PAN-OS 9.0.2 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
End-of-Life (EoL)
PAN-OS 9.0.2 Addressed Issues
PAN-OS® 9.0.2 addressed issues.
Issue ID | Description |
|---|---|
WF500-5023 | Fixed an issue on WF-500 appliances where
the cluster service took longer than expected to start due to a large
number of queued sample data. |
WF500-5022 | Fixed an issue where a non-functioning CLI
command was removed from WF-500 appliances. |
WF500-4974 | Fixed an issue on a WF-500 appliance where
the static analysis results displayed in the PDF report but did not
display in the WildFire® analysis summary of the web interface. |
WF500-4844 | Fixed an issue on WildFire appliance clusters
where the passive-controller responded with the incorrect Common
Name (CN) in the certificate, which caused the registration to fail. |
WF500-4838 | Fixed an intermittent issue on a WF-500
appliance where WildFire reports took longer than expected to generate,
which caused the task to automatically timeout. |
WF500-4784 | Fixed an issue on a WF-500 appliance where
during a reboot, the following error message displayed: FATAL: module nbd not found. |
WF500-4743 | Fixed an intermittent issue on a WF-500
appliance where the CLI command debug wildfire reset global-database fix became unresponsive. |
PAN-118065 | (M-Series Panorama™ management servers
in Management Only mode) When you delete the local Log Collector (PanoramaManaged Collectors),
it disables the 1/1 ethernet interface in the Panorama configuration
as expected but the interface still displays as Up when you execute
the show interface all command in the CLI
after you commit. Workaround:Disable the 1/1 ethernet interface
before you delete the local log collector and then commit the configuration
change. |
PAN-116919 | (Microsoft Azure only) Fixed an
issue where the firewall dropped packets passing through IPSec tunnels
if you enabled jumbo frames (DeviceSetupSessionSession Settings). |
PAN-116658 | Fixed a rare issue where the firewall sent
HTTP/2 DATA frames with incorrect padding byte lengths, which caused
software buffer corruption and a process (all_pktproc)
to stop responding. |
PAN-116316 | Fixed an issue where RTP and RTCP predict
sessions failed, which caused the firewall to stop processing RTSP-based
video streaming. |
PAN-116084 | Fixed an issue where a VM-Series firewall
on Microsoft Azure deployed using MMAP dropped traffic when the
firewall was experiencing heavy traffic. |
PAN-115592 | Fixed an issue where the firewall rebooted
due to a plugin memory leak. |
PAN-115591 | Fixed an issue where the snmpd process was
leaking memory when polling for global counters. |
PAN-114984 | Fixed OpenSSL vulnerability CVE-2019-1559,
see PAN-SA-2019-0039 for details. |
PAN-114893 | Fixed an issue where a context switch from
Panorama to a firewall did not respond as expected when a web browser
was used. |
PAN-114804 | Fixed an issue where a configuration change
resets to "default" when you conducted a search in the Categories (ObjectsURL FilteringCategories) web interface. |
PAN-114601 | Fixed an issue where the Allow List (DeviceSetupAuthentication
Setting<authentication profile - name>Authentication) did not update
after you added new users to a group in the Active Directory. |
PAN-114255 | Fixed an issue where Bidirectional Forwarding Detection
(BFD) went down temporarily during a commit or EDL refresh if you
configured a large value for the BFD Hold Time. |
PAN-114003 | Fixed an issue on a Panorama management
server running PAN-OS 9.0 where a context switch to firewalls did not
respond. |
PAN-113829 | Fixed an issue where, after you upgraded
the firewall to PAN-OS® 9.0, a firewall configured from "none" to "allow"
in the custom URL category reverted to "none" after a commit. |
PAN-113692 | Fixed an intermittent issue on a firewall
in a high availability (HA) active/passive configuration where five minutes
after a failover test IP routes disappeared, which caused traffic
interruptions. |
PAN-113608 | Fixed an issue on a firewall with packet
capture (pcap) enabled where the log receiver stopped responding when
larger than expected packets were received. |
PAN-113414 | Fixed an issue where the User-ID™ (useridd)
process stopped responding. |
PAN-112815 | Fixed an issue on a firewall in an HA active/passive configuration
where a process (useridd) did not respond to the alternate
user attribute (DeviceUser IdentificationGroup Mapping Settings<group mapping-name>User and Group Attributes) on
the passive firewall during a restart. |
PAN-112814 | Fixed an issue where H.323-based calls lost
audio because the predicted H.245 session was not converted to Active
status, which caused the firewall to drop the H.245 traffic. |
PAN-112729 | Fixed an issue on Panorama M-Series and
virtual appliances where Decrypted Sessions Info (PanoramaManaged DevicesHealthAll Devices<device-name>Sessions)
did not display as expected for VM-Series firewalls. |
PAN-112699 | (VM-Series firewall on AWS running on
a C5 or M5 instance only) Fixed an issue where you were unable
use the mgmt-interface-swap command to swap the interfaces for
deploying a VM-Series firewall behind a web load balancer (such
as AWS ALB or Classic ELB). |
PAN-112626 | Fixed an issue where a new DNS Security subscription
was not available on your VM-Series firewall after you upgraded
to a PAN-OS 9.0® release with a PAYG Bundle 2 license. |
PAN-112445 | Fixed an issue on a firewall in an HA active/passive configuration
where a race condition caused the firewall to stop responding after
an HA1 link flap. |
PAN-112340 | Fixed an issue with performance, including
high CPU usage, that occurred when you enabled URL Filtering without
enabling Threat Prevention in an environment that processes a large
number (thousands) of URL look-ups per second per dataplane. |
PAN-112194 | Fixed an issue where packet buffers did
not release GlobalProtect™ clientless VPN packets, which caused
the firewall to stop responding. |
PAN-111679 | Fixed an issue where URL filtering profiles
were being incorrectly applied to security policies during a commit. |
PAN-111553 | Fixed an issue on the Panorama management
server where the Include Device and Network Templates setting (CommitPush to DevicesEdit Selections or CommitCommit and PushEdit Selections) was disabled
by default and caused your push attempts to fail. With this fix, your
push will Include Device and Network Templates by
default. |
PAN-111540 | Fixed an issue on PA-5200 Series firewalls
where the dataplane stopped responding when the session table was full. |
PAN-111251 | Fixed an issue where administrators were
unable to use the CLI to enable or disable DNS Rewrite under a Destination
NAT policy rule (they were able to execute the command but the firewall
did not implement the change). |
PAN-110390 | Fixed an issue on PA-7000 Series firewalls
where invalid filters caused the device management server to stop responding
when you generated a database (DB) report from a remote firewall. |
PAN-110273 | Fixed an issue where you were unable to
establish OSPF neighborship when an OSPF routing protocol was configured
with MD5 authentication and one of the firewalls was restarted. |
PAN-109672 | Fixed an issue on a VM-Series firewall in
an HA active/passive configuration where the passive firewall received
buffered packets while in an idle state when the data plane development
kit (DPDK) is enabled. |
PAN-109344 | Fixed an issue where service objects did
not import into Panorama when you configured them identically but with
different names. |
PAN-108374 | Fixed an issue on GlobalProtect where you
were unable to authenticate when the domain name included the ampersand
( "&" ) character. |
PAN-106518 | Fixed an issue on Panorama M-Series and
virtual appliances where predefined DHCP options did not accept template
variables when you configured a DHCP server for a template. |
PAN-101341 | Fixed an issue where administrators configured
with Device Group and Template Admin type
were unable to perform a global search and returned the following
message: Unauthorized request. |