PAN-OS 9.1.7 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
End-of-Life (EoL)
PAN-OS 9.1.7 Addressed Issues
PAN-OS® 9.1.7 addressed issues.
Issue ID | Description |
|---|---|
PAN-158691 | Fixed an issue with GPRS tunneling protocol
(GTP) event packet capture (pcap) where enabling Packet Capture did
not work. |
PAN-156375 | Fixed an issue where multiple all_pktoproc daemons
restarted while processing HTTP/2 traffic in sw_offload. |
PAN-156017 | Fixed an issue where a host information
profile (HIP) report XML buffer caused a memory leak. |
PAN-155517 | Fixed an issue where a sudden increase in
URL-cloud data challenged the cache capacity of the device. |
PAN-155453 | Fixed an issue in the configuration logs
where the destination zone was masked by asterisks. |
PAN-155053 | Fixed an issue where user information in
the Clientless VPN wasn't handled properly in high availability
(HA) configurations, which resulted in the firewall being unable
to create more user sessions. |
PAN-154323 | Fixed an issue in Panorama where frequent
API requests caused the Panorama web interface to become unresponsive.
This issue occurred because the web interface automatically refreshed
after each request. |
PAN-154016 | Fixed an issue where auto-commits failed
for VM-Series firewalls bootstrapped with new content installation
during bootstrap. The firewalls displayed the following error message: Details:Error: Undefined application <application-name>. |
PAN-153791 | Fixed an issue in dpdk code that cause a
system restart on a process (brdagent). |
PAN-153526 | (PA-7000 Series firewalls with 100G
NPC (Network Processing Cards) only) Fixed an issue where multicast
groups were not set correctly, which caused ARP entries to display
as incomplete and not update to correct values. |
PAN-153207 | Fixed an issue for VM-Series firewalls deployed
on Azure where a process (pan_comm) restarted if DPDK
was on. |
PAN-153174 | Fixed an issue where using XML API to download
pcap did not work if the pcap file was larger than 8MB. |
PAN-153107 | Fixed an issue where a dataplane process
stopped responding while processing fragmented traffic on GTP-U
tunnels. |
PAN-152912 | Fixed an issue where a content update caused
the Panorama XML cache build to fail. This resulted references of
the used objects on Panorama being removed, which caused commits
on the managed firewalls to fail. |
PAN-152762 | Fixed an issue where role-based administrators
were unable to import certificate key pairs onto firewalls. |
PAN-152746 | Fixed an issue where the firewall dropped
GTPv2-x Create Session Response packets with the following error
message: bad port 84b. |
PAN-152743 | Fixed an issue where, when initial flows
from both directions reached the firewall at the same time, a race
condition occurred, which caused the firewall to display the following
error message: Duplicate flows detected while inserting <number>, flow <number> with the same key.
The flow keys were identical due to the flows having the same SRC
and DST ports. |
PAN-152098 | Fixed an issue where the Policy Optimizer
for some device groups showed incorrect data with a - character
in the rule usage column. |
PAN-151872 | Fixed an issue where MAC addresses containing
certain characters in sequential order caused an issue with TCP
connections |
PAN-151691 | Fixed an issue where the number of items
under Add match criteria for Dynamic Address
Groups did not update after setting a search filter string. |
PAN-151584 | Fixed an issue where the firewall changed
the TTL (time-to-live) value in DNS responses to 0 when the firewall
failed to resolve the DNS Security service, which caused a large
amount of DNS requests to be sent to the DNS server. |
PAN-151486 | Fixed an issue where user activity reports
failed to run when the firewall was in FIPS mode. |
PAN-151483 | Fixed an issue where, when an out-of-order
stream of TCP packets was subjected to HTTP header insertion, the
packets were duplicated. |
PAN-151458 | Fixed an issue on firewalls with HA active/active
configurations where GlobalProtect gateways timed out on-demand
connections. This occurred because the Inactivity Logout timer did
not reset. |
PAN-151214 | Fixed an issue where an XML API call to
display configuration logs truncated the change-preview field
of the logs if the entry had more than 64 characters. |
PAN-151210 | Fixed an issue where the dynamic address
group learned in the parent dynamic group was not pushed to the
child dynamic address group if the child dynamic address group was
not configured with notify groups under
the respective plugin. When using the CLI command debug dau settings device-group recursive yes/no,
clear previous dynamic address group entries from the Panorama database using
the CLI command debug dau clear database device-group <dynamic address group name> for
all dynamic address groups under the hierarchy for the dynamic address group
configured in the monitoring definition. Also, do a full sync from the
plugins configured using the command request plugins <plugin-name> sync. |
PAN-150968 | Fixed a rare issue with HTTP/2 decryption
that caused packet header bytes to be corrupted, which caused packet
drops. |
PAN-150852 | Fixed an issue with SMTP that occurred when
attachment file names were longer than the allocated buffer. If
the file name was longer than the buffer and Layer 7 inspection
was enabled, the file was dropped, which caused session errors and
an email to not be sent. |
PAN-150247 | Fixed an issue on the firewall where GlobalProtect
Clientless VPN portal landing page customization for the navbar_bg_color variable
did not take effect. |
PAN-149915 | Fixed an issue where a Panorama virtual
appliance was unable to manage more than 2,500 firewalls when 28
or more CPU cores were available. |
PAN-149645 | Fixed an issue in a virtual wire deployment
configured with Link State Pass Through enabled
where, when one member port went down, the peer port took longer
than expected to change the status to Down. |
PAN-149641 | Fixed an issue where firewalls stopped refreshing
IP tag information when configured with the VM Information Sources feature
with a VMWare vCenter Server. |
PAN-149547 | Fixed an issue where, after a change in
Security policies, traffic logs for inner GTP-U sessions did not
show IMSI or IMEI fields
following a commit. |
PAN-149339 | Fixed an issue where, when an ECMP route
changed, the flow table in the offload engine was not updated. |
PAN-149327 | Fixed an issue where the show gtp info CLI
command returned an error. |
PAN-149297 | Fixed a buffer overflow issue on the management
server, which forced the administrator to log out on the web interface. |
PAN-149207 | Fixed an issue where the clear log acc CLI
command did not remove URL summary logs. |
PAN-149101 | Fixed an issue where the first SYN message
of an FTP-DATA connection was dropped on non-session-owner appliances
in an HA active/active configuration. |
PAN-148818 | Fixed an issue where the decryption profile
was configured without the Block sessions with expired
certificates option, but the firewall still blocked
websites that were signed by an Expired AddTrust Root CA (certificate
authority). |
PAN-148767 | Fixed an issue where the firewall incorrectly
created GTP-U sessions from Create Session Request and Create Session
Response packets. |
PAN-147959 | Fixed an issue where the last commit state
did not change to config sent to device when
pushing a device group configuration in the Managed Device
> Summary page on Panorama. |
PAN-147720 | Fixed an issue where the firewall management
server crashed when a report with a duration of 7 or more days was
run. |
PAN-147385 | Fixed an issue where firewall buffers were
depleted with GTP traffic due to the mishandling of conflicting
sessions. |
PAN-146373 | (VM-Series firewalls only) Fixed
an issue where a memory leak occurred on a process (vm_agent)
due to host synchronization check. |
PAN-146236 | Fixed an issue where the firewall was unable
to properly create stream control transmission protocol (SCTP) sessions
for multi-homed environments when multiple endpoints on the same
SCTP associations sent INIT/INIT-ACK chunks during handshakes. |
PAN-144376 | Fixed an issue in a multi-vsys environment
where the firewall dropped RTP predict sessions and was unable to
match them to their parent sessions due to a zone change. |
PAN-142604 | Fixed an issue where virtual memory of a
process (configd) continuously increased until it stopped responding. |
PAN-142548 | Fixed an memory leak issue in a process (configd)
that caused the firewall to be inaccessible. |
PAN-142103 | Fixed an issue where administrators were
logged out of the web interface while making changes. |
PAN-141719 | Fixed an issue where the before-change-preview and after-change-preview filters
were usable even though they did not return configuration logs. |
PAN-141255 | Removed the fields device SN and device
name on Panorama from the predefined filter used in Log
Forwarding and Log Settings. |
PAN-140985 | Fixed an issue where Cortex Data Lake traffic
was identified as ssl instead of paloalto-logging-service. |
PAN-140222 | Fixed an issue where logs were not forwarded
to the syslog server with the following error message: profile: Syslog (1) is duplicated. |
PAN-137233 | Fixed an issue where authenticating to GlobalProtect
via expired SAML requests (waiting more than 10 minutes) still sent
authentication to the SAML server. This invalidated the previously
connected gateway and connected users to the second best gateway. |
PAN-129314 | Fixed an issue where the internal SQLite3
database was locked, which caused a process (useridd)
to stop responding and group mapping retrieval to fail. This issue
also caused the group mapping list to not display from the CLI. |
PAN-124579 | Fixed an issue where a process (all_task_3) restarted,
which caused the tunnels to reset. |
PAN-119161 | (PA-7000 Series firewalls only)
Fixed an issue where firewalls were unable to start up a Network
Processing Card (NCP) due to a process (brdagent) restarting
repeatedly. |
PAN-110720 | Fixed an issue where a high volume of traffic
over SSL VPN caused a process (all_pktproc) to unexpectedly
stop responding. |
PAN-100489 | Fixed an issue where the Group
found flag was set to NO on User-ID
logs on the web interface, even when the user belonged to a group
retrieved from the Active Directory (AD) server. |
PAN-79640 | Fixed an issue where the firewall intermittently
logged incorrect actions for WildFire submissions and reports. |