Monitoring - To support the upcoming Prisma Access release 1.7, Palo Alto Networks will perform the following infrastructure and dataplane upgrades during the following dates and times:
Prisma Access Infrastructure Upgrade - From August 14, 2020 at 23:00 UTC to August 15, 2020 3:00 UTC. You cannot perform commits during the maintenance window.
Prisma Access Dataplane Upgrade - From August 21, 2020 at 17:00 UTC to August 24, 2020 5:00 UTC.
Palo Alto Networks makes every effort to perform the upgrades at a time that is minimally disruptive to your organization. Our goal is to minimize the impact to network traffic, but in some cases there may be a brief interruption.
What you need to do before the upgrade:
Retrieve the active and reserved addresses used for Prisma Access deployments and add them to your allow lists.
After the infrastructure upgrade, Prisma Access may change the active IP addresses to reserved IP addresses and vice versa, and you must add the reserved IP addresses to your allowed lists before Prisma Access performs the upgrade to minimize disruption to your users during this upgrade.
(Optional) Upgrade your Panorama to 9.1, if you want to take advantage of new PAN-OS 9.1 features available in this release.
Panorama 9.0 will be supported until November 20, 2020, but you will not be able to use PAN-OS 9.1 features with Prisma Access if the Panorama that manages Prisma Access is running a version of 9.0. Panorama 10.0 is supported by Prisma Access at this time.
The tentative date for the release of Cloud Services plugin 1.7 is August 24, 2020. After the plugin is released, you will have until August 29, 2020 to upgrade your existing plugin.
To help you get ready for the dataplane upgrade, Palo Alto Networks will provide more detailed region-based upgrade timelines one week before the infrastructure upgrade.
Aug 10, 18:52 UTC
Prisma Access Infrastructure Upgrade - From August 14, 2020 at 23:00 UTC to August 15, 2020 3:00 UTC. You cannot perform commits during the maintenance window.
Prisma Access Dataplane Upgrade - From August 21, 2020 at 17:00 UTC to August 24, 2020 5:00 UTC.
Palo Alto Networks makes every effort to perform the upgrades at a time that is minimally disruptive to your organization. Our goal is to minimize the impact to network traffic, but in some cases there may be a brief interruption.
What you need to do before the upgrade:
Retrieve the active and reserved addresses used for Prisma Access deployments and add them to your allow lists.
After the infrastructure upgrade, Prisma Access may change the active IP addresses to reserved IP addresses and vice versa, and you must add the reserved IP addresses to your allowed lists before Prisma Access performs the upgrade to minimize disruption to your users during this upgrade.
(Optional) Upgrade your Panorama to 9.1, if you want to take advantage of new PAN-OS 9.1 features available in this release.
Panorama 9.0 will be supported until November 20, 2020, but you will not be able to use PAN-OS 9.1 features with Prisma Access if the Panorama that manages Prisma Access is running a version of 9.0. Panorama 10.0 is supported by Prisma Access at this time.
The tentative date for the release of Cloud Services plugin 1.7 is August 24, 2020. After the plugin is released, you will have until August 29, 2020 to upgrade your existing plugin.
To help you get ready for the dataplane upgrade, Palo Alto Networks will provide more detailed region-based upgrade timelines one week before the infrastructure upgrade.
Aug 10, 18:52 UTC
Identified - Urgent message for Cortex Data Lake customers with firewalls onboarded via Panorama. Please read this Customer Advisory for more information. https://live.paloaltonetworks.com/t5/customer-advisories/panorama-on-boarded-firewall-certificate-issue-cortex-data-lake/ta-p/328630
May 19, 18:14 UTC
May 19, 18:14 UTC
Investigating - To accommodate the fast pace of Prisma Access (Panorama Managed) releases, some Panorama versions will become End-of-Support (EoS) with Prisma Access in late 2020 and mid 2021. We are making this announcement now to allow you to plan for the Panorama upgrades with sufficient advance notice. Refer to this Live Community article for more information.
Jun 30, 20:58 UTC
Jun 30, 20:58 UTC
Update - On Friday, July 24th, 2020, WildFire engineering teams deployed the first set of new hardware to the WildFire EU and increased the scanning capacity in the region. In the following weeks, we will be periodically adding new hardware resources to address the increasing demand in the region.
Jul 27, 17:09 UTC
Jul 27, 17:09 UTC
Identified - WildFire team identified the issue with insufficient scanning capacity in the EU cloud. We are actively working on the resolution of the situation and will provide another update with further details in upcoming days.
Customer Impact: During this issue, WildFire customers in the EU might occasionally experience longer than usual scanning times of Portable executable (PE) files. The generation and delivery of malware signatures is not impacted by this degradation.
Dependent Product Impact: The issue also impacts customers of XDR, Prisma Access, and WildFire integrations that rely on WildFire cloud in the EU for scanning of Portable executable (PE) files.
Workaround: [N/A]
Jul 14, 23:51 UTC
Customer Impact: During this issue, WildFire customers in the EU might occasionally experience longer than usual scanning times of Portable executable (PE) files. The generation and delivery of malware signatures is not impacted by this degradation.
Dependent Product Impact: The issue also impacts customers of XDR, Prisma Access, and WildFire integrations that rely on WildFire cloud in the EU for scanning of Portable executable (PE) files.
Workaround: [N/A]
Jul 14, 23:51 UTC
Update - We are continuing to investigate this issue.
Jul 10, 02:50 UTC
Jul 10, 02:50 UTC
Investigating - WildFire is currently experiencing an issue in EU Cloud. We are actively working on this issue to address it and will provide another update with further details.
Customer Impact: PE sample submission process will get delayed
Workaround: [N/A]
Jul 10, 00:26 UTC
Customer Impact: PE sample submission process will get delayed
Workaround: [N/A]
Jul 10, 00:26 UTC
Prisma Access: Minimum Panorama Version Changing to 9.0.4 or 9.1.1 on June 9, 2020 00:00 UTC
Subscribe
Update - We are continuing to work on a fix for this issue.
Jun 16, 00:02 UTC
Jun 16, 00:02 UTC
Identified - Starting June 9, 2020 00:00 UTC, Prisma Access deployments using the Cloud Services 1.5 plugin are not supported for use with Prisma Access, and you will not be able to make any changes or commits with the Cloud Services 1.5 plugin. The Cloud Services plugin 1.6 requires Panorama version 9.0.4 and later or 9.1.1 and later; however, for 9.1.x Panorama upgrades, do not upgrade your Panorama to 9.1.x until you install the Cloud Services plugin 1.6 because the 1.4 or 1.5 plugins do not support PAN-OS 9.1.x. You must upgrade the Cloud Services plugin version to 1.6 before upgrading your Panorama to 9.1.1.
If you have additional questions, please contact your Palo Alto Networks representative.
For more information, see the Palo Alto Networks Live article at Prisma Access Panorama Version Upgrade Required
May 29, 09:53 UTC
If you have additional questions, please contact your Palo Alto Networks representative.
For more information, see the Palo Alto Networks Live article at Prisma Access Panorama Version Upgrade Required
May 29, 09:53 UTC
Identified - Cortex Data Lake is currently experiencing an issue in the Americas and the EU.
Customer Impact: On Panorama, Cortex Data Lake storage usage and estimated log retention period are not being accurately displayed. We are actively working to resolve this issue.
Workaround: In the interim, please use the cloud service portal for accurate information on the Cortex Data Lake storage usage and retention details
Apr 16, 19:57 UTC
Customer Impact: On Panorama, Cortex Data Lake storage usage and estimated log retention period are not being accurately displayed. We are actively working to resolve this issue.
Workaround: In the interim, please use the cloud service portal for accurate information on the Cortex Data Lake storage usage and retention details
Apr 16, 19:57 UTC
Monitoring - To promote public health during the COVID-19 outbreak and reduce unnecessary exposure to risk, you may have elected to support your workforce to work from home. If you have a large number of employees working remotely, Prisma Access for Mobile Users provides a scalable way for your remote workers to securely access your organization’s applications and resources - both cloud-based and on-site.
When a large number of mobile users concurrently access a Prisma Access location, Prisma Access detects the increase in mobile users and adds a gateway to accommodate the additional users and enable a steady, predictable performance (also known as an auto-scale event). If you expect that a large number of users will be accessing Prisma Access, Palo Alto Networks recommends the following best practices:
- Make sure that your mobile user IP address pool is sufficient. As a guideline, verify that you have at least twice the number of IP addresses in the pool than the number of user devices that will connect to Prisma Access. This over-allocation ensures that enough IP addresses are available for auto-scale events. If you cannot allocate a sufficiently large IP address pool, contact Palo Alto Networks support to review an alternate design, which may include deploying a NAT policy in your data center.
- Proactively whitelist both the active and reserved gateway and portal IP addresses, so that your users do not lose any connectivity, if you whitelist Prisma Access IP addresses on your network.
To whitelist the gateway and portal IP addresses, run the API script and run commands with a serviceType of gp_gateway and gp_portal and an addrType of active (to get the currently-active gateway and portal addresses) and reserved (to get the IP addresses that are held in reserve for activation on a scaling event).
You can also set up a mechanism to be notified of IP address changes when Prisma Access auto-scales to support the increase in demand. If you have a script running on a web server that can process HTTP Post Notifications, add an IP Change Event Notification URL so that you are notified of changes to IP addresses. You can then re-run the API script to retrieve the new addresses, on-demand.
- Exclude video traffic, which uses high bandwidth and is a low security risk, from being sent to Prisma Access. GlobalProtect provides several configuration options to exclude video streaming traffic from being tunneled to Prisma Access. This configuration ensures prioritization of traffic for business critical applications. The following are some examples for video traffic exclusion:
-- Lower-risk video streaming applications such as YouTube or Netflix
-- Low-risk client applications such as RingCentral
-- Traffic destined to a specified domain name
Mar 13, 19:58 UTC
When a large number of mobile users concurrently access a Prisma Access location, Prisma Access detects the increase in mobile users and adds a gateway to accommodate the additional users and enable a steady, predictable performance (also known as an auto-scale event). If you expect that a large number of users will be accessing Prisma Access, Palo Alto Networks recommends the following best practices:
- Make sure that your mobile user IP address pool is sufficient. As a guideline, verify that you have at least twice the number of IP addresses in the pool than the number of user devices that will connect to Prisma Access. This over-allocation ensures that enough IP addresses are available for auto-scale events. If you cannot allocate a sufficiently large IP address pool, contact Palo Alto Networks support to review an alternate design, which may include deploying a NAT policy in your data center.
- Proactively whitelist both the active and reserved gateway and portal IP addresses, so that your users do not lose any connectivity, if you whitelist Prisma Access IP addresses on your network.
To whitelist the gateway and portal IP addresses, run the API script and run commands with a serviceType of gp_gateway and gp_portal and an addrType of active (to get the currently-active gateway and portal addresses) and reserved (to get the IP addresses that are held in reserve for activation on a scaling event).
You can also set up a mechanism to be notified of IP address changes when Prisma Access auto-scales to support the increase in demand. If you have a script running on a web server that can process HTTP Post Notifications, add an IP Change Event Notification URL so that you are notified of changes to IP addresses. You can then re-run the API script to retrieve the new addresses, on-demand.
- Exclude video traffic, which uses high bandwidth and is a low security risk, from being sent to Prisma Access. GlobalProtect provides several configuration options to exclude video streaming traffic from being tunneled to Prisma Access. This configuration ensures prioritization of traffic for business critical applications. The following are some examples for video traffic exclusion:
-- Lower-risk video streaming applications such as YouTube or Netflix
-- Low-risk client applications such as RingCentral
-- Traffic destined to a specified domain name
Mar 13, 19:58 UTC
About This Site
This page provides status information on Palo Alto Networks Cloud Services.
AutoFocus
Operational
Cortex Data Lake
Operational
Americas
Operational
EU
Operational
UK
Operational
Cortex XDR - Analytics
Operational
Americas
Operational
Europe
Operational
Cortex XDR 1.0
Operational
Americas
Operational
Europe
Operational
Cortex XDR 2.0
Operational
Europe
Operational
Americas
Operational
United Kingdom
Operational
Singapore
Operational
DNS Security
Operational
Directory Sync Service
Operational
Americas
Operational
EU
Operational
Hub
?
Operational
PAN-DB Cloud
Operational
Prisma Access
Operational
Americas-Argentina
Operational
Americas-Bolivia
Operational
Americas-Brazil Central
Operational
Americas-Brazil East
Operational
Americas-Brazil South
Operational
Americas-Canada Central
Operational
Americas-Canada East
Operational
Americas-Canada West
Operational
Americas-Chile
Operational
Americas-Colombia
Operational
Americas-Costa Rica
Operational
Americas-Ecuador
Operational
Americas-Mexico Central
Operational
Americas-Mexico West
Operational
Americas-Panama
Operational
Americas-Paraguay
Operational
Americas-Peru
Operational
Americas-US Central
Operational
Americas-US East
Operational
Americas-US Northeast
Operational
Americas-US Northwest
Operational
Americas-US South
Operational
Americas-US Southeast
Operational
Americas-US Southwest
Operational
Americas-US West
Operational
Americas-Venezuela
Operational
APAC-Australia East
Operational
APAC-Australia South
Operational
APAC-Australia Southeast
Operational
APAC-Bangladesh
Operational
APAC-Cambodia
Operational
APAC-Hong Kong
Operational
APAC-India North
Operational
APAC-India South
Operational
APAC-India West
Operational
APAC-Indonesia
Operational
APAC-Japan Central
Operational
APAC-Japan South
Operational
APAC-Malaysia
Operational
APAC-Myanmar
Operational
APAC-New Zealand
Operational
APAC-Pakistan South
Operational
APAC-Pakistan West
Operational
APAC-Papua New Guinea
Operational
APAC-Philippines
Operational
APAC-Singapore
Operational
APAC-South Korea
Operational
APAC-Taiwan
Operational
APAC-Thailand
Operational
APAC-Vietnam
Operational
EMEA-Andorra
Operational
EMEA-Austria
Operational
EMEA-Belarus
Operational
EMEA-Belgium
Operational
EMEA-Bulgaria
Operational
EMEA-Croatia
Operational
EMEA-Czech Republic
Operational
EMEA-Denmark
Operational
EMEA-Finland
Operational
EMEA-France North
Operational
EMEA-France South
Operational
EMEA-Germany Central
Operational
EMEA-Germany North
Operational
EMEA-Germany South
Operational
EMEA-Greece
Operational
EMEA-Hungary
Operational
EMEA-Ireland
Operational
EMEA-Italy
Operational
EMEA-Liechtenstein
Operational
EMEA-Lithuania
Operational