PAN-OS 8.1.0 Addressed Issues
Focus
Focus

PAN-OS 8.1.0 Addressed Issues

Table of Contents
End-of-Life (EoL)

PAN-OS 8.1.0 Addressed Issues

PAN-OS® 8.1.0 addressed issues
Issue ID
Description
PAN-92893
Fixed an issue that occurred during the reboot process and caused some firewalls to go in to maintenance mode.
PAN-92268
(
PA-7000 Series, PA-5200 Series, and PA-3200 Series firewalls only
) Fixed an issue where one or more dataplanes did not pass traffic when you ran several operational commands (from any firewall user interface or from the Panorama™ management server) while committing changes to device or network settings or while installing a content update.
PAN-91774
Fixed an issue on Panorama virtual appliances for AWS in a high availability (HA) configuration where the primary peer did not synchronize template changes to the secondary peer.
PAN-91429
Fixed an issue where PA-5200 Series firewalls rebooted when you ran the
set ssh service-restart mgmt
CLI command multiple times.
PAN-91361
Fixed an issue where client connections initiated with HTTP/2 failed during SSL Inbound Inspection decryption because the firewall removed the Application-Layer Protocol Negotiation (ALPN) extension within the server hello packet instead of forwarding the extension to the client.
PAN-91236
Fixed an issue where the Panorama management server did not display new logs collected on M-Series Log Collectors because the logging search engine did not register during system startup when logging disk checks and RAID mounting took longer than two hours to complete.
PAN-90954
A security-related fix was made to prevent a local privilege escalation vulnerability that could potentially result in the deletion of files (CVE-2018-9242).
PAN-90842
Fixed an issue where commits failed after you changed the default
Size Limit
to a custom value for MacOSX files that the firewall forwarded to WildFire® (
Device
Setup
WildFire
).
PAN-90835
A security-related fix was made to prevent a Cross-Site Scripting (XSS) attack through the PAN-OS® session browser (CVE-2018-7636).
PAN-90521
Fixed an issue on the Panorama management server where Device Group and Template administrators could not display or edit the
Device
Log Settings
in a template.
PAN-90168
Fixed an issue where, after you downgraded a firewall from PAN-OS 8.1 to a previous PAN-OS release and then clicked
Revert Content
on the Panorama management server (
Panorama
Device Deployment
Dynamic Updates
) the Current Version column displayed the content release version of the firewall when it ran PAN-OS 8.1 regardless of the content version currently installed on the firewall.
PAN-89471
Fixed an issue where firewalls rebooted because the userid process restarted too often due to a socket binding failure that caused a memory leak.
PAN-89030
Fixed an issue where the firewall could not authenticate to a hardware security module (HSM) partition when the partition password contained special characters.
PAN-88292
Fixed an issue on Panorama management servers in an HA configuration where the Log Collector that ran locally on the passive peer did not forward logs to syslog servers.
PAN-88200
Fixed an issue where firewalls with multiple virtual systems did not import external dynamic lists that you assigned to policy rules.
PAN-88018
Fixed an issue on Panorama M-Series and virtual appliances where the firewall was not able to override the local device configuration and failed to apply Dynamic Updates with an interval set to
none
.
PAN-86873
Fixed an issue where the firewall advertised the OSPF not-so-stubby area (NSSA) link-state advertisement (LSA) type 7 default route to NSSA neighbors even when the OSPF backbone area was down.
PAN-85410
Fixed two issues on a firewall configured for GlobalProtect™ Clientless VPN:
  • The firewall dataplane restarted when client cookies contained a path that did not start with a forward slash (/).
  • The firewall did not properly reinitialize client cookies that had a missing path and domain and instead used values from previously received cookies.
PAN-84836
A security-related fix was made to address a Cross-Site Scripting (XSS) vulnerability in the PAN-OS response to a GlobalProtect gateway (CVE-2018-10139).
PAN-84045
Fixed an issue where VM-Series firewalls in a high availability (HA) configuration with Data Plane Development Kit (DPDK) enabled experienced HA path monitoring failures and (in active/passive deployments) HA failover.
PAN-83900
Fixed an issue where the Panorama management server did not run
ACC
reports or custom reports because the reportd process stopped responding when an administrator tried to access a device group to which that administrator did not have access.
PAN-82942
Fixed an issue where the firewall rebooted because the User-ID™ process (useridd) restarted several times when endpoints, while requesting services that could not process HTTP 302 responses (such as Microsoft update services), authenticated to Captive Portal through NT LAN Manager (NTLM) and immediately disconnected.
PAN-81417
Fixed an issue on the Panorama management server where, after an administrator selected
Force Template Values
when editing Push Scope selections (
Commit
Push to Devices
), the setting persisted as enabled for that administrator in all subsequent push operations instead of defaulting to disabled. With this fix,
Force Template Values
is disabled by default for every push operation until, and only if, the administrator manually enables the setting.
PAN-80794
A protocol-related fix was made to address a bug in the OSPF protocol.
PAN-80569
Fixed an issue where firewalls could not connect to M-500 or M-600 appliances in PAN-DB mode due to certificate validation failures. With this fix, the appliances add an IP address to the Subject Alternative Name (SAN) field when generating the certificates used for firewall connections.
PAN-80505
Fixed an issue where a firewall was able connect to Panorama using an expired certificate.
PAN-75775
Fixed an issue where SNMP managers indicated syntax errors in PAN-OS MIBs, such as forward slash (/) characters not used within quotation marks (“”). You can find the updated MIBs at https://docs.paloaltonetworks.com/resources/snmp-mib-files.
PAN-73316
Fixed an issue where a GlobalProtect user first logged in with a RADIUS authentication profile, the Domain-UserName appeared as user@domain (instead of domain\user) in the PAN-OS web interface.
PAN-73154
Fixed an issue on the Panorama management server where commit operations stopped progressing after reaching 99 per cent completion.

Recommended For You