PAN-OS 9.0.15 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
Cloud Management of NGFWs
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
-
-
- Configure a Filter Access List
- Configure a Filter Prefix List
- Configure a Filter Community List
- Configure a BGP Filter Route Map
- Configure a Filter Route Maps Redistribution List
- Configure a Filter AS Path Access List
- Configure an Address Family Profile
- Configure a BGP Authentication Profile
- Configure a BGP Redistribution Profile
- Configure a BGP Filtering Profile
- Configure an OSPF Authentication Profile
- Configure a Logical Router
- Configure a Static Route
- Configure OSPF
- Configure BGP
- Configure an IPSec Tunnel
- Web Proxy
- Cheat Sheet: GlobalProtect for Cloud Management of NGFWs
-
PAN-OS 10.1
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
-
PAN-OS 9.0 (EoL)
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
-
- Changes to Default Behavior
- Associated Software and Content Versions
- Limitations
-
-
- PAN-OS 9.0.17 Known Issues
- PAN-OS 9.0.16 Known Issues
- PAN-OS 9.0.15 Known Issues
- PAN-OS 9.0.14 Known Issues
- PAN-OS 9.0.13 Known Issues
- PAN-OS 9.0.12 Known Issues
- PAN-OS 9.0.11 Known Issues
- PAN-OS 9.0.10 Known Issues
- PAN-OS 9.0.9 Known Issues
- PAN-OS 9.0.8 Known Issues
- PAN-OS 9.0.7 Known Issues
- PAN-OS 9.0.6 Known Issues
- PAN-OS 9.0.5 (and 9.0.5-h3) Known Issues
- PAN-OS 9.0.4 Known Issues
- PAN-OS 9.0.3 (and 9.0.3-h2 and 9.0.3-h3) Known Issues
- PAN-OS 9.0.2 (and 9.0.2-h4) Known Issues
- PAN-OS 9.0.1 Known Issues
- Known Issues Specific to the WildFire Appliance
-
-
- PAN-OS 9.0.17-h5 Addressed Issues
- PAN-OS 9.0.17-h4 Addressed Issues
- PAN-OS 9.0.17-h1 Addressed Issues
- PAN-OS 9.0.17 Addressed Issues
- PAN-OS 9.0.16-h7 Addressed Issues
- PAN-OS 9.0.16-h6 Addressed Issues
- PAN-OS 9.0.16-h5 Addressed Issues
- PAN-OS 9.0.16-h3 Addressed Issues
- PAN-OS 9.0.16-h2 Addressed Issues
- PAN-OS 9.0.16 Addressed Issues
- PAN-OS 9.0.15 Addressed Issues
- PAN-OS 9.0.14-h4 Addressed Issues
- PAN-OS 9.0.14-h3 Addressed Issues
- PAN-OS 9.0.14 Addressed Issues
- PAN-OS 9.0.13 Addressed Issues
- PAN-OS 9.0.12 Addressed Issues
- PAN-OS 9.0.11 Addressed Issues
- PAN-OS 9.0.10 Addressed Issues
- PAN-OS 9.0.9-h1 Addressed Issues
- PAN-OS 9.0.9 Addressed Issues
- PAN-OS 9.0.8 Addressed Issues
- PAN-OS 9.0.7 Addressed Issues
- PAN-OS 9.0.6 Addressed Issues
- PAN-OS 9.0.5-h3 Addressed Issues
- PAN-OS 9.0.5 Addressed Issues
- PAN-OS 9.0.4 Addressed Issues
- PAN-OS 9.0.3-h3 Addressed Issues
- PAN-OS 9.0.3-h2 Addressed Issues
- PAN-OS 9.0.3 Addressed Issues
- PAN-OS 9.0.2-h4 Addressed Issues
- PAN-OS 9.0.2 Addressed Issues
- PAN-OS 9.0.1 Addressed Issues
- PAN-OS 9.0.0 Addressed Issues
End-of-Life (EoL)
PAN-OS 9.0.15 Addressed Issues
PAN-OS® 9.0.15 addressed issues.
Issue ID | Description |
---|---|
PAN-184592 | A fix was made to address a remote code
execution vulnerability in Elasticsearch included with Panorama
management servers known as Log4Shell (CVE-2021-44228). |
PAN-183767 | Fixed an issue where downloading Dynamic
Updates files failed when connected to the static update server
at us-static.updates.paloaltonetworks.com. |
PAN-179581 | Fixed an issue on firewalls in high availability
(HA) configurations where a process (brdagent) stopped
responding on a suspended active peer, which caused the suspended
firewall to continue sending traffic. |
PAN-174055 | Fixed an issue where SNMP readings reported
as 0 for dataplane interface packet statistics for Amazon Web Services
(AWS) m5n.4xlarge instance types. This issue occurred because the
physical port counters read from MAC addresses were reported as
0. |
PAN-173978 | Fixed an issue where the Elasticsearch process
continuously restarted if zero-length files were present. |
PAN-172783 | Fixed an issue on an HA active/passive configuration
where old (GPRS tunneling protocol) GTP-U tunnel sessions did not
sync to the passive firewall during some upgrades, such as upgrading
from a PAN-OS 8.1 release version to a 9.0 release version or upgrading
from a 9.0 release version to a 9.1 release version. |
PAN-172490 | Fixed an issue on firewalls in HA configuration
where HA-2 links continuously flapped on HSCI interfaces after upgrading
to PAN-OS 8.1.19. |
PAN-172243 | Fixed an issue where NetFlow traffic triggered
a packet buffer leak. |
PAN-171203 | Fixed an issue in an HA configuration where,
when one firewall was active and its peer was in a suspended state,
the suspended firewall continued to send traffic, which triggered
the detection of duplicate MAC addresses. |
PAN-170825 | Fixed an issue where, when a partial Preview Change job
failed, a process (configd) stopped responding. |
PAN-170595 | Fixed an issue with Content and Threat Detection
where traffic patterns created a bus error, which caused the all_pktproc process
to stop responding and the dataplane to restart. |
PAN-166299 | (PA-3000 Series firewalls only)
Fixed an issue where Server Message Block (SMB) sessions failed
due to resource unavailability. |
PAN-166180 | Fixed an issue where SNMPV3 traps were not
processed by the snmptrap receiver
after a firewall reboot. |
PAN-161496 | Fixed an issue when calculating the incremental
checksum after a post-NAT translation where the arguments to pan_in_cksm32_diff overflowed
the 32-bit integer. |
PAN-160708 | Fixed an issue where the dataplane restarted
after configuring a deny_all policy. |
PAN-160238 | Fixed an issue where intermittent VXLAN
packet drops occurred if the TCI was not configured for inspecting
VXLAN traffic. This issue occurred when traffic was migrated from
a firewall running a PAN-OS version earlier than PAN-OS 9.0 to a
firewall running PAN-OS 9.0 or later. |
PAN-158280 | Fixed an issue where SMB session were discarded
with the following error message: ctd out of resource. |
PAN-157730 | Fixed an issue where, after a firewall reboot,
a commit or auto-commit operation failed with the following error
message: ID population failed. This
issue occurred because the Phase1 ID assignment failure did not
trigger an idmgr reset. |
PAN-157725 | Fixed an issue on firewalls where URL category
responses were not processed by the dataplane in a timely fashion,
which adversely affected web-browsing traffic. |
PAN-157632 | Fixed an intermittent issue where the firewall
dropped GTP-U traffic with the message TEID=0x00000000. |
PAN-154526 | Fixed an issue where a process (genindex.sh) caused
high memory usage on the management plane. Due to the resulting
out-of-memory (OOM) condition, multiple processes stopped responding. |
PAN-154433 | Fixed an issue where the firewall was unable
to detect end-user IP address spoofing on the GTP-U for a user data
session when using an IPv6 address. |
PAN-150097 | Fixed an issue where hourly URL summary
log generation failed. |
PAN-147256 | (Firewalls in HA configurations only)
Fixed an issue where connections to the SafeNet hardware security
module (HSM) were lost after upgrading to a new major PAN-OS release. |
PAN-141454 | Fixed an issue where the output of the CLI
command show running resource-monitor ingress-backlogs displayed
an incorrect total utilization value. |
PAN-128634 | A debug command was added to provide more
verbose output when troubleshooting packet processing on the firewall. |
PAN-113093 | Fixed an intermittent issue where, when
the DNS Security cloud was not reachable, DNS responses had bad
UDP checksums. |