOS-85070

TOS-85110

TOS-85111

Case 00132624

Case 00133290

R23-1

R23-2

R23-2 PHF2.0.0

R24-1 PGA.0.0

Verifier does not support the icmp-proto service in access requests.

verifier

TOS-84627

Case 00131389

R23-1

R23-2

R23-2 PHF2.0.0

Local backup fails.

backup

TOS-83662

Case 00132169

R23-1

R23-2

R23-2 PHF2.0.0

Provisioning fails on FortiManager devices with the message: Update FortiManager_for_FFM did not run: Rule contains only IPv4 src or dest addresses, both IPv6 srcAddr and IPv6 dstAddr should be available in a change. This occurs when trying to replace a group.

provisioning, topology, ipv6

TOS-82694

Case 00129609

Case 00114483

R22-2

R23-1

R23-2

R23-2 PHF2.0.0

No requests shown when filtering for closed tickets in a group that contains more then 35310 tickets.

tickets, requests

TOS-81384

Case 00126283

R23-1

R23-2

R23-2 PHF2.0.0

Communication between SecureTrack and SecureChange is frequently interrupted.

The following message appears:

SecureTrack settings:Cannot connect to SecureTrack.

Five minutes later, this message appears:

SecureTrack settings:Connection successful.

 

TOS-84941

TOS-85084

Case 00133674

R23-1

R23-2

R23-2 PHF2.0.0

Importing data using the SecureApp Import Applications template fails with error message “Cannot import application data” when empty rows are present.

secureapp, import, template

TOS-83357

TOS-83394

TOS-83357

Case 00126123

R23-2

R23-2 PHF2.0.0

Designer failed with the error message "There are matching unresolved FQDN objects. You may be able to resolve the problem by enabling a local DNS." due to FQDN objects containing uppercase letters.

designer, fqdn, dns

TOS-82097

TOS-82588

Case 00128812

R23-2

R23-2 PHF2.0.0

Verifier and Path Analysis fail to display rules implemented on a monitored firewall, due to incorrect parsing of network object groups

verifier, path analysis, groups

TOS-82566

TOS-83032

Case 00127221

R23-2

R23-2 PHF2.0.0

The error message “Verifier could not calculate the traffic of the input objects in the access request” appears when Verifier is run on NSX-T devices that contain rules with security groups in the Source/Destination. This occurs after upgrading to a new version and running Verifier on an Access Request submitted in the previous version.

verifier, nsx-t, access request

TOS-82474

TOS-82832

Case 00130229

 

R23-2

R23-2 PHF2.0.0

Editing Designer results is not allowed after Designer fails within an auto-step.

designer, auto-step, access request

TOS-85144

Case 133815

R23-2

R23-2 PHF2.0.0

“New version verification failed” message displayed when parsing AWS VPC fails due to duplicate objects.

aws, vpc, duplicate, verification

TOS-84597

TOS-83682

Case 00133552

R23-2

R23-2 PHF2.0.0

When restarting TOS after running “tos cluster snapshot,” “tos cluster snapshot restore” fails with error “no global configuration found”.

snapshot, restore

TOS-80139

TOS-80551

Case 00124301

R23-2

R23-2 PHF2.0.0

Application interfaces can’t be retrieved via API when the same server is used for both the application pack and the connection to application pack.

secureapp, interface, api

TOS-85704

TOS-85561

Case 00131777

R23-2

R23-2 PHF2.0.0

R24-1 PGA.0.0

Topology information cannot be retrieved from AWS devices when there is a gateway load balancer linked to multiple AWS accounts.

topology, aws, amazon

TOS-82077

Case 00130053

R23-2

R23-2 PHF2.0.0

Users are not able to use the Server Lookup page to find objects in the apps they created. The View all applications permit is incorrectly required.

secureapp, search, application

TOS-85814

TOS-85438

Case 00126032

Case 00130632

Case 00133278

R23-2

R23-2 PHF2.0.0

R24-1 PGA.0.0

Revisions cannot be retrieved. Caused by a failure in the device collector service

revisions, monitoring

TOS-85567

TOS-85841

Case 00130394

 

R24-1 PGA.0.0

 

Comments are duplicated to Cisco FMC rules when Rule Decommission workflow changes are provisioned.

cisco, fmc, rule decommission, workflow

TOS-86118

TOS-86145

Case 00133299

 

R24-1 PGA.0.0

Tos backup create suffers performance issues when configured to local storage.

backup, storage

TOS-86008
Case 00135250


 

R24-1 PGA.0.0

During upgrades, TOS status displays “Checker failure” and upgrade fails.

upgrade

TOS-87324

Case 00136556

R23-2

R23-2 PHF3.0.0

R24-1 PGA.0.0

Revision retrieval fails due to a single client running on two different pods.

revisions

TOS-87853

TOS-87517

Case 00135870

Case 00133044

R22-2

R23-1

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

TOS pages (including Cleanup Browser, Object Lookup, and others) have loading times of 2-5 minutes when more than 10,000 devices are present in the environment.

performance

TOS-87594

Case 00136555

R23-2

R23-2 PHF3.0.0

After upgrading to R23-2 PHF3.0.0 when the jvm.extraOpts parameter is present, calling the logs of SecureTrack jobs returns the message ERROR unable to locate appender "${env:logging.appender}" for logger config "root."

upgrade

TOS-87096

TOS-87380

TOS-87381

Case 00133018

R22-2

R23-1

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

The API /securetrack/api/security_zones takes over 10 seconds to respond.

performance, api

TOS-86887

TOS-87103

Case 00130227

R23-1

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

For Cisco routers, rule numbers are parsed incorrectly when the device is not configured to collect rule usage analysis. As a result, attempts to provision ACL removal fail.

cisco, ios

TOS-88316

TOS-88327

TOS-88328

TOS-88334

Case 00138348

R23-2

R23-2 PHF3.0.0

R24-1 PHF1.0.0

After upgrading, users belonging to nested groups can not access SecureChange.

upgrade

TOS-85794

Case 00129891

R23-1

R23-2

R23-2 PHF3.0.0

Revision fetching for NSX-T devices was not triggered when the NSX Manager NSX-T revisions fail to be retrieved when the NSX Manager hostname is an FQDN.

nsx-t, syslog, revisions

TOS-85470

TOS-87815

TOS-87816

Case 00133673

R23-2

R24-1

R23-2 PHF3.0.0

R24-1 PHF1.0.0

For Panorama 10.2 devices, Provisioning fails.

upgrade, provisioning

TOS-88154

TOS-85046

TOS-88157

Case 00133483

R23-1

R23-2

R24-1

R24-1 PHF2.0.0

After upgrading, TOS fails to receive device revisions if monitored Check Point devices use LEA authentication on RC.

upgrade, panorama

TOS-87237

TOS-87893

TOS-87892

TOS-87891

Case 00133117

R22-2

R23-1

R23-2

R23-2 PHF3.0.0

R24-1 PHF1.0.0

Designer fails when in topology mode, when a specific domain is selected, returning message "<Firewall> not in path". This occurs because Designer looks for the path outside of the currently selected domain.

designer