PAN-OS 8.1.8 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
End-of-Life (EoL)
PAN-OS 8.1.8 Addressed Issues
PAN-OS® 8.1.8 addressed issues
Issue ID | Description |
---|---|
WF500-5023 | Fixed an issue on WF-500 appliances where
the cluster service took longer than expected to start due to a
large number of queued sample data. |
WF500-4974 | Fixed an issue on WF-500 appliances where
the static analysis results displayed in the PDF report but did
not display in the WildFire® analysis summary of the web interface. |
WF500-4844 | Fixed an issue on WildFire appliance clusters
where the passive-controller responded with the incorrect Common
Name (CN) in the certificate, which caused the registration to fail. |
WF500-4838 | Fixed an intermittent issue on a WF-500
appliance where WildFire reports took longer than expected to generate,
which caused the task to automatically timeout. |
WF500-4785 | Fixed a rare issue on WF-500 appliances
where the firewall did not respond after you upgraded the appliance
from a PAN-OS® 8.0.1 release to a PAN-OS 8.0.10 or later release.
With this fix, you can run the new debug software raid fixup auto CLI command
to recover the RAID controller. |
WF500-4784 | Fixed an issue on a WF-500 appliance where
during a reboot, the following error message displayed: FATAL: module nbd not found. |
WF500-4743 | Fixed an intermittent issue on a WF-500
appliance where the CLI command debug wildfire reset global-database fix stopped
responding. |
PAN-116316 | Fixed an issue where RTP and RTCP predict
sessions failed, which caused RTSP based video streaming to stop
processing. |
PAN-116084 | Fixed a file descriptor issue that caused
an interface on a VM-Series firewall on Azure to stop receiving
traffic. |
PAN-114984 | Fixed OpenSSL vulnerability CVE-2019-1559,
see PAN-SA-2019-0039 for details. |
PAN-114403 | Fixed an issue on Panorama™ M-Series and
virtual appliances where serial numbers for deployed firewalls did
not display in the web interface with the exception of GlobalProtect™
cloud service firewalls. |
PAN-114181 | Fixed an issue where the firewall incorrectly
triggered Reverse Path Forwarding (RPF), which caused packet leaks. |
PAN-113692 | Fixed an intermittent issue on a firewall
in a high availability (HA) active/passive configuration where five
minutes after a failover test IP routes disappeared, which caused
traffic interruptions. |
PAN-113446 | Fixed an issue where the firewall unintentionally
generated the following system log: Installed content package WildFire is newer than available package, skipping, when
you checked for WildFire updates. |
PAN-112815 | Fixed an issue on a firewall in an HA active/passive
configuration where a process (useridd) did not respond
to the alternate user attribute (DeviceUser IdentificationGroup Mapping Settings<group mapping-name>User and Group Attributes)
on the passive firewall during a restart. |
PAN-112814 | Fixed an issue where H.323-based calls lost
audio because the predicted H.245 session was not converted to Active
status, which caused the firewall to drop the H.245 traffic. |
PAN-112729 | Fixed an issue on Panorama M-Series and
virtual appliances where Decrypted Sessions Info (PanoramaManaged DevicesHealthAll Devices<device-name>Sessions)
did not display as expected for VM-Series firewalls. |
PAN-112445 | Fixed an issue on a firewall in an HA active/passive
configuration where a race condition caused the firewall to stop
responding after an HA1 link flap. |
PAN-112194 | Fixed an issue where packet buffers did
not release GlobalProtect clientless VPN packets, which caused the
firewall to stop responding. |
PAN-112187 | Fixed an issue where a process (report_gen)
ran out-of-memory, which caused the dataplane to restart. |
PAN-111897 | Fixed an issue where the tags were not set
on OSPFv3 routes redistributed to BGP-3. |
PAN-111844 | (VM-50 and VM-50 Lite firewalls only)
Fixed a rare out-of-memory (OOM) condition. |
PAN-111822 | (PA-3200, PA-5200, and PA-7000 Series
firewalls only) Fixed an intermittent issue on a firewall configured
with policy-based forwarding (PBF) and symmetric return, where traffic
dropped because the ARP table did not get updated. |
PAN-111679 | Fixed an issue where URL filtering profiles
were being incorrectly applied to security policies during a commit. |
PAN-111653 | Fixed an issue on PA-7000 Series firewalls
where an internal packet buffer leak caused heartbeat failures. |
PAN-111052 | Fixed an issue where a firewall silently
dropped TCP packets when you enabled the Antivirus profile while
the software deterministic finite automation (DFA) option is disabled
(DFA is disabled by default). |
PAN-111048 | Fixed an issue where the show object dynamic address group XML
API command returned an invalid error message: You must specify a valid Device Group. |
PAN-110996 | Fixed an issue where the dataplane stopped
responding due to an incorrectly calculated offset when you configured Exclude video
traffic from the tunnel (NetworkGlobalProtectGateways<gateway-name>AgentVideo Traffic). |
PAN-110873 | Fixed an issue where member interfaces of
the aggregate interface did not display on web interface (PanoramaManaged DevicesHealthAll Devices<device-name>Interfaces). |
PAN-110796 | Fixed an issue on PA-3200 and PA-5200 Series
firewalls where an erroneous dataplane error (power status is bad, shutting system down)
caused the firewall to shutdown. |
PAN-110758 | Fixed an issue on Panorama M-Series and
virtual appliances where you were unable to configure the firewall
to disable the portal log-in page. |
PAN-110628 | Fixed an issue where user groups were deleted
from the Group Include List (DeviceUser identificationGroup Mapping Settings<group-name>Group
Include List) if you changed the LDAP
server profile account password. |
PAN-110441 | (PA-5200 Series firewall only)
Fixed an intermittent issue where the internal path monitoring failed,
which caused the firewall to unexpectedly restart. |
PAN-110390 | Fixed an issue on PA-7000 Series firewalls
where invalid filters caused the device management server to stop
responding when you generated a database (DB) report from a remote
firewall. |
PAN-110336 | (PA-3000, PA-3200, PA-5000, PA-5200,
and PA-7000 Series firewalls only)Fixed an issue where a process (mpreplay)
restarted and caused the offload traffic to drop. |
PAN-110273 | Fixed an issue where you were unable to
establish OSPF neighborship when an OSPF routing protocol was configured
with MD5 authentication and one of the firewalls was restarted. |
PAN-109966 | Fixed an issue where the content update
threshold downloaded and installed an older content version after
you manually installed a newer content version. |
PAN-109954 | Fixed an issue where a commit failed with
an error message: cluster is missing 'encryption' when
HA Traffic Encryption (PanoramaManaged WildFire Clusters<appliance-name>Communication) was not configured
and after upgrading from PAN-OS 8.0.12 to PAN-OS 8.1.4. |
PAN-109944 | Fixed an intermittent issue where a process (configd)
restarted due to a race condition when generating custom reports. |
PAN-109837 | Fixed an issue where a race condition occurred
when a configuration push and Netflow update occurred simultaneously,
which caused the dataplane to restart. |
PAN-109803 | Fixed an issue where credential phishing
prevention did not detect user or password phishing when passwords,
which contained two discontiguous character spaces were used. |
PAN-109759 | Fixed an issue where the firewall did not
generate a notification for the GlobalProtect client when the firewall
denied unencrypted TLS sessions due to an authentication policy
match. |
PAN-109757 | Fixed an issue on Panorama M-Series and
virtual appliances where the management server stopped responding
when the log collector disconnected and reconnected to Panorama. |
PAN-109665 | Fixed an issue where you were unable to
disable the Graceful Restart (NetworkVirtual Routers<router-name>BGPAdvanced) configuration. |
PAN-109619 | Fixed an issue where a physical or Aggregate
Ethernet (AE) Layer 3 configuration edit (NetworkInterfaces<interface-name>)
removed the DHCP Client setting when it was configured in the subinterface. |
PAN-109575 | Fixed an issue where you were unable to
configure more than one device certificate (DeviceCertificate ManagementCertificates<device certificate-name>)
with Trusted Root CA. |
PAN-109344 | Fixed an issue where service objects did
not import into Panorama when you configured them identically but
with different names. |
PAN-109101 | Fixed an issue where you were unable to
override IKE Gateway configurations (NetworkIKE Gateways<template-name>)
in the template stack. However, with this fix, you still cannot
override template stacks when you configure any value with "none."
Additionally, to override the Local Identification, select Authentication in
the pop-up dialogue. |
PAN-108878 | Fixed an issue where host traffic ICMP packets
larger than 9,180 bytes dropped when you configured a jumbo frame
with a maximum MTU value of 9,216 bytes and with the DF option enabled. |
PAN-108846 | Fixed an issue where a higher than expected
rate of tunnel resolution packets occurred due to an internal loop,
which caused a spike in dataplane CPU usage for firewalls that support
distributed tunnel ownership. |
PAN-108715 | Fixed an issue where the firewall did not
update the dataplane DNS cache after the management plane (MP) DNS
entries expired, which caused evasion signatures to erroneously
trigger a Suspicious TLS/HTTP Evasion Found event. |
PAN-108620 | Fixed an issue where Traps ESM (MonitorTraps ESM)
logs were sent to the Log Collector but did not display in the web
interface. |
PAN-108459 | Fixed an issue where Network Activity (ACCNetwork Activity)
incorrectly displayed no session activity at random time points. |
PAN-108409 | Fixed an issue on a firewall in an HA active/passive
configuration where scheduled dynamic updates pushed from Panorama
to the managed firewalls failed. |
PAN-108215 | Fixed an issue where the test security-policy-match CLI
command ignored source-user when matching
security policies. |
PAN-108164 | Fixed an issue where a process (tund)
caused the dataplane to restart during a commit. |
PAN-107998 | Fixed an issue where you could not log-in
to GlobalProtect and resulted in the following error message: The client certificate is invalid. Please contact your IT administrator. |
PAN-107662 | Fixed an issue on a firewall in an HA active/active
configuration where client-bound DHCPv6 packets dropped when you
configured the firewall as a DHCPv6 relay agent. |
PAN-107370 | Fixed an issue where IPv6 traffic throughput
reduced more than expected after you updated a static ND entry (NetworkInterfaces<interface-name>AdvancedND Entries)
by moving the interface to a different virtual router. |
PAN-107126 | Fixed an issue where an SSL inbound session
cache corruption caused a process (all_pktproc) to
stop responding. |
PAN-106950 | Fixed an intermittent issue where authd
CPU usage is higher than expected during RADIUS authentication. |
PAN-106861 | Fixed an issue where stale route entries
remained in the FIB after the routes were removed from the routing
table when you used a redistribution rule without a profile. |
PAN-106783 | Fixed an issue where after a SAML authentication
an incorrect query was sent to the web browser. |
PAN-106746 | Fixed an issue where VoIP traffic dropped
when policy-based forwarding (PBF) was configured as a rule. |
PAN-106735 | Fixed an issue where the firewall incorrectly
set the FPGA, which caused the dataplane to stop responding. |
PAN-106695 | Fixed an issue on a firewall in an HA active/passive
configuration where the Panorama management server enabled the administrator
to clone a rule on the passive firewall. |
PAN-106433 | Fixed an issue where after you configured
Packet Buffer Protection on a firewall, a process (all_pktproc)
stopped responding. |
PAN-106259 | Fixed an issue on a firewall in an HA active/passive
configuration where the passive firewall reported a higher number
of GlobalProtect user accounts than the active firewall. |
PAN-106249 | (PA-200, PA-220, and PA-800 Series firewalls
only) Fixed an issue where the Block IP List option,
which is not supported, displayed in the administrator role profile (DeviceAdmin RoleWeb UI). |
PAN-106069 | Fixed an issue on a firewall in an HA active/active
configuration where the iBGP peer default route did not get added
to the routing table after a reboot of either firewall. |
PAN-105925 | Fixed an issue where the GlobalProtect Gateway
web interface did not display the list of previous users. |
PAN-105466 | Fixed an issue where the Allow
matching usernames without domain (DeviceUser IdentificationUser-ID Agent SetupCache) configuration did not
respond without a domain when you used the PAN-OS XML API. |
PAN-105397 | Fixed an issue where a firewall incorrectly
processed path monitoring, which originated from a NAT firewall
on the same network segment. |
PAN-105252 | Fixed an intermittent issue on a firewall
where dataplane CPU spikes occurred, which caused an LACP flap. |
PAN-105086 | Fixed an issue where the firewall incorrectly
calculated the password expiry time for admin accounts, which caused
Panorama to push locked user accounts. |
PAN-104578 | (PA-800 Series firewalls only)
Fixed an issue on a firewall in an HA active/passive configuration
where the HA failover took longer than expected. |
PAN-104568 | Fixed an issue where the firewall did not
send emails when you configured the email gateway with an FQDN. |
PAN-104274 | Addressed an issue where in a slow network
environment the firewall displayed an error message: error on line 1 at column 1: document is empty when
you used an API call to fetch a license even when the auth code
was successfully applied. Extremely slow networks may still see
this issue. |
PAN-104264 | Fixed an issue where the Panorama management
server stopped responding when you upgraded from PAN-OS 8.0.9 to
PAN-OS 8.1.3. |
PAN-104007 | Fixed an issue where the WildFire signatures
sent Windows Server Updates Services (WSUS) traffic when the virus
identification was incorrectly enabled in the ms-sms app definition. |
PAN-103863 | Fixed an issue where the IPSec tunnel restart (NetworkIPSec TunnelsIKE Info) did not display properly
on the web interface. |
PAN-103844 | Fixed an issue where Global Find incorrectly
returned the query when there were more than one users or groups
listed in the security rule. |
PAN-103367 | Fixed an issue where Detailed Log View (MonitorTrafficDetailed
Log View) did not display the file blocking
logs as expected. |
PAN-103061 | Fixed an issue where special characters
contained in the comment field of the Ethernet Interface web interface
caused a process (devsrvr) to stop responding. |
PAN-102979 | Fixed an issue where Dynamic Updates did
not display expired threat prevention licenses when you tried to
install an application from Panorama. |
PAN-102595 | Fixed an intermittent issue on a firewall
in an HA active/active configuration where fragmented ICMP and UDP
packets dropped from the packet transmission. |
PAN-102532 | Fixed an issue where the firewall used an
expired certificate, which caused connecting to Cortex Data Lake
to fail. |
PAN-102327 | Fixed an issue on PA-3200 Series firewalls
in an HA active/passive configuration where the copper ports of
passive firewall were active when the passive link state was set
to shutdown. |
PAN-102145 | Fixed an issue where the API keys did not
update after you changed the master key. |
PAN-102029 | Fixed an issue on a firewall where the DNS
resolution routed through the dataplane and configured with a service
route, stopped responding when the management interface was not
configured. |
PAN-101764 | Fixed an issue where a process (slmgr)
stopped responding during an auto-commit. |
PAN-101391 | Fixed an issue where the scheduled nightly
custom report was not generated or emailed as expected. |
PAN-101379 | Fixed an issue where an invalid Captive
Portal authentication policy was successfully pushed to managed
firewalls, which caused autocommits to fail. |
PAN-100832 | Fixed an issue where, when you performed
a Commit from Panorama to bring a firewall back to sync, the rule
order displayed a random distribution instead of reflecting the
order configured in Panorama. |
PAN-100742 | Fixed an issue on Panorama M-Series and
virtual appliances where scheduled reports generated more than one
DNS lookups, which caused inconsistent name resolutions for DNS
deployments. |
PAN-100693 | Fixed an issue where you were unable to
process Address Group match criteria when the match name included
the double quotation ( " ) character. |
PAN-99976 | Fixed an issue where a process (pan_threatvault_reports)
caused the elastic search script and another process (configd)
to stop responding. |
PAN-99707 | Fixed an issue where the command-line interface
(CLI) displayed an error message when you used a parenthesis character
in a Global Protect External Gateway name. |
PAN-99640 | A security-related fix was made to address
a denial of service (DoS) vulnerability in PAN-OS Linux Kernel (CVE-2017-8890). |
PAN-99478 | Fixed an issue where a daemon (authd)
took longer than expected to fetch group mapping, which caused commits
to take longer than expected. |
PAN-99354 | Fixed an issue where the firewall incorrectly
denied URL access when the URL filtering profile was configured
to alert. |
PAN-98746 | Fixed an issue where GlobalProtect clientless
VPN did not get redirected to the application URL when you used
Internet Explorer as a web browser. |
PAN-98386 | Fixed an issue where a security rule with
an "Any" destination address did not shadow rules with IPv6 destination
addresses when you performed a commit or configuration validation. |
PAN-98107 | Fixed an issue on PA-7000 Series firewalls
where Encapsulating Security Payload (ESP) sequence numbers were
reused when multiple proxy IDs were in use, which caused ESP traffic
to drop while you conducted an ESP sequence check. |
PAN-97953 | Fixed an issue where Threats (MonitorReportsThreat ReportsThreats) did not display resolved
Threat IDs to Threat/Content Names for disabled signatures as expected. |
PAN-97862 | Fixed an issue where an administrator with
a custom configuration role could not export custom reports and
returned the following error message: Error enqueuing export job. |
PAN-97700 | Fixed an issue where administrators could
not view Managed Collectors (PanoramaManaged Collectors) web interface. |
PAN-97488 | Fixed an issue on Panorama M-Series and
virtual appliances where the commit preview did not display as expected. |
PAN-97288 | Fixed an issue on GlobalProtect Clientless
VPN where the URL gets truncated when you exclude the domain from
the rewrite exclude domain list. |
PAN-97187 | Fixed an issue on VM-Series firewalls where
a configuration commit failed due to a reversed bootstrapping process
where the configuration was applied before the auth code. |
PAN-96036 | Fixed an issue on Panorama M-Series and
virtual appliances where the Group Include List (DeviceUser Identification<group-name>Group
Include List) search function did not
respond as expected. |
PAN-95644 | Fixed an issue on a firewall where the web
interface did not display traffic and unified logs due to a race
condition. |
PAN-94475 | (Panorama virtual appliances only)
Improved a condition where a disk calculation error resulted in
an erroneous opt/panlogs/ partition full condition and caused a
process (CDB) to stop responding. |
PAN-94161 | Fixed an issue where the log collector mode
did not display logs as expected after you rebooted Panorama. |
PAN-92872 | Fixed an intermittent issue where the firewall
sent packets incorrectly to an outgoing interface. |
PAN-92161 | Fixed an issue where an internal power status
reported as abnormal caused the firewall
to shutdown. |
PAN-92155 | Fixed an issue where administrators were
unable to configure an IP address using templates for HA2 (DeviceHigh AvailabilityData Link (HA2)) after setting
the configuration to IP or Ethernet for Panorama
management servers in an HA configuration. |
PAN-81778 | Fixed an issue where scheduled reports did
not generate as expected due to a race condition. |
PAN-79640 | Fixed an issue where the firewall intermittently
logged incorrect actions for WildFire submissions and reports. |