Fixed Issues

The following table describes the issues resolved.

Problem Report Description

Release 22.7R1


If a user group has a SAML attribute user rule mapped to it, changing SAML auth to local auth in the user policy should alert with a warning.


Analytics dashboard shows the MDM device attribute failure if there is a hybrid device policy(Location, HC, MDM) enforced on Secure Access Policy wherein the non-compliance is actually due to HC/Location failures.


ZTA Gateway shows upgrade failed and shows a different version on the Secure Access Gateways dashboard when upgraded to latest version but the console of the gateway is successfully upgraded.


Gateway UI will not validate IP address /subnet and subnet Gateway info while creating ZTA Gateway under Manage Gateways.


If the vendor name field is left blank in a Windows Firewall device rule, it will result in the AAA journal version being decremented to -1.

Release 22.6R1.2

PZT-41502 Add/Delete Gateway in the Gateway Group is not working.


While editing an existing FQDN app policy with App Discovery enabled to a URL based policy, App Discovery checkbox gets greyed out and not editable.


Upgrade/Downgrade of ESAP might cause bad config state, if configured product not present in old release.

Release 22.6R1


Fixed wildcard with unsupported FQDN format.

PZT- 41443

ZTA Gateway Upgrade issue with VMware ESX.

PZT- 41414

Error when loading end user login or any other sign-in policy page.


New GW deployment loses the interface configuration and controller registration details upon reboot from GCP Instance options.


Unauthorized error 401 is displayed when trying to login as readonly/cxo/netadmin to the controller not having any Gateways registered.


Page not found when trying to login with the pre-canned Network admin role configured under System >Admin Roles


Non-compliance policy failure reason is empty on the drill down log view dashboard when non-compliance is reported while accessing RDP/Ipv4 application type.


Endpoint connection to the controller will fail and show the status as 'Failed' when Rule requirement >custom expression is configured under Secure Access > Manage Devices >Device Policies due to AAA journal version failure.


After upgrading MOD AAA to latest build, assigned roles are missing in cache and admin login might fail.


Location Device rule does not save properly when denying access from a specific city but allowing access from the same country.


Controller UI should show error while creating Gateway Group if one of the Gateway in the Gateway Group is mapped with a known network tag in Gateway Selector configuration.


Lockdown enable/disable done on tenant, taking 3-9 minutes to reflect in client connstore.dat file.


Risk Sense evaluation for Windows 10 22H2 endpoints is returning as 'Not Available'.

Release 22.5R1.3


The connection status is shown as Connecting and some users are not able to establish the connection.


Data is not loading on Insights > Overview page.

Release 22.5R1.2


Fixed log swap issue between the gateway and timestamp fields.


Page not found error while clicking on Administration > Admin Management > Admin Roles with read-only admin (pre-canned role) logging in.

Release 22.5R1


Multiple SAP policies having Device policy configured with AV rule results in incorrect cache on AAA.


Report format CSV/JSON has the epoch timestamp instead of human readable

Release 22.4R3


When device rule is edited, corresponding sign-in policy does not get updated with new policy.


Issue in downloading logs from nSA is now resolved.


New gateway deployed in GCP looses it's configuration upon first reboot from GCP Instance options.


Application details with Kerberos/LDAP/NTP not detecting when migrating from ICS to ZTA.


After upgrade or rollback Gateway certificate is shown wrongly in gateway group.

Release 22.4R1


ZTA connection fails with Invalid Client Certificate error.

PZT-38173 User name not displayed properly in tenant access logs.


If 22.2R1 or below version of gateways are present and OGS feature is configured, older Gateways may not go to ready state.


Admin rules cannot be deleted when attached to an admin group.

Release 22.3R4
PZT-36792 If a SAP is created with stand-alone non-ready gateways then that can trigger skipping of all the applications that have OGS.
PZT-37610 When Admin navigates to SAP page and expands two App groups, same Apps are shown for both App groups.
PZT-37611 When Admin navigates to SAP page, performing App group expansion and changing records per page leads to disappearance of expand option in SAP policy groups.
Release 22.3R2
PZT-37228 Error while loading the Secure Access Policies page.
Release 22.3R1
PZT-26902 Dynamic tunnel IP: NAT rules are not seen on Gateways when a newly added Gateway is added to a Gateway Group.
PZT-29624 The MSP admin portal UI is throwing an error when kept idle, and then not redirecting to the login page.
PZT-31679 An unregistered Gateway's status should show as Offline in the "Gateway By Status" chart drill-down view when log grouping is applied, and also on the Landing page gateway detailed view.
PZT-32217 Search API triggered multiple times with different payload due to which the logs are not getting filtered intermittently when navigating from Insight Logs to Gateway Logs and vice-versa.
PZT-33284 If SAML user authentication is configured before enabling a custom domain, the SAML policy remains configured with the standard domain URL.
PZT-35770 :Invalid Client Certificate Error 1147 is seen during user connection.
PZT-36790 No alert generated for Policy configured on Enrollment URLs.
PRS-412051 The user is prompted multiple times to switch to the new UI when upgrading .
Release 22.2R1
PZT-15594 Client configuration: Disable Splash screen option is not working.
PZT-22198 Mac Intune Client is not launching automatically after the client installation.
PZT-23470 CEF EUP on mac: With system local auth, some SSO apps are not launching with Safari as the default system browser, with a certificate prompt appearing twice.
PZT-24993 Linux Windows multi sign-in: Changing the user sign-in URL from one URL to another is not prompting for fresh credentials.
PZT-26431 Certificate rotation on macOS: When the device certificate expires and the end-user attempts to connect, "Error 1151" is not prompting properly.
PZT-27640 Summary ribbon tile charts are not aligned properly.
PZT-28838 Gateways Overview: An L4 dashboard should display only the chart and table data based on the drop-down selected on the originating L2 dashboard chart. For example, selecting to view "Major Errors" should not show other error severity levels in the L4 view.
PZT-28841 Logs in the Gateways Overview L4 dashboard for the "Gateway Stats" chart shows only the current state (active view) logs despite the parent L2 dashboard page having a non-active view time period set.
PZT-28844 Unable to use the group-by feature with all the keys on the Gateways Overview L4 dashboards of "Top 10 gateways by Errors", "Access Trend" and "Gateway Stats".
PZT-29143 Unable to filter and search with "Gateway Status" set to "offline" and "Gateway Version" set to "pre-22.1" on the Gateways Overview L4 dashboard of "Gateway Stats".
PZT-29281 Gateways Overview "Top 10 Gateways by Health" chart displays the gateway statistics only for pre-22.1 s for "Previous Day" and "Previous Week" historic views.
PZT-29811 Log Export might fail if the number of logs to be exported is more than 400K.
PZT-32742 Gateways older than the version provided with 22.2R1 are entering a bad state due to the inability to apply journal updates. After 15 minutes, the Gateway will do a full config pull and recover.
Release 22.1R1
PZT-21416 EUP: Accessing RDP and SSH application links does not pick the default application installed on the device.
PZT-21813 Regression - Bookmarks API Response is fluctuating between 200 success and 500 error HTTP response codes under certain scenario.
PZT-24098 Global Device Preferences - the client is not honoring "Allow Delete Connection".
PZT-24546 Multi sign-in URLs: Login behavior is different for with standard login and non-standard multiple sign-in login URLs when no Secure Access Policy (SAP) is configured on the Controller.
PZT-27300 In a location device rule, it is not possible to update the City field by just typing locations rather than selecting them from the drop-down list fields.
PZT-27538 Date-picker is popping out of the main dashboard on the Connected Clients chart L4 detailed logs page, as the title of the chart is long.
PZT-27546 Policy Failure page summary strip is populated by data for the previous day when the weekly historic view is selected.
PZT-27593 Configuring a SAML auth server using the manual method while leaving "IDP Slo Service" field empty can cause a 500 status code error.
PZT-27743 Due to low network bandwidth availability, upgrading a Gateway to the 21.12R1-95 build fails (the event logs shows "HTTP error 409 after PUT" messages continuously).
PZT-27999 CA rotation breaks leaf renewal for 21.9.3 12679.
Release 21.12R1
PZT-26604 Sessions are not timing out on the Controller even when there is no corresponding user session on a client device.
PZT-27416 Handle the Policy Failure by Locations chart visibility on Policy failures page.
Release 21.6R1
PZT-20309 Error while installing the client.
Release 21.1R1
PZT-15937 "dsunitytaskd" process failed in ESXI 189 gateway while upgrading to 131.
Release 20.12R1
PZT-15533 Client Configuration - Save User credentials option does not work.
Release 20.10R1
PZT-10907 Configuring single user rule to match multiple values is not supported.
Release 20.9R1
PZT-11677 SAML Authentication fails if the azure metadata is uploaded for first time.