>
    PAN-OS 8.1.6 Addressed Issues
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. PAN-OS 8.1 Addressed Issues
    4. PAN-OS 8.1.6 Addressed Issues
    Download PDF

    PAN-OS 8.1.6 Addressed Issues

    Table of Contents
    End-of-Life (EoL)

    PAN-OS 8.1.6 Addressed Issues

    PAN-OS® 8.1.6 addressed issues
    Issue ID
    Description
    WF500-4901
    Fixed an issue where files sent by Traps™ to WildFire® were referenced for trusted signers in the incorrect database, which resulted in a malicious file verdict and caused conflicting post detection events.
    WF500-4893
    (RADIUS server profile configurations only) Fixed an issue where the RADIUS authentication protocol was incorrectly changed to CHAP authentication when you pushed a commit from a Panorama™ appliance running a PAN-OS® 8.1 release to a WF-500 appliance running a PAN-OS 8.0 release.
    WF500-4869
    Fixed an issue on a WF-500 appliance where the sample analysis failed when using FIPS-CC mode.
    WF500-4815
    Fixed an intermittent issue on WF-500 appliances where the Redis command line interface (CLI) failed to execute during master node re-balancing.
    WF500-4747
    Fixed an issue on a WF-500 appliance where the Panorama™ management server ran unrelated Logging Service threads.
    WF500-4636
    (WF-500 Appliances only) Fixed a rare issue that occurred after upgrading from a PAN-OS 8.0 release to a PAN-OS 8.1 release where the disk partition became full due to the amount of data on the drive and, when you tried to delete the backup database to free up space, the debug wildfire reset backup-database-for-old-samples CLI command failed and resulted in the following error: Server error : Client wf_devsrvr not ready.
    PAN-111305
    Fixed an issue where you were unable to reference certificate profiles from the External Dynamic Lists (ObjectsExternal Dynamic ListsAddCreate List) but instead, you had to type in the certificate profile.
    PAN-110448
    Fixed an issue on PA-3200 Series firewalls where the dataplane took longer than expected to respond or intermittently stopped responding after a firewall reboot.
    PAN-109594
    Fixed an issue where the dataplane restarted when an IPsec rekey event occurred and caused a tunnel process (tund) failure when one--but not both--HA peer is running PAN-OS 8.0.14 or PAN-OS 8.1.5.
    PAN-109124
    A security-related fix was made to address an issue where you were unable to retrieve GlobalProtect™ cloud service threat packet captures from the Logging Service on Panorama M-Series and virtual appliances.
    PAN-108785
    Fixed an intermittent issue on a firewall in an HA active/passive configuration where a ping test stopped responding on Ethernet 1/1, 1/2, and 1/4 due to input errors on the corresponding switch port after an HA failover.
    PAN-108241
    Fixed an issue on a PA-3200 Series firewall where multiple dataplane processes (all_pktproc, flow_mgmt, flow_ctrl, and pktlog_forwarding) stopped responding when overloaded with traffic.
    PAN-108165
    Fixed memory issues on Palo Alto Networks hardware and virtual appliances that caused intermittent management plane instability.
    PAN-108161
    Fixed an issue on an HA active/passive configuration where GTP sessions did not properly sync to the passive firewall, which caused a failure on the passive firewall during a failover.
    PAN-107895
    Fixed an issue where PDP Delete Response packet did not match the GTPv1-C tunnel session, which caused the generated GTP log to display incorrect session data.
    PAN-107893
    Fixed an issue where a Delete PDP Context Response (MonitorLogsGTP) did not correlate with a Delete PDP Context Request and appeared as a new session.
    PAN-107790
    Fixed an issue where Application incorrectly displayed as unknown-udp instead of gtp-c for the GTPv1-C tunnel management message GTP Event Type.
    PAN-107734
    Fixed an intermittent issue where IPSec Tunnels failed due to a race condition between the (pan_task) process and (tund) process.
    PAN-107694
    Fixed an issue on Panorama M-Series and virtual appliances where after you selected Allow with Ticket (NetworksGlobalProtectPortals <Portal-Name>App) the web interface Generate Ticket did not display.
    PAN-107290
    Fixed an issue where a single API call failed to locate a Device Group node and create a device node for the Device Group when necessary.
    PAN-107262
    A security-related fix was made to prevent cross-site scripting (XSS) attacks through the PAN-OS Management Web Interface (CVE-2019-1566).
    PAN-106947
    Fixed an intermittent issue where a large number of out-of-order TCP packets caused packet buffer depletion.
    PAN-106776
    A security-related fix was made to prevent a cross-site scripting (XSS) vulnerability in PAN-OS External Dynamic Lists (CVE-2019-1565).
    PAN-106759
    Fixed an issue in an HA active/passive configuration where a process (configd) restarted due to a memory error.
    PAN-106253
    Fixed an issue where the GTP Message Type Modify Bearer Response and GTP Event Code 124223 were denied due to failed stateful inspections.
    PAN-106251
    Fixed an issue where the list of Panorama Managed Devices did not display (PanoramaDeviceDeploymentLicenses).
    PAN-105928
    Fixed an issue on a firewall where server side data packets dropped after a terminated challenge ACK session was reused.
    PAN-105759
    Fixed an issue on PA-3200 Series and PA-5200 Series firewalls in an HA active/active configuration where the SNMP notification did not report the HA interfaces.
    PAN-105570
    (PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls only) Fixed an issue where the QoS profile rule did not match non-offloaded traffic as expected.
    PAN-105567
    Fixed an intermittent issue on Panorama M-Series and virtual appliances where a cloned security or NAT policy used the incorrect Rule order.
    PAN-105348
    Fixed an issue on Panorama M-Series and virtual appliances where Dynamic Updates (DeviceDynamic Updates) did not allow local overrides on an existing template.
    PAN-105281
    (PAN-OS 8.1.6 and later) Fixed an issue where a SAML based GlobalProtect re-authentication portal displayed an authentication error after you have previously logged in.
    PAN-105157
    Fixed an intermittent issue on Panaoram M-Series and virtual appliances where logs did not display due to a file descriptor limit by the process (Elasticsearch).
    PAN-105103
    Fixed an intermittent issue where GTP logs did not display due to GTP packets with an APN > 14 bytes caused the traffic log to reach the limit and stopped generating logs.
    PAN-105012
    Fixed an issue on Panorama M-Series and virtual appliances where a log migration from an old-disk pair to a new-disk pair failed with the following error message: Error restoring disks from RMAed device, which caused the (configd) process to fail.
    PAN-104463
    Fixed an intermittent issue where the DNS resolution stopped responding when the firewall acted as a DNS proxy and the DNS request volume was higher than expected.
    PAN-104361
    Fixed an issue on a firewall in an HA active/passive configuration where a process (all_task) failed due to a (bad_gtp_header) code on the passive firewall after upgrading from PAN-OS 8.0.12.
    PAN-104300
    Fixed an issue on a firewall where a process (mprelay) stopped responding while the (> debug dataplane internal pdt) command was processed.
    PAN-104165
    Fixed an issue on a VM-Series firewall configured to use the i40e single-root input/output virtualization (SR-IOV) virtual function (VF) with VLAN tagging dropped Ethernet frames exceeding 1496 bytes.
    PAN-104077
    Fixed an intermittent issue where User-ID™ stopped responding, which caused the user IP mapping to not display.
    PAN-104042
    Fixed an issue where directly connected IPv4 routes do not display in the routing table after the firewall was restarted.
    PAN-104041
    Fixed an issue where the web interface management session failed to time out as expected when you set the Idle Timeout (DeviceSetupManagementAuthentication SettingsEdit) to more than five minutes.
    PAN-103665
    Fixed an issue on an HA active/active configuration where the active primary LLDP profile could not be copied to the active secondary firewall.
    PAN-103224
    Fixed an issue on a VM-Series firewall where the initialization buffer caused the firewall to stop responding when five or more interfaces were active.
    PAN-102954
    A security-related fix was made to address a code parameter in the clientless VPN portal.
    PAN-102625
    Fixed an issue on a firewall where traffic stopped passing due to higher than normal duplicate TCP ACK packets sent from the client side, which caused a spike in packet buffers and packet descriptor usage.
    PAN-102338
    Fixed an issue where you were unable to configure Maximum Egress (NetworkQoS) to 10000 Mbps on a 10000 Mbps port.
    PAN-101990
    Fixed an issue on Panorama M-Series and virtual appliances in an HA active/passive configuration where you were unable to edit the template variables (PanoramaSummary).
    PAN-101973
    Fixed an issue where you were unable to configure IPv6 variables (NetworkVirtual RoutersAddStaticRoutesIPv6).
    PAN-101882
    Fixed an issue on Panorama M-Series and virtual appliances where a partial Commit and Push for one or more administrators incorrectly sets the Push scope to all relevant firewalls as if a full Commit and Push was performed.
    PAN-101851
    Fixed an intermittent issue on PAN-OS 8.1.3 and later releases, where downloading files from email services were allowed when the file blocking profile was configured to block email service file downloads.
    PAN-101800
    Fixed an issue where the parent session stopped responding during a file transfer using a decryption enabled FTP server with the following error message: Lost connection.
    PAN-101692
    Fixed an issue where the (show session all filter nat-rule) command did not respond with destination NAT rules.
    PAN-101684
    Fixed an issue on Panorama M-Series and virtual appliances where adding a threat exception for a child Device Group caused existing rules to be removed from the Global Device Group.
    PAN-101614
    Fixed an issue on a firewall where SSL/TLS Service Profile (DeviceSSL/TLS Service Profile) values failed to change after an override.
    PAN-101607
    Fixed an issue where template administrators with the required permission made configuration changes on shared objects and the Commit failed with the following error message: No pending change to commit.
    PAN-101401
    Fixed an issue where a DNS App-ID™ security policy allowed non-DNS traffic to flow through.
    PAN-101202
    Fixed an issue on a firewall where the TFC padding parameter was set to null when negotiating with a peer device capable of TFC padding during IKEv2 negotiations.
    PAN-101185
    Fixed an issue on Panorama M-Series and virtual appliances where the Decrypt Mirror (NetworkInterfacesEthernetInterface Type) template setting did not Push to a firewall.
    PAN-101031
    Fixed an issue where you were unable to select existing certificates after you created an IKE gateway on a template stack and changed Authentication to Certificate.
    PAN-101029
    Fixed an issue where routing traffic dropped due to an increased activity in global counter (flow_fpga_rcv_egr_L3_NH_NF) when an interface is moved from one virtual router to another.
    PAN-100962
    Fixed an issue on Panorama M-Series and virtual appliances where the disk quota configuration exceeded a combined total of 100 percent when a Push was performed from Panorama due to value discrepancies between Panorama and the firewall.
    PAN-100717
    Fixed an issue where the (configd) process depleted memory when you deleted multiple security rules with an XML API call.
    PAN-100623
    Fixed an issue on a firewall in an HA active/passive configuration where a higher than normal rate of HA session update messages caused higher than normal CPU usage on both active and passive nodes.
    PAN-100381
    Fixed an issue on a firewall in an HA configuration where a path monitoring variable was not available for Destination IP (DeviceHigh AvailabilityLink and Path MonitoringAdd Virtual Router Path).
    PAN-100173
    Fixed an issue where H.323 based calls had audio issues due to the predicted RTP session not following the policy-based forwarding (PBF) rules that sends traffic from the client to servers, which caused RTP traffic to be forwarded incorrectly by route.
    PAN-99924
    Fixed an issue where the Panorama management server web and CLI stopped responding after a partial configuration load (PanoramaSetupOperations).
    PAN-99764
    Fixed an issue on VM-Series firewalls where CPU calculations for additional vCPUs in the dataplane did not display correctly.
    PAN-99742
    Fixed an issue on a PA-500 Series firewall where SSL Forward Proxy was denied due to insufficient shared memory.
    PAN-99621
    Fixed an issue on a firewall where Captive Portal sessions matched incorrect policies and were incorrectly logged in the traffic log.
    PAN-99504
    Fixed an issue on a firewall where Group Mapping (DeviceUser IdentificationGroup Mapping Settings) did not display the list of LDAP server profile users when a Domino server with an empty distinguished name (DN) was used.
    PAN-99079
    Fixed an issue on Panorama M-Series and virtual appliances where Logging Service was enabled, traffic log filters with a variable length subnet mask did not display any logs.
    PAN-99058
    Fixed an issue where threat log messages (SCAN: UDP Port Scan) appeared when the UDP port scan traffic rate was less than the Reconnaissance Protection UDP port scan threshold.
    PAN-99002
    Fixed a rare issue where XML files with random file sizes failed to upload through API calls.
    PAN-99000
    Fixed an issue where the packet capture option did not display (MonitorTraffic) when administrators switched context from Panorama to a managed firewall.
    PAN-98861
    Fixed an issue where shadowed rule warnings did not display during commits.
    PAN-98811
    Fixed an issue on Panorama M-Series and virtual appliances where Group Mapping Settings (ObjectSecurity ProfileURL FilteringUser Credential Detection) did not display profile names.
    PAN-98786
    Fixed an issue where websites were not accessible when you configured a decryption policy Action to No Decrypt and enabled Block sessions with expired certificates.
    PAN-98625
    Fixed an issue where the Threat Category (MonitorThreat) did not display as expected on Panorama M-Series and virtual appliances when it received logs from PA-200, PA-220, PA-500, and PA-800 Series firewalls.
    PAN-97898
    Fixed a rare issue where the traffic log did not generate data due to a negative log counter reading.
    PAN-97743
    Fixed an issue where the firewall did not recognize the small form-factor pluggable (SFP) port, which caused the dataplane to restart when the path monitor process stopped responding.
    To ensure a successful upgrade to PAN-OS 8.1.6 for this fix, re-seat all connected SFP transceivers and then follow the upgrade path described in the PAN-OS 8.1 upgrade procedure (PAN-OS 8.1 New Features Guide).
    PAN-97672
    Fixed an issue where polled SNMP object identifiers (OID) stopped responding after the firewall was restarted.
    PAN-97670
    Fixed an issue on a VM-Series firewall in an HA active/passive configuration where after a reboot, the passive firewall sent ARP packets during the initialization state, which caused a traffic conflict with the active firewall.
    PAN-97496
    Fixed an issue on a firewall where the (show running resource-monitor ingress-backlogs) CLI command displayed invalid session IDs.
    PAN-97298
    (PAN-OS 8.1.1 and later releases only) Fixed an issue where Address Groups (ObjectsAddress Groups) search results were cleared from the web interface when you switched between tabs.
    PAN-97223
    Fixed an issue where an administrator with superuser access was unable to remove a configuration lock from a logged out administrator whose username contained a backslash (" \ ").
    PAN-97139
    Fixed an issue where the GlobalProtect Data File (DeviceDynamic UpdatesGlobalProtect data File) version did not update after a PAN-OS 8.1 upgrade.
    PAN-95975
    Fixed an issue on a firewall in an HA active/passive configuration where the scheduled antivirus content update failed due to a process (mgmtsrvr) failure.
    PAN-95121
    Fixed an issue where applications gets disabled after you enabled them during the install or revert of application and threat signatures.
    PAN-93112
    Fixed an issue on a PA-5200 Series firewall where small form-factor pluggable (SFP) ports only linked in auto negotiation mode.
    PAN-91059
    Fixed an issue where GTP log query filters did not work when you filtered based on a value of unknown for the message type or GTP interface fields (MonitorLogsGTP).
    PAN-90096
    Fixed an issue where Threat logs recorded incorrect IMSI values for GTP packets when you enabled Packet Capture in Vulnerability Protection profiles (ObjectsSecurity ProfilesVulnerability Protection<vulnerability_protection_profile>Rules).
    PAN-88461
    Fixed an issue on PA-3050 and PA-3060 firewalls in an HA active/passive configuration with link state pass-through enabled in virtual wire (vwire) where the Aggregate Ethernet (AE) interface communication failed during an HA failover event.
    PAN-84292
    Fixed an issue on a firewall where the (show system state browser) command window displayed live traffic values toggle between zero and other incorrect values.

    © 2024 Palo Alto Networks, Inc. All rights reserved.