PAN-OS 10.1.12 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 10.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
-
- PAN-OS 10.1.14 Known Issues
- PAN-OS 10.1.14-h11 Addressed Issues
- PAN-OS 10.1.14-h10 Addressed Issues
- PAN-OS 10.1.14-h9 Addressed Issues
- PAN-OS 10.1.14-h8 Addressed Issues
- PAN-OS 10.1.14-h6 Addressed Issues
- PAN-OS 10.1.14-h4 Addressed Issues
- PAN-OS 10.1.14-h2 Addressed Issues
- PAN-OS 10.1.14 Addressed Issues
PAN-OS 10.1.12 Addressed Issues
PAN-OS 10.1.12 addressed issues.
|
Issue ID
|
Description
|
|---|---|
|
PAN-239241
|
Extended the root certificate for WildFire appliances to December 31,
2032.
|
|
PAN-238610
|
Fixed an issue with the Panorama Virtual Appliance where, after the
mgmtsrvr restarted on the passive appliance, stale
IP address tags were pushed to the connected firewalls with the
message clear all registered ip
addresses.
|
|
PAN-237454
|
Fixed an issue where Panorama stopped redistributing IP
address-to-username mappings when packet loss occurred between the
distributor and the client.
|
|
PAN-236605
|
Fixed an issue where the configd process stopped
responding due to a deadlock related to rule-hit-count.
|
|
PAN-236261
|
Fixed an issue where a proxy server was used for External Dynamic
List communication even when the dataplane interface was configured
through service routes.
|
|
PAN-235741
|
Fixed an issue where DNS resolution failed for Panorama and firewall
plugins if the DNS Server IP was obtained through DHCP.
|
|
PAN-235737
|
Fixed an issue where the brdagent process stopped
responding due to a sudden increase in logging to the bcm.log.
|
|
PAN-235385
|
Enhanced wifclient cloud connectivity redundancy.
|
|
PAN-233957
|
(PA-5450 firewalls only) Fixed an issue where the NAT
private pool was not used properly when enabling slot 6 DPC.
|
|
PAN-233390
|
Fixed an issue where TLSv13 Client Authentication was not incorrectly
presented with an decryption failure log.
|
|
PAN-232800
|
Fixed an issue where critical disk usage for
/opt/pancfg increased continuously
and the system logs displayed the following message:
Disk usage for /opt/pancfg exceeds limit, <value> percent in
use.
|
|
PAN-232358
|
(PA-5450 firewalls only) Fixed an issue where the interface
on QSFP28 ports did not go down when the Tx cable was removed from
the QSFP28 module.
|
|
PAN-231459
|
(PA-5450 firewalls only) Fixed an issue where a large number
of invalid source MAC addresses were shown in drop-stage packet
captures.
|
|
PAN-231291
|
Fixed an issue where SD-WAN Adaptive SaaS path monitor went down
after an upgrade.
|
|
PAN-230813
|
Fixed an issue where flex memory leak caused decryption failure and
commit failure with the error message Error preparing
global objects failed to handle
CONFIG_UPDATE_START.
|
|
PAN-230656
|
(Firewalls in HA configurations only) Fixed an issue where a
split brain condition occurred on both firewalls after booting up
any firewall, and an HA switchover occurred after booting up a
firewall with a higher HA priority even when no preemptive option
was enabled on the firewall.
|
|
PAN-230362
|
Fixed an issue where the firewall truncated the payload of a TCP Out
of Order segment with a FIN flag.
|
|
PAN-229691
|
Fixed an issue on Panorama where configuration lock timeout errors
were observed during normal operational commands by increasing
thread stack size on Panorama.
|
|
PAN-229606
|
Fixed an issue where the brdagent process stopped
responding after an upgrade due to initialization failure.
|
|
PAN-229398
|
Fixed an issue where the Management Processor Card (MPC) stopped
responding.
|
|
PAN-229315
|
Fixed an issue where Octets in NetFlow records were always reported
to be 0 despite having a non-zero packet count.
|
|
PAN-229307
|
Fixed an issue where half closed SSL decryption sessions stayed
active, which caused software packet buffer depletion.
|
|
PAN-229080
|
Fixed an issue where the new management IP address on the interface
did not take effect.
|
|
PAN-228442
|
Fixed an issue on firewalls in active/passive HA configurations where
sessions did not fail over from the active firewall to the passive
firewall when upgrading PAN-OS.
|
|
PAN-228386
|
Fixed an issue with session caching where the reportd
process stopped responding due to null values.
|
|
PAN-228043
|
Fixed an issue on firewalls on active/active HA configurations where
packets dropped during commit operations when forwarding traffic via
an HA3 link when an aggregate ethernet interface or data interface
was used as an HA3 link.
|
|
PAN-227804
|
Fixed an issue where memory corruption caused the comm
process to stop responding.
|
|
PAN-227774
|
Fixed an issue where commits failed with the error message
Management server failed to send phase 1 to client
logrcvr.
|
|
PAN-227645
|
Fixed an issue where GlobalProtect authentication override cookies
were not generated on GlobalProtect portal firewalls with
configuration selection criteria enabled.
|
|
PAN-227522
|
Fixed an issue where shared application
filters that had application object overrides were overwritten by
predefined applications.
|
|
PAN-227435
|
Fixed an issue where the logrcvr process stopped
responding and caused the autocommit process to fail or remain at
0%.
|
|
PAN-227179
|
Fixed an issue where routes were not updated in the forwarding
table.
|
|
PAN-227058
|
Fixed an issue where traffic did not match Security policy rules with
the destination as FQDN and instead hit the default deny rule.
|
|
PAN-226935
|
Fixed an issue where autocommits failed due to duplicate application
name entries.
|
|
PAN-226860
|
Fixed an issue where macOS XAuth clients disconnected prematurely
from the GlobalProtect gateway during a Phase 2 rekey event.
|
|
PAN-225698
|
Fixed an issue on Panorama where a failover occurred and Panorama
went into a nonfunctional state due to high root disk usage.
|
|
PAN-225394
|
Fixed an issue on the firewall where SNMP incorrectly reported high
packet descriptor usage.
|
|
PAN-225110
|
Fixed an issue with firewalls in HA configurations where HA
configuration syncs did not complete or logging data was missing
until firewall process were manually restarted or the firewalls were
rebooted.
|
|
PAN-225094
|
Fixed an issue where performing a commit operation failed and the
following error message was displayed: failed to
handle CUSTOM_UPDATE.
|
|
PAN-225013
|
(PA-5450 firewalls only) Fixed an issue where the firewall
rebooted unexpectedly when a Network Card was on Slot 2 instead of a
DPC.
|
|
PAN-224955
|
Fixed an issue where the devsrvr process stopped
responding when Zone Protection had more than 255 profiles.
|
|
PAN-224656
|
Fixed an issue where the devsrvr process caused delays
when dynamic address groups with large entry lists were being
processed during a commit, which caused commits to take longer than
expected.
|
|
PAN-224500
|
Fixed an issue where IPv6 addresses in XFF were displayed in traffic
logs.
|
|
PAN-224405
|
Fixed an issue where the distributord process repeatedly
stopped responding.
|
|
PAN-224354
|
Fixed an issue where a memory leak related to the
distributord process occurred when connections
flapped for IP address-to-username mapping redistribution.
|
|
PAN-224036
|
(PA-5450 firewalls only) Fixed an issue where a firewall
with QoS configured was not able to send packets out of its
interfaces after a reboot.
|
|
PAN-223914
|
Fixed an issue on Panorama where the reportd process
unexpectedly stopped responding.
|
|
PAN-223855
|
Fixed an issue where the show running ippool
CLI command output displayed incorrect used and available NAT IP
address pools on DIPP NAT policies in multi-dataplane firewalls.
|
|
PAN-223488
|
Fixed an issue where closed ElasticSearch shards were not deleted,
which resulted in shard purging not working as expected.
|
|
PAN-223271
|
Fixed an issue where the file transfer of large zipped and compressed
files had the App-ID unknown-tcp.
|
|
PAN-223270
|
Fixed an issue with Virtual Wire links on firewalls in active/active
HA configurations where the forwarding path was not preserved in
HTTP/2 cleartext traffic with asymmetric routing.
|
|
PAN-223094
|
Fixed an issue where fragmented TCP traffic was dropped due to an IP
address ID conflict over the SD-WAN tunnel.
|
|
PAN-222418
|
Fixed an issue where the firewall intermittently recorded a
reconnection message to the authentication server as an error, even
if no disconnection occurred.
|
|
PAN-222162
|
Fixed an issue where the show transceiver
<interface> CLI command showed the RX and TX
powers as 0.00 mW.
|
|
PAN-221973
|
Fixed an issue where the same user connected to multiple SSL VPN
connections and one of the sessions stopped working.
|
|
PAN-221938
|
Fixed an issue with network packet broker sessions where the broker
session and master session timeouts were out of sync, which caused
traffic drops if the broker session timed out when the master
session was still active.
|
|
PAN-221896
|
Fixed an issue where decryption failed with the error message
decrypt-error when processing
consecutive packets with TLSv1.3.
|
|
PAN-221708
|
Fixed an issue where temporary files remained under
/opt/pancfg/tmp/sw-images/ even
after manually uploading the content or AV file to the firewall.
|
|
PAN-221316
|
Fixed an issue where the useridd process memory
consumption increased significantly which caused the process to stop
responding and the device to restart.
|
|
PAN-221015
|
(M-600 Appliances only) Fixed an issue where ElasticSearch
processes did not restart when the appliance was rebooted, which
caused the Managed Collector ES health status to be downgraded.
|
|
PAN-220640
|
(PA-220 firewalls only) Fixed an issue where the firewall
CPU percentage was miscalculated, and the values that were displayed
were incorrect.
|
|
PAN-220619
|
Fixed an issue where the correct device filter did not apply when
filtering Targets and
Target/Tags (Device Group >
Policies).
|
|
PAN-219768
|
Fixed an issue where you were unable to filter Data Filtering logs
with Thread ID/NAME for custom data patterns
created over Panorama.
|
|
PAN-219644
|
Fixed an issue where firewalls that forwarded logs to a syslog server
over TLS (Objects > Log Forwarding) used the
default Palo Alto Networks certificate instead of the configured
custom certificate.
|
|
PAN-219585
|
Fixed an issue where enabling syslog-ng
debugs from the root caused 100% disk utilization.
|
|
PAN-219415
|
Fixed an issue where BGP routes were installed in the routing table
even when the option to install routes was disabled in the
configuration.
|
|
PAN-219351
|
Fixed an issue where the all_pktproc
process stopped responding during L7 processing.
|
|
PAN-219260
|
(M-Series appliances only) Fixed an issue where the
management interface flapped due to low memory reserved for kernel
space.
|
|
PAN-218659
| Fixed an issue where Security zones under Interfaces displayed as none for dynamic group and template admin users in a read-only admin role. |
|
PAN-218620
|
Fixed an issue where scheduled configuration exports and SCP server
connection testing failed.
|
|
PAN-218611
|
Fixed an issue where the device telemetry region was not updated on
the firewall when pushed from the Panorama template stack.
|
|
PAN-218340
|
Fixed an issue where selective pushes to template stack and multi
device group pushes caused a buildup of resident memory, which
caused the configd process to stop responding.
|
|
PAN-218331
|
Fixed an issue where you were unable to export or download packet
captures from the firewall when context switching from Panorama.
|
|
PAN-218267
|
Fixed an issue where a commit and push operation from Panorama to
managed firewalls did not complete or took longer to complete than
expected.
|
|
PAN-218238
|
Fixed an issue where you were unable to create a file exception
(Monitor > Threat Log > Detailed Log view > Create
Exception), and the following error message was
displayed: no antivirus profile corresponding to
threat log.
|
|
PAN-218119
|
Fixed an issue where the firewall transmitted packets with an
incorrect source MAC address during commit operations.
|
|
PAN-217831
|
Fixed an issue memory leak issue related to the logd
process that occurred due to a sysd object not being released.
|
|
PAN-217510
|
Fixed an issue where inbound DHCP packets received by a DHCP client
interface that were not addressed to itself were silently dropped
instead of forwarded.
|
|
PAN-217295
|
Fixed an issue where the dataplane restarted while under heavy
utilization due to an out-of-memory (OOM) condition.
|
|
PAN-217293
| Fixed a rare issue where URLs were not accessible when the header length was greater than 16,000 over HTTP/2. |
|
PAN-217289
|
Fixed an intermittent issue where HTTP/2 traffic caused buffer
depletion.
|
|
PAN-217272
|
Fixed an issue where the DNS proxy log included an excessive number
of the follwing error message: Warning:
pan_dnsproxy_log_resolve_fail: Failed to resolve domain name **
AAAA after trying all attempts to name
servers
|
|
PAN-217155
| Fixed an issue where syncs between Panorama and the Cloud Identity Engine (CIE) caused intermittent slowness when using the web interface due to a large number of groups in the CIE directory. |
|
PAN-217123
|
Fixed an issue where, when log queries in the
yyyy/mm/dd format displayed extra digits
for the day and an error was not generated.
|
|
PAN-217064
|
Fixed an issue where commits took longer than expected when the DLP
plugin was configured.
|
|
PAN-216647
|
Fixed an issue where the sysd node was updated at incorrect
times.
|
|
PAN-216230
|
Fixed an issue where the shard count reached up to 10% over the limit
rather than staying under the limit.
|
|
PAN-216101
|
Fixed an issue where a memory leak related to a process and LLDP
packet processing caused an OOM condition on the firewall.
|
|
PAN-215778
|
Fixed an issue where API Get requests for
/config timed out due to insufficient
buffer size.
|
|
PAN-215670
|
Fixed an issue where local reports and scheduled reports displayed
different data.
|
|
PAN-215583
|
Fixed an issue on firewalls in HA configurations where the primary
firewall went into a non-functional state due to a timeout in the
pan_comm logs during the policy
based forwarding (PBF) parse, which caused an HA failover.
|
|
PAN-214942
|
Fixed an issue where SD-WAN UDP traffic failed over to a non-member
path after a flap of an SD-WAN virtual interface.
|
|
PAN-214068
|
Fixed an issue on Panorama where the web interface stopped responding
when creating zones for shared gateways, and when the page was
refreshed, the zone was not created.
|
|
PAN-213746
|
Fixed an issue on Panorama where the Hostkey displayed as
undefined if a SSH Service Profile
Hostkey configured in a Template from the Template Stack was
overridden.
|
|
PAN-213491
| Fixed an issue where the management CPU was high, which caused the web interface to be slower than expected. |
|
PAN-212932
|
Fixed an issue where the firewall went into a restart loop with the
following error message: failed to get mgt settings
candidate: configured traffic quota of 0 MB is less than the
minimum 32 MB.
|
|
PAN-212580
|
(PA-7050 firewalls only) Fixed an issue where disk space
filled up due to files under
/opt/var/s8/lp/log/pan/ not being
properly deleted.
|
|
PAN-211945
|
Fixed an issue where URL Filtering system logs showed the error
message CURL ERROR: bind failed with errno 124:
Address family not supported by protocol even
though the PAN-DB cloud was connected.
|
|
PAN-211827
|
Fixed an issue where dynamic updates failed with the following error
message: CONFIG_UPDATE_INC: Incremental update to DP
failed please try to commit force the latest
config.
|
|
PAN-211821
|
Fixed an issue on firewalls in HA configurations where committing
changes after disabling the QoS feature on multiple Aggregate
Ethernet (AE) caused the dataplane to go down.
|
|
PAN-211384
|
Fixed an issue where the size of the
redisthost_1 in the Redis database
continuously increased, which caused an OOM condition.
|
|
PAN-211255
|
Fixed an issue third-party VPNC IPSec clients were disconnected after
a few seconds for firewalls in active/active HA configurations.
|
|
PAN-210429
|
(VM-Series firewalls only) Fixed an issue where the HTTP
service failed to come up on DHCP dataplane interfaces after
rebooting the firewall, which resulted in health-check failure on
HTTP/80 with a 503 error code on the public load balancer.
|
|
PAN-208085
| Fixed an issue where the BFD peers were deleted during a commit from Panorama. This occurred because the pan_comm thread became deadlocked due to the same sysd object was handled during the commit. |
|
PAN-207003
|
Fixed an issue where the logrcvr process netflow buffer
was not reset which resulted in duplicate netflow records.
|
|
PAN-206325
|
Fixed an issue where a renamed object was still referenced with the
previous name in a Security policy rule, which caused commit
failures when using edit API to create the
rule.
|
|
PAN-206278
|
Fixed an issue where a critical system log was generated when the
boot drive for PA-7000 Series firewall Switch Management Cards
(SMCs) failed.
|
|
PAN-204808
|
(PA-400 Series, PA-1400 Series, PA-3400 Series, and PA-5400
Series firewalls only) Fixed an issue where executing the
CLI command show running resource-monitor
ingress-backlogs displayed the error message
Server error : Dataplane is not up or invalid
target-dp(*.dp*).
|
|
PAN-204788
| Fixed an issue where the configd process stopped responding when performing a Push to Devices operation when multiple device groups were selected. |
|
PAN-203791
|
(PA-3400 and PA-5400 Series firewalls only) Fixed an issue
where the log type correlation was not configurable and displayed as
$.Format.Correlation (Device >
Server Profile > syslog ><Profile-name> > Customer log format
> log type).
|
|
PAN-201269
|
Fixed an issue where commits failed with the error message
IPv6 addresses are not allowed because
IPv6-firewalling is disabled when Security policy
rules had an address group with more than 1000 FQDN address
objects.
|
|
PAN-198190
|
(VM-Series firewalls only) Fixed an issue where the MTU on
the management interface could not be configured to a value greater
than 1500.
|
|
PAN-196956
|
Fixed an issue where URL filtering logs did not display matching
entries when filtered by device name.
|
|
PAN-194968
|
Fixed an issue on the web interface where Antivirus updates were not
able to be downloaded and installed unless Apps and Threads updates
were downloaded and installed first, and the Antivirus content list
displayed as blank. The resulting error message from the update
server was also not reflected in the web interface.
|
|
PAN-193004
|
Fixed an issue where /opt/pancfg
partition utilization reached 100%, which caused access to the
Panorama web interface to fail.
|
|
PAN-191632
|
Fixed an issue where console sessions were not cleared after the set
idle timeout value.
|
|
PAN-183297
|
Fixed an issue where, when the firewall received a large amount of
user information, the firewall was unable to output IP
address-to-username mapping information via XML API.
|
|
PAN-175642
|
Fixed an issue where system logs to alert for support license expiry
were not generated.
|
|
PAN-173604
|
Fixed an issue where executing the CLI command debug
management-server log-forwarding-stats caused the
logrcvr process to stop responding.
|
|
PAN-158034
|
Fixed an issue where traffic logs displayed incorrect policy matches
for HTTP/2 stream connections during a commit.
|