PAN-OS 9.0.0 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
End-of-Life (EoL)
PAN-OS 9.0.0 Addressed Issues
PAN-OS® 9.0.0 addressed issues.
Issue ID | Description |
---|---|
WF500-4811 | Fixed an issue where WF-500 appliances displayed the
wrong WildFire® content version (show system info)
after a WildFire content update. |
PAN-109668 | A security related fix was made to limit
the amount of information returned from an API call error message. |
PAN-109124 | A security-related fix was made to address
an issue where you were unable to retrieve GlobalProtect™ cloud service
threat packet captures from the Logging Service on Panorama™ M-Series
and virtual appliances. |
PAN-109096 | Fixed an issue where the firewall did not
remove the 4 Byte AS Format number when Remove
Private AS is enabled. |
PAN-109003 | Fixed an issue on Panorama M-Series and
virtual appliances where a process (configd) stopped
responding during a local commit. |
PAN-107887 | Fixed an issue where an API call did not
return the details of the security policy when you added a service group. |
PAN-107779 | Fixed an issue where Wildfire signature
version information was no longer displayed after you activated
a GlobalProtect client. |
PAN-107117 | Fixed an issue where device administrators
were unable to manually upload signature files (DeviceDynamic Updates)
and the firewall displayed the following error message: Youneed superuser privileges to do that. |
PAN-106784 | Fixed an issue where the firewall revealed
password hashes in the web interface when changing administrator passwords. |
PAN-106721 | Fixed an intermittent issue where a processor
cache memory corruption caused a reload when the firewall freed packets
from the buffer. |
PAN-106695 | Fixed an issue on a firewall in a high availability
(HA) active/passive configuration where the Panorama management
server enabled the administrator to clone a rule on the passive
firewall. |
PAN-106331 | Fixed an issue with multiple or overlapping
custom URL categories where traffic matched the incorrect Security policy
rule when the custom URL category was used in a Security policy
rule with a URL filtering profile. |
PAN-106181 | Fixed an issue where the Cancel option
was removed to prevent access when you Require Password Change
on First Login (DeviceSetupManagement). |
PAN-106019 | Fixed an issue where a process (routed)
stopped responding when an incomplete command ran in the XML API. |
PAN-105849 | A security-related fix was made to address
an issue with the wf_curl.log file in
WF-500 appliances (WildFire). |
PAN-105737 | Fixed an issue where AUX ports remained
in Down state after you upgraded to PAN-OS® 8.1.7. |
PAN-105684 | Fixed as issue on a firewall in an HA active/passive configuration
where OSPF and BGP running on an Aggregate Ethernet (AE) with LACP
enabled took longer than expected after a failover. |
PAN-105040 | Fixed an issue where the dataplane processor
caused memory loss in the packet buffer pool. |
PAN-104623 | Fixed an issue where a process (brdagent)
printed QoS information messages in the brdagent.log file, which
caused a missed heartbeat and the firewall to restart. |
PAN-104616 | Fixed an issue where certificate imports
failed when you used a backslash ( \ ) character
in a password to export certificates. |
PAN-104578 | (PA-800 Series firewalls only)
Fixed an issue on a firewall in an HA active/passive configuration where
the HA failover took longer than expected. |
PAN-104572 | Fixed an issue on Panorama M-Series and
virtual appliances where the configd.log file displayed schema error
messages after you created an administrator role with context switch
UI permissions enabled. |
PAN-104354 | Fixed an issue on a firewall in an HA active/passive configuration
where the passive firewall ran a configuration out of sync after
a restart. |
PAN-104078 | Fixed an issue where administrators could
not successfully add conditional advertisements (NetworkVirtual Routers<virtual-router>BGPConditional Adv)
for BGP routing tables (changes were lost after commit). |
PAN-103863 | Fixed an issue where the IPSec tunnel restart (NetworkIPSec TunnelsIKE Info) did not display properly
on the web interface. |
PAN-103857 | Fixed an issue on a firewall in an HA active/passive configuration
where the suspended firewall processed traffic. |
PAN-103615 | Fixed an issue where scheduled log exports
failed on nonstandard ports. |
PAN-103192 | Fixed an issue on a firewall where the Global
Find for IPSec tunnels displayed incorrect search results. |
PAN-103061 | Fixed an issue where special characters
contained in the CLI comment field caused the process (devsrvr)
to stop responding. |
PAN-103055 | Fixed an issue where you were unable to
filter Address Groups (ObjectsAddress Groups) by an address
object name. |
PAN-102779 | Fixed an issue on a PA-3000 Series firewall
where multiple (all_pktproc) processes failed and caused
the dataplane to stop responding. |
PAN-102526 | Fixed an issue on Panorama M-Series and
virtual appliances where disk quota edits failed and displayed the following
error message: quota-settings -> disk-quota is invalid. |
PAN-102029 | Fixed an issue on a firewall where the DNS
resolution routed through the dataplane and configured with a service route,
stopped responding when the management interface was not configured. |
PAN-101821 | Fixed an issue where Referer was spelled
incorrectly in the HTTP Headers section of the Detailed Log View (MonitorURL Filtering). |
PAN-101451 | Fixed an issue where SNMP queries displayed incorrect
values. |
PAN-101391 | Fixed an issue where the scheduled nightly
custom report was not generated or emailed as expected. |
PAN-101365 | Fixed an intermittent issue where the session
ID did not clear when the session ID is set to 0. |
PAN-101294 | Fixed an issue where administrators were
allowed to create tunnel interfaces from the template stack. |
PAN-101068 | Fixed an issue where the object identifier
(OID) ifAdminStatus incorrectly displayed up when
configured to down. |
PAN-100656 | Fixed an issue Panorama M-Series and virtual appliances
where duplicate entries in BGP redistribution configurations were
not verified, which caused commits to fail. |
PAN-100464 | Fixed an issue where the sub-interfaces
and the configurations were deleted when you tried to override the subinterface
of a template stack. |
PAN-100154 | Fixed an issue where the default static
route always became the active route and took precedence over a
DHCP auto-created default route that was pointing to the same gateway
regardless of the metrics or order of installation. With this fix,
the firewall no longer installs the default static route in the
FIB when the system has both a DHCP auto-created default route and
a manually configured default static route pointing to the same
gateway. |
PAN-100049 | Fixed an issue on Panorama M-Series and
virtual appliances where Push Scope Selection (CommitPush to Devices) selected firewalls not
in the hierarchy of the firewall you selected. |
PAN-99945 | Fixed an issue on Panorama where the progress
bar in the web interface stopped responding and did not display any
status after sending a commit or activating an auth code even though
the task completed successfully. |
PAN-99640 | A security-related fix was made to address
a denial of service (DoS) vulnerability in PAN-OS Linux Kernel (CVE-2017-8890). |
PAN-99551 | Fixed an issue on a firewall in an HA active/passive configuration
where the User-ID™ process stopped responding on the passive firewall
when the system was managing a high number of (more than 30,000)
active users. |
PAN-99447 | "Virtual and M-Series Panorama appliances
and Log Collectors only) Fixed an issue where a Log Collector
received logs destined for closed Elasticsearch (ES) indices, which
caused indices to return failure messages and, when the issue persisted
for more than a few hours, caused Log Collectors to disconnect and reconnect
repeatedly when attempting (and failing) to process the re-queued
logs. |
PAN-98130 | Fixed an intermittent issue where the firewall
allowed traffic based on an unmatched rule after a session rematch is
triggered. |
PAN-98005 | Fixed an issue where adding more than eight
Log Collectors to a collector group caused the configuration (configd)
process to stop responding. |
PAN-97848 | Fixed an issue where if you deployed Panorama
on KVM, it deployed in Legacy mode instead of Management Only mode
even when meeting the minimum resource requirements for Management
Only mode. |
PAN-97417 | Fixed an issue where the loopback IP address redistributed
to the Local RIB table instead of the Adj-RIBs-out table. |
PAN-96344 | Fixed an issue on a firewall where TCP reset
packets were sent even after you set the vulnerability profile action to
drop the packets. |
PAN-96297 | Fixed an issue where a process (useridd)
stopped responding due to the syslog server messages not parsing
with field identifiers. |
PAN-95445 This fix requires
the VMware NSX 2.0.4 or a later plugin. | Fixed an issue where VM-Series firewalls
for NSX and firewalls in an NSX notify group (PanoramaVMware NSXNotify Group)
briefly dropped traffic while receiving dynamic address updates after
the primary Panorama in a high availability (HA) configuration failed
over. |
PAN-94486 | Fixed an issue where the dataplane did not
get a dynamic IP address assigned because the process (routed)
did not release it. |
PAN-92725 | Fixed an issue on the firewall and Panorama management
server where the web interface became unresponsive because the (cord)
process restarted after you configured multiple log forwarding destinations
in a single forwarding rule for Correlation logs (DeviceLog Settings). |
PAN-92485 | Fixed an issue on Panorama M-Series and
virtual appliances where you were unable to set the MTU (NetworkInterfacesEthernet<Interface>Ethernet InterfaceAdvancedOther Info) value to more than 1460
bytes with Jumbo Frames enabled. |
PAN-91930 | Fixed an issue on Panorama M-Series and
virtual appliances where you were unable to type in tunnel zone names
in the Tunnel Source Zone (Policies >Pre Rules ><rule-name>InspectionSecurity Options) field. |
PAN-91499 | Fixed an issue on a firewall where an address
object FQDN resolution returned the IPv6 DNS record but did not return
all associated -- IPv4 and IPv6 -- DNS records. |
PAN-91442 | Fixed an issue where an external dynamic
list with an invalid IPv6 address range caused commits to fail. |
PAN-82278 | Fixed an issue where filtering did not work
for Threat logs when you filtered for threat names that contained certain
characters: single quotation (’), double
quotation (”), back slash (\),
forward slash (/), backspace (\b),
form feed (\f), new line (\n),
carriage return (\r), and tab (\t). |
PAN-72861 | Fixed an issue where when you configured
a PA-5200 Series or PA-7000 Series firewall to perform tunnel-in-tunnel
inspection, which includes GRE keep-alive packets (PoliciesTunnel Inspection<tunnel_inspection_rule>InspectionInspect Options),
and ran the clear session all CLI command
while traffic was traversing a tunnel, the firewall temporarily
dropped tunneled packets. |