PAN-OS 8.1.7 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
End-of-Life (EoL)
PAN-OS 8.1.7 Addressed Issues
PAN-OS® 8.1.7 addressed issues
Issue ID | Description |
---|---|
WF500-4093 | Fixed an issue on a WF-500 appliance cluster
where a firewall failed to join the cluster with a large data set
of previously processed files. |
PAN-113536 | Fixed an issue where the automatic refresh
of external dynamic lists (EDLs) did not update the URL or Domain
EDLs. |
PAN-112540 | Fixed an issue on a VM-Series firewall where
traffic stopped processing and resumed processing only after the
firewall was restarted. |
PAN-112428 | (Panorama™ running PAN-OS® 8.1.6 only)
Fixed an intermittent issue where autocommits failed and Panorama
stopped displaying device groups when managing a WildFire® appliance
running PAN-OS 8.1.5 or an earlier PAN-OS 8.1 release. |
PAN-112305 | Fixed an issue where source URLs (ObjectsExternal Dynamic Lists<EDL-name>Create
ListSource URL),
which contained double escape characters caused external dynamic
list entries to display incorrect values in the policies. |
PAN-112098 | Fixed an intermittent issue on a firewall
where outbound traffic failed with an error message: (proxy decrypt failure)
when configured with HTTP Header Insertion (ObjectsSecurity ProfilesURL Filtering<Filter-name>HTTP
Header Insertion). |
PAN-111866 | Fixed an issue where the push scope selection
on the Panorama web interface displayed incorrectly even though
the commit scope displayed as expected. This issue occurred when
one administrator made configuration changes to separate device
groups or templates that affected multiple firewalls and a different
administrator attempted to push those changes. |
PAN-111817 | Fixed an intermittent issue on Panorama
M-Series and virtual appliances where elastic search queries to
Cortex Data Lake did not display logs. |
PAN-111638 | Fixed an issue where the external dynamic
list did not update after a scheduled refresh of the list. |
PAN-111593 | (PA-3200 Series and PA-5200 Series firewalls
only) Fixed an issue where a firewall dropped generic routing
encapsulation (GRE) version 1 traffic. |
PAN-110526 | Fixed an issue where Captive Portal authentication
required two log-in attempts when the authentication sequence was
configured as an authentication profile. |
PAN-110341 | Fixed an issue where the firewall sent RIP
updates more frequently than expected. |
PAN-110293 | Fixed an issue where GTP-U traffic dropped
when the GTP tunnel endpoint ID (TEID) was not updated correctly
during a GTP-C update. |
PAN-110262 | Fixed an issue on VM-Series firewalls Dynamic
Address Groups did not display all the tags and labels for registered
IPs. |
PAN-109668 | A security related fix was made to limit
the amount of information returned from an API call error message. |
PAN-109506 | Fixed an issue where a process (useridd)
stopped responding when the firewall received excessive Security
Assertion Markup Language (SAML) requests received. |
PAN-109336 | (PA-500 and PA-800 Series firewalls
only) Fixed an issue where commits failed after you imported
a device state from Panorama the template configuration referenced
Bidirectional Forwarding Detection (BFD). |
PAN-109187 | Fixed an issue where an administrator with
a custom configuration role could not export reports. |
PAN-109096 | Fixed an issue where the firewall did not
remove the 4-Byte AS Format number when Remove Private
AS was enabled. |
PAN-109003 | Fixed an issue on Panorama M-Series and
virtual appliances where a process (configd) stopped
responding during a local commit. |
PAN-108990 | Fixed an intermittent issue on a firewall
where configuring Force Template Values (NetworkInterfacesCommitPush to DevicesTemplates) deleted the zone
assigned to an interface. |
PAN-108642 | Fixed an issue where P2MP OSPF static neighbor
did not display in the run-time neighbor table. |
PAN-108542 | Fixed an issue where the DHCP client interface
was configured with an incorrect subnet mask value instead of the
value provided by DHCP option 1. |
PAN-108374 | Fixed an issue on GlobalProtect™ where you
were unable to authenticate when the domain name included the ampersand
( & ) character. |
PAN-108123 | Fixed an issue where applications took longer
than expected to load when accessed through a Clientless VPN. |
PAN-107989 | Fixed an issue where the Strict IP Address
Check incorrectly triggered when you enabled ECMP (Network >Virtual RoutersAddRouter settingsECMP). |
PAN-107922 | Fixed an issue on a VM-Series firewall where
packet sizes more than 1,500 bytes caused the firewall to stop transmitting
and receiving packets. |
PAN-107848 | Fixed an issue where commits failed after
a BGP aggregate route configuration modification. |
PAN-107729 | Fixed an issue on a VM-Series firewall where
the PCI-PT interface did not receive VLAN tagged traffic after a
system boot up. |
PAN-107659 | (PA-5000 Series firewalls only)
Fixed an issue where extra byte (1 to 7) padding were appended to
the initial SYN and UDP packets, which caused the server to stop
responding. |
PAN-107636 | (Panorama M-Series and virtual appliances
only) Fixed a rare issue where the web interface did not display
new logs as expected because Elasticsearch (ES) stopped working
when the Raid drives reached maximum capacity and the purge script
to remove old ES indices failed to execute and make room for new
indices. However, this issue also resulted in creation of new ES
indices that were empty because the appliance could not read or
write to them. With this fix, old indices are purged as expected;
however, empty ES indices created before you upgraded to this release
with this fix are not removed as expected (see known issue PAN-114041). |
PAN-107607 | Fixed an issue where the test security-policy-match XML
API command returned invalid XML responses. |
PAN-107240 | Fixed an issue where you were unable to
retrieve the external dynamic list for URLs that included the ampersand
( & ) character in the URL string. |
PAN-107120 | Fixed an intermittent issue on a firewall
where the (all_pktproc) stopped responding and caused
the dataplane to restart. |
PAN-107006 | Fixed an issue where you were unable to
search for service objects by destination port numbers. |
PAN-106963 | Fixed an issue where the firewall did not
display the full URL information in the URL Filtering log (MonitorURL Filtering)
after a (“ ’\r’ “) return character. |
PAN-106922 | A security-related fix was made to address
a denial of service (DoS) vulnerability in PAN-OS SNMP (CVE-2018-18065
/ PAN-SA-2019-0007). |
PAN-106865 | Fixed an issue where DNS proxy memory leaks
occurred during the FQDN refresh process. |
PAN-106857 | Fixed an issue where the dataplane restarted
due to an internal path monitoring failure caused by large SSL decrypted
file transfer sessions. |
PAN-106724 | Fixed an intermittent issue on a firewall
where the log receiver leaked memory after 24 hours of runtime,
which caused the firewall to stop responding. |
PAN-106548 | Fixed an issue where MIB attributes caused
MIB compilation failures when using a third-party compiler. |
PAN-106426 | Fixed an issue where GlobalProtect did not
authenticate and displayed the following error message: search failed 32. |
PAN-106356 | Fixed an issue where you could not log in
to GlobalProtect from a mobile device when the mobile ID contained
a hyphen (-) character in the mobile
ID string. |
PAN-106274 | Fixed an issue on a firewall where a Layer
2 interface that contained a VLAN sub-interface in conjunction with
policy based forwarding (PBF) caused the firewall to forward the
return traffic to the incorrect web interface. |
PAN-105966 | A security-related fix was made to address
the Linux Kernel Local Privilege Escalation vulnerability (CVE-2018-14634
/ PAN-SA-2019-0006). |
PAN-105849 | A security-related fix was made to address
an issue with the wf_curl.log file
in WF-500 appliances (WildFire). |
PAN-105792 | Fixed an issue where NetFlow server profile
traffic did not route over IPSec tunnels when the service route
was configured to use the dataplane interface. |
PAN-105747 | Fixed an issue where correlated events forwarded
as email alerts displayed the incorrect date and time. |
PAN-105684 | Fixed an issue on a firewall in a high availability
(HA) active/passive configuration where OSPF and BGP running on
an Aggregate Ethernet (AE) interface with LACP enabled took longer
than expected to restart after a failover. |
PAN-104866 | Fixed an issue on a VM-Series firewall where
the dataplane interface continuously flapped when PCI passthrough was
enabled with DPDK. |
PAN-104738 | Fixed an intermittent issue where octet
values were incorrect for random flows in the NetFlow traffic. |
PAN-104466 | Fixed an issue on a VM-50 firewall where
an out-of-memory event caused the firewall to restart. |
PAN-104354 | Fixed an issue in an HA active/passive configuration
where the passive firewall ran a configuration out-of-sync after
a restart. |
PAN-104263 | Fixed an issue where the real-time clock
(RTC) battery voltage exceeded the maximum threshold value. |
PAN-104078 | Fixed an issue where BGP conditional advertisements
did not respond, the BGP conditional advertisements did not match
the suppress condition policy even when the prefix in the non-exist
filter condition matched. |
PAN-103857 | Fixed an issue in an HA active/passive configuration
where a suspended firewall processed traffic. |
PAN-103497 | Fixed an issue on PA-3200 Series firewalls
where an SNMP OID (sysObjectID) reported the incorrect
model (for example, PA-2020 instead of PA-3260). |
PAN-103285 | Fixed an issue where an API call (show system disk details),
responded with the following error message: An error occurred. See dagger.log for information. |
PAN-103225 | Fixed an issue on Panorama M-Series and
virtual appliances where the Task Manager did not display progress
after you pushed a configuration to a firewall. |
PAN-103140 | Fixed an issue where a newly deployed VM-Series
firewall in the VMware NSX environment did not display on the summary
web interface (PanoramaSummary)
after a partial commit. |
PAN-103023 | Fixed an intermittent issue where a job
type (content) caused a firewall configuration failure
and the firewall to stop responding. |
PAN-102745 | Fixed an intermittent issue on a firewall
where a commit and FQDN refresh took longer than expected. |
PAN-102526 | Fixed an issue on Panorama M-Series and
virtual appliances where disk quota edits failed and resulted in
the following error message: quota-settings -> disk-quota is invalid. |
PAN-101527 | Fixed an issue on a PA-5200 Series firewall
where enhanced small form-factor pluggable (SFP+) ports were unable
to detect link-fault events on the transmission side. |
PAN-101451 | Fixed an issue where SNMP queries displayed
incorrect values. |
PAN-101365 | Fixed an intermittent issue where the session
ID did not clear when the session ID was set to 0. |
PAN-101341 | Fixed an issue where administrators configured
with Device Group and Template Admin type
were unable to perform a global search and returned the following
message: Unauthorized request. |
PAN-101224 | Fixed an intermittent issue on VM-Series
firewalls in an AWS environment where packets were dropped due to
a longer than expected delay in transmission. |
PAN-101068 | Fixed an issue where the object identifier
(OID) ifAdminStatus incorrectly displayed "up"
when it was configured to be configured "down." |
PAN-100761 | A security-related fix was made to address
a development configuration file issue. |
PAN-100408 | Fixed an issue where the IPv6 flow label
was set to 0 when decryption was configured, which caused the firewall
to drop IPv6 traffic during the SSL handshake. |
PAN-98420 | Fixed an issue on Panorama M-Series and
virtual appliances where TCP port 28 was accessible on management
plane. |
PAN-98128 | Fixed an issue where SYN-ACK packets with
low time-to-live (TTL) values were sent, which caused a connection
failure. |
PAN-97385 | An enhancement was made to enable you to
monitor connections between a firewall and Cortex Data Lake on the
web interface. |
PAN-96344 | Fixed an issue on a firewall where TCP reset
packets were sent even after you set the vulnerability profile action
to drop the packets. |
PAN-96038 | (PA-200 <N/A in 9.0>, PA-220, and
PA-220R firewalls only) Fixed an issue with the Ethernet driver
that caused the firewall to reboot when experiencing heavy broadcast
traffic on the management interface. |
PAN-95034 | Fixed an issue where a firewall stopped
responding when a NAT Dynamic IP and Port (DIPP) was configured
as a NAT dynamic IP fallback. |
PAN-94342 | Fixed an issue where the GlobalProtect Gateway
host information profile (HIP) notification operation failed to
execute and returned the following message: GP-EX-GW-21 -> hip-notification - > win-fw-is-not-enable -> not-match-message -> message is invalid. |
PAN-84670 | Fixed an issue where firewalls that were
not configured to decrypt HTTPS services and applications traffic
allowed users without valid authentication timestamps to access
those resources regardless of Authentication Policy settings. To
prevent such access, either configure the firewall to decrypt traffic
or run the debug device-server cp-deny-encrypted on command
and execute the commit force CLI command
(this command will persist across reboots). |
PAN-82421 | Fixed an issue where the new connection
did not get established after you changed the IP address of a log
collector. |