Fixed an issue on PA-5200 Series firewalls
where the dataplane stopped responding due to a deadlock when you accessed
the stream session table.
PAN-113845
Fixed an issue where content installation
failed and displayed the following error message: Error: failed to handle TDB_UPDATE_BLOCK,
after you upgraded to PAN-OS® 9.0.
PAN-113771
A security-related fix was made to allow
Online Certificate Status Protocol (OCSP) checks while disallowing HTTP
calls.
PAN-113682
Fixed an issue where the dataplane restarted
when processing HTTP/2 traffic with padded DATA frames.
PAN-113675
A security-related fix was made to address
an authentication bypass vulnerability in PAN-OS Management Web
Interface (CVE-2019-1572/PAN-SA-2019-0005).
PAN-113512
Fixed an issue where an XML API response
for an external dynamic list did not return invalid or ignored members
after you upgraded to PAN-OS 9.0.
PAN-113446
Fixed an issue where the firewall unintentionally generated
the following system log: Installed content package WildFire is newer than available package, skipping,
when you checked for WildFire® updates.
PAN-113302
Fixed an issue where commits to the Panorama™ configuration
after you upgraded to PAN-OS 9.0 failed with the following error
message: statistics-service is invalid.
PAN-112700
(PA-7000 Series firewalls in an HA configuration only)
Fixed an issue that occurred after you upgraded to PAN-OS 9.0 where
some logs displayed a different rule name than the rule name associated
with the universally unique identifier (UUID).
PAN-112592
Fixed an issue on a firewall where the system
log did not generate an alert for AutoFocus™ license expiry.
PAN-112458
Fixed an issue on a firewall where the management server
stopped responding when debugs were configured and you exported
traffic logs (MonitorTraffic <traffic-name>Export to CSV).
PAN-112428
Fixed an intermittent issue where autocommits
failed and Panorama stopped displaying device groups when managing
a WildFire appliance that was running an earlier maintenance release
of the same feature release (such as using Panorama running PAN-OS
8.1.6 to manage a WF-500 appliance that was running PAN-OS 8.1.3).
PAN-112305
Fixed an issue where source (ObjectDynamic Lists <list-name>Create List) URLs, which contained
double escape characters caused external dynamic list entries to
display incorrect values in the policies.
PAN-112274
Fixed an issue on Panorama M-Series and
virtual appliances where a process (configd) stopped
responding when a role-based user with privacy settings disabled,
viewed a scheduled report that required data anonymization.
PAN-112098
Fixed an intermittent issue on a firewall
where outbound traffic failed with an error message: (proxy decrypt failure)
when configured with HTTP Header Insertion (ObjectsSecurity ProfilesURL Filtering <filter-name>HTTP Header Insertion).
PAN-111897
Fixed an issue where the tags were not set
on OSPFv3 routes redistributed to BGP-3.
PAN-111850
Fixed an issue where the firewall did not
capture the number of packets in the threat packet capture (pcap)
as configured in the extended packet capture length setting.
PAN-111822
(PA-3200, PA-5200, and PA-7000 Series
firewalls only) Fixed an intermittent issue on a firewall configured
with policy-based forwarding (PBF) and symmetric return, where traffic
dropped because the ARP table did not get updated.
PAN-111638
Fixed an issue where the external dynamic
list did not update after a scheduled refresh of the list.
PAN-111061
A fix was made to upgrade OpenSSH software included
with PAN-OS (PAN-SA-2020-0005 / CVE-2016-10012).
PAN-111052
Fixed an issue where a firewall silently
dropped TCP packets when you enabled the Antivirus profile while
the software deterministic finite automation (DFA) option is disabled
(DFA is disabled by default).
PAN-110441
(PA-5200 Series firewall only)
Fixed an intermittent issue where the internal path monitoring failed, which
caused the firewall to unexpectedly restart.
PAN-110341
Fixed an issue where the firewall sent RIP
updates more frequently than expected.
PAN-110336
(PA-3000, PA-3200, PA-5000, PA-5200,
and PA-7000 Series firewalls only) Fixed an issue where a process
(mpreplay) restarted and caused the offload traffic
to drop.
PAN-108620
Fixed an issue where Traps ESM logs were
sent to the Log Collector but did not display in the web interface (MonitorTraps ESM).
PAN-108575
Fixed an issue where a process (configd)
stopped responding and displayed the following error message: configd is down.
PAN-108409
Fixed an issue on a firewall in a high availability
(HA) active/passive configuration where scheduled dynamic updates
pushed from Panorama to the managed firewalls failed.
PAN-108113
Fixed an issue where Bidirectional Forwarding Detection
(BFD) did not function on a static route for which the next hop
for that route was an FQDN (instead of an IP address).
PAN-108111
Fixed an issue where Bidirectional Forwarding Detection
(BFD) did not function on a BGP peer that was identified using an
FQDN (instead of an IP address).
PAN-107677
Fixed an issue on GlobalProtect™ where Security Assertion
Markup Language (SAML) authentication failed when you used a macOS
operating system.
PAN-107006
Fixed an issue where you were unable to
search for service objects by destination port numbers.
PAN-106963
Fixed an issue where the firewall did not
display the full URL information in the URL Filtering log (MonitorURL Filtering)
after a ( '\r' ) return character.
PAN-106249
(PA-200, PA-220, and PA-800 Series firewalls only)
Fixed an issue where the Block IP List option,
which is not supported, displayed in the administrator role profile (DeviceAdmin RoleWeb UI).
PAN-104263
Fixed an issue where the RTC battery reading exceeded
the maximum threshold value.
PAN-103023
Fixed an intermittent issue where a job
type (content) caused a firewall configuration failure
and the firewall to stop responding.
PAN-96827
Fixed an issue where BGP command output
formats did not display consistently across different PAN-OS releases.
PAN-92155
Fixed an issue where administrators were
unable to configure an IP address using templates for HA2 (DeviceHigh AvailabilityData Link (HA2)) after setting
the configuration to IP or Ethernet for
Panorama management servers in HA configuration.
PAN-85691
Fixed an issue where Authentication policy
rules that were based on multi-factor authentication (MFA) didn't block
connections to an MFA vendor when the MFA server profile specified
a Certificate Profile that had the wrong certificate authority (CA)
certificate.
