PAN-OS 8.1.9 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 8.1 (EoL)
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
-
-
- App-ID Changes in PAN-OS 8.1
- Authentication Changes in PAN-OS 8.1
- Content Inspection Changes in PAN-OS 8.1
- GlobalProtect Changes in PAN-OS 8.1
- User-ID Changes in PAN-OS 8.1
- Panorama Changes in PAN-OS 8.1
- Networking Changes in PAN-OS 8.1
- Virtualization Changes in PAN-OS 8.1
- Appliance Changes in PAN-OS 8.1
- Associated Software and Content Versions
- Limitations
-
- PAN-OS 8.1.26-h1 Addressed Issues
- PAN-OS 8.1.26 Addressed Issues
- PAN-OS 8.1.25-h3 Addressed Issues
- PAN-OS 8.1.25-h2 Addressed Issues
- PAN-OS 8.1.25-h1 Addressed Issues
- PAN-OS 8.1.25 Addressed Issues
- PAN-OS 8.1.24-h2 Addressed Issues
- PAN-OS 8.1.24-h1 Addressed Issues
- PAN-OS 8.1.24 Addressed Issues
- PAN-OS 8.1.23-h1 Addressed Issues
- PAN-OS 8.1.23 Addressed Issues
- PAN-OS 8.1.22 Addressed Issues
- PAN-OS 8.1.21-h3 Addressed Issues
- PAN-OS 8.1.21-h2 Addressed Issues
- PAN-OS 8.1.21-h1 Addressed Issues
- PAN-OS 8.1.21 Addressed Issues
- PAN-OS 8.1.20-h1 Addressed Issues
- PAN-OS 8.1.20 Addressed Issues
- PAN-OS 8.1.19 Addressed Issues
- PAN-OS 8.1.18 Addressed Issues
- PAN-OS 8.1.17 Addressed Issues
- PAN-OS 8.1.16 Addressed Issues
- PAN-OS 8.1.15-h3 Addressed Issues
- PAN-OS 8.1.15 Addressed Issues
- PAN-OS 8.1.14-h2 Addressed Issues
- PAN-OS 8.1.14 Addressed Issues
- PAN-OS 8.1.13 Addressed Issues
- PAN-OS 8.1.12 Addressed Issues
- PAN-OS 8.1.11 Addressed Issues
- PAN-OS 8.1.10 Addressed Issues
- PAN-OS 8.1.9-h4 Addressed Issues
- PAN-OS 8.1.9 Addressed Issues
- PAN-OS 8.1.8-h5 Addressed Issues
- PAN-OS 8.1.8 Addressed Issues
- PAN-OS 8.1.7 Addressed Issues
- PAN-OS 8.1.6-h2 Addressed Issues
- PAN-OS 8.1.6 Addressed Issues
- PAN-OS 8.1.5 Addressed Issues
- PAN-OS 8.1.4-h2 Addressed Issues
- PAN-OS 8.1.4 Addressed Issues
- PAN-OS 8.1.3 Addressed Issues
- PAN-OS 8.1.2 Addressed Issues
- PAN-OS 8.1.1 Addressed Issues
- PAN-OS 8.1.0 Addressed Issues
End-of-Life (EoL)
PAN-OS 8.1.9 Addressed Issues
PAN-OS® 8.1.9 addressed issues
Issue ID | Description |
|---|---|
WF500-4995 | Fixed an issue on Panorama™ M-Series and
WF-500 appliances where administrators were unable to run the debug software disk-usage aggressive-cleaning enable CLI command
and resulted in the following error message: Server error : Failed to execute op command. |
PAN-118949 | Fixed an issue where after you changed the
filter configuration in the user.src notin 'cns\proxy full profile the
firewall displayed the following error message: Unknown user group cns\Proxy Full. |
PAN-118407 | Fixed an issue where an internal path monitoring
failure due to a buffer leak caused the firewall to reboot. |
PAN-117729 | Fixed an issue where the firewall incorrectly
displayed application dependency warnings (PoliciesSecurity) after you initiated
a commit. |
PAN-117149 | Fixed an issue on firewalls configured with
authentication policies where sessions matching an authentication
policy did not generate traffic logs as defined in the security
policy when sessions were redirected or denied. |
PAN-116851 | Fixed an issue where users were unable to
open an app in their browser after they logged in to GlobalProtect™
Clientless VPN until they closed any and all tabs associated with
that app and then opened the app a second time. This issue occurred
only when an administrator configured a Source User for the Clientless
VPN Security policy rule (PoliciesSecurity<GP-VPN-Security-policy-rule>User). |
PAN-116848 | Fixed an issue where multiple device group
administrators simultaneously enabled configuration locks caused
a race condition. |
PAN-116828 | Fixed an issue on Panorama M-Series and
virtual appliances where the management server and a process (configd)
used higher than expected CPU and memory when you added or deleted
a larger than expected number of Security policy rules with an XML API. |
PAN-116613 | Fixed an issue on a VM-Series firewall deployed
in Microsoft Azure where packets dropped silently due to a kernel
error. |
PAN-116579 | Fixed an issue where the firewall sent truncated
URLs to the Captive Portal Redirect message when HTTPS traffic sent
through a proxy server was subjected to decryption. |
PAN-116069 | (PA-200 firewalls only) Fixed an
issue where the report generation default configuration caused an
out-of-memory condition. |
PAN-116022 | Fixed an issue where the NSX Manager passed
a blank string to Panorama, which caused a null entry into the configuration
and commits to fail. |
PAN-115526 | Fixed an issue where a dataplane process (all_pktproc)
stops responding due to a packet buffer protection feature. |
PAN-115494 | Fixed an issue where the "/opt/pancfg/"
partition became full due to a configuration preview operation not
responding. |
PAN-115450 | Fixed a rare issue where a race condition
occurred between daemons during a tunnel re-key, which caused BGP
sessions to drop from Large Scale VPN tunnels. To leverage this
fix, you must run the debug rasmgr delay-nh-update CLI command. |
PAN-115415 | Fixed an issue where a session created from
a predict session went into DISCARD state. |
PAN-115379 | Fixed an issue where you were unable to
create a custom log forwarding profile when you configured a filter
with the "in" and "not in" configurations (ObjectsLog ForwardingAddAddFilterFilter Builder)
and resulted in the following error message: Invalid filter <Log Forwarding profile name> match-list -> <match list profile-name> -> filter is invalid. |
PAN-115339 | Fixed a rare issue where a commit caused
the firewall to stop responding when you enabled flow debug and
configured a NAT policy. |
PAN-114743 | Fixed an issue on Panorama M-Series and
virtual appliances where, after you upgraded the firewall to PAN-OS®
8.1, commits failed when Panorama is configured to manage shared
gateway objects for managed firewalls. |
PAN-114607 | Fixed an issue where all the log collectors
did not get queued when you configured more than 32 collector groups. |
PAN-114548 | Fixed an issue where the firewall discarded
external dynamic lists after the list was downloaded and a server
authentication attempt failure occurred. |
PAN-114437 | Fixed an issue on Panorama M-Series and
virtual appliances where, after you upgraded the firewall from PAN-OS
8.0.8 to PAN-OS 8.1.4, commits took longer than expected when you
configured the Device Group with large group hierarchies. |
PAN-114434 | Fixed an issue where the firewall created
incorrect predict sessions, which caused flow sessions to fail for
applications. |
PAN-113971 | (PA-7000 Series firewalls only)
Fixed an issue where the High Speed Chasis Interconnect (HSCI) link
flapped after you rebooted the firewall. |
PAN-113795 | Fixed an issue on a firewall configured
with GlobalProtect Clientless VPN where a process (all_pkts)
stopped responding, which caused the dataplane to restart. |
PAN-113775 | Fixed an issue where the firewall dropped UpdatePDPContext response
packets and displayed the following GTP log event: 122113. |
PAN-113631 | A security-related fix was made to address
a use-after-free (UAF) vulnerability in the Linux kernel (PAN-SA-2019-0017 / CVE-2019-8912). |
PAN-113619 | Fixed an issue where the GlobalProtect gateway
did not assign an IP address when the local IP address was a supernet
of the GlobalProtect pool. |
PAN-113614 | Fixed an issue with a memory leak on Panorama
appliances associated with commits that eventually caused an unexpected
restart of the configuration (configd) process. |
PAN-113340 | (PA-200 firewalls only) Fixed an
issue where the management plane (MP) memory was lower than expected,
which caused the MP to restart. |
PAN-113189 | A security-related fix was made to correct
log file string-conversion errors that caused parsing issues, which
caused the User-ID (useridd) process to stop running. |
PAN-113046 | (PA-5200 Series firewalls only)
Fixed an issue where a process (brdagent) stopped responding,
which caused the management plane to stop responding. |
PAN-112674 | Fixed an issue where an escape ( \ ) character
was added to HTTP logs when a log contained a comma. |
PAN-112577 | Fixed an issue on a VM-Series firewall in
a high availability (HA) active/passive configuration where the
HA1 port flapped and caused a split-brain condition. |
PAN-112446 | Fixed an issue where a predefined report
(blocked credential post) generated
reports using the incorrect query builder (flags has credential-builder),
which caused the report to incorrectly display logs for alerts. |
PAN-112319 | Fixed an issue where a race condition caused
a process (mgmtsrvr) to restart with an error message: Connecting to management server failed. |
PAN-112274 | Fixed an issue on Panorama M-Series and
virtual appliances where a process (configd) stopped
responding when a role-based user with privacy settings disabled,
viewed a scheduled report that required data anonymization. |
PAN-112167 | Fixed an issue where IPv4 BGP routes were
missing from the routing table and FIB after a failover event. |
PAN-111976 | Fixed an issue where you were unable to
generate user activity reports when the username included the colon
( : ), ampersand ( & ), and single parenthesis ( ' ) characters. |
PAN-111930 | (PA-3200 Series firewall only)
Fixed an issue on a firewall in an HA active/active configuration
where packets looped due to a higher than expected CPU rate. |
PAN-111708 | (PA-3200 Series firewalls only)
Fixed a rare software issue that caused the dataplane to restart
unexpectedly. To leverage this fix, you must run the debug dataplane set pow no-desched yes CLI
command (increases CPU utilization). |
PAN-111553 | Fixed an issue on the Panorama management
server where the Include Device and Network Templates setting
(CommitPush to DevicesEdit Selections or CommitCommit and PushEdit Selections) was disabled
by default and caused your push attempts to fail. With this fix,
your push will Include Device and Network Templates by default. |
PAN-111540 | Fixed an issue on PA-5200 Series firewalls
where the dataplane stopped responding when the session table was
full. |
PAN-111468 | Fixed an issue where you were unable to
save host information profile (HIP) reports due to a folder permission
error. |
PAN-111308 | Fixed an issue in Panorama where you were
able to push and commit the log forwarding configuration to firewalls
that did not support it. |
PAN-111286 | Fixed an issue where you were unable to
generate a custom report (MonitorManage Custom Report<device-name>Report Setting). |
PAN-111084 | Fixed an issue where an out-of-memory condition
caused all IPSec tunnels (which includes IKEv1, IKEv2, and NAT-T)
to stop responding. |
PAN-110962 | Fixed an issue where a process (all_pktproc) stopped
responding when SSH decryption was enabled, which caused the dataplane
to restart. |
PAN-110638 | Fixed an issue where you were unable to
establish a GlobalProtect connection on IPv6 and displayed the following
error message: Packet too big due to the firewall MTU value set lower than normalon
the neighboring firewall. |
PAN-110548 | Fixed an intermittent issue where heartbeats
failed on the management plane (MP), which caused the dataplane
to stop responding and displayed the following error message: Dataplane is down: controlplane exit failure. |
PAN-110168 | Fixed an issue where the firewall and Panorama
web interface did not present HSTS headers to your web browser. |
PAN-109926 | Fixed an issue where the firewall dropped
HTTPS connections to GlobalProtect and did not send an HTTPS redirect,
which caused the web browser to timeout. |
PAN-109853 | Fixed an issue where a log collector settings
preference list without an IPv4 address defined, configured an unknown
entry and caused connections between log collectors to intermittently
bounce. |
PAN-109746 | Fixed an issue on Panorama M-Series and
virtual appliances where the Device Group Syslog server profile
template allowed a space between the IP address and URL, which caused
pushes to firewalls to fail. |
PAN-109701 | Fixed an issue on Panorama M-Series and
virtual appliances where the Task Manager web interface did not
sort the list of firewalls by name. |
PAN-109672 | Fixed an issue on a VM-Series firewall in
an HA active/passive configuration where the passive firewall received
buffered packets while in an idle state when the data plane development
kit (DPDK) was enabled. |
PAN-109663 | Fixed an intermittent issue where the firewall
dropped packets when the policy rule was set to allow during a commit
or high availability (HA) sync. |
PAN-109551 | Fixed an issue where group-based policy
match stopped responding after a process (useridd)
restarted. |
PAN-109186 | Fixed an issue where the dataplane stopped
responding and caused a failover event. |
PAN-109024 | Fixed an issue where, after you upgrade
the firewall from PAN-OS 8.0 to PAN-OS 8.1, firewalls configured
with the User-ID™ agent and group mapping incorrectly mapped users
to groups. |
PAN-107677 | Fixed an issue on GlobalProtect where Security
Assertion Markup Language (SAML) authentication failed when you
used a macOS operating system. |
PAN-107143 | Fixed an issue on Panorama M-Series and
virtual appliances where a partial commit to the running configuration
was successful but did not get applied to the configuration when
you added a new address object to an existing address group. |
PAN-107117 | Fixed an issue where device administrators
were unable to manually upload signature files (DeviceDynamic Updates)
and the firewall displayed the following error message: You need superuser privileges to do that. |
PAN-106914 | Fixed an issue on a firewall in a high availability
(HA) active/passive configuration where HA1 and HA2 links stopped
passing packets, which caused a split-brain condition after an automatic
configuration sync. |
PAN-106543 | Fixed an issue on a firewall in an HA active/active
configuration where the show vpn ipsec-sa CLI
command incorrectly returned an error message: Server error: An error occurred. See dagger.log for information.
when you ran the command on the active secondary firewall. |
PAN-106141 | Fixed an issue where a firewall was unable
to establish an SSH session to a private cloud if you used the M-500
appliance interface configuration ethernet1/1 port. |
PAN-106019 | Fixed an issue where a process (routed)
stopped responding when an incomplete command ran in the XML API. |
PAN-105737 | (PAN-OS 8.1.7 & 8.1.8 only)
Fixed an issue where AUX ports remained in Down state after you
upgraded to PAN-OS 8.1.7. |
PAN-104909 | Fixed an issue where the firewall incorrectly
forwarded traffic when you configured the ingress interface with
a QoS policy and the egress interface as a tunnel. |
PAN-104515 | Fixed an issue where the Panorama web interface
took longer than expected to update the Managed Collectors (PanoramaManaged Collectors)
status. |
PAN-104144 | Fixed an intermittent issue where the management
plane (MP) CPU on Panorama and the manged firewall experience higher
than expected usage due to the redistribution of User-ID™ and when
more than one user was mapped to a single IP address. |
PAN-103847 | Fixed a memory buffer allocation issue that
caused the Session Initiation Protocol (SIP) traffic NAT to stop
responding. |
PAN-103656 | Fixed an issue on Panorama M-Series and
virtual appliances where you were unable to export threat pcaps
generated from Prisma™ Access and the firewall displayed the following
error message: File not found. |
PAN-101598 | (Japanese language only) Fixed
an issue where the Interface Mgmt (NetworkNetwork ProfilesInterface Mgmt) and Management Interface
Settings (DeviceSetupInterfacesManagement) web interfaces
incorrectly displayed Telnet as Temperature. |
PAN-101215 | Fixed an issue where you were unable to
connect to a syslog server over SSL due to a certificate validation
error. |
PAN-100773 | (PA-7000 Series firewalls only)
Fixed an issue where the Quad Small Form-factor Pluggable (QSFP)
port on a 20GQ NPC card unexpectedly entered low power mode and
did not link up. |
PAN-99958 | Fixed an issue where the dataplane did not
receive enough keep-alive packets as expected, which caused the
Syslog server connection to age-out. |
PAN-99134 | Fixed an issue where temporary files generated
during preview changes did not get cleared, which caused disk space
issues. |
PAN-99016 | A security-related fix was made to address
the LazyFP state restore vulnerability (PAN-SA-2019-0017 / CVE-2018-3665). |
PAN-96827 | Fixed an issue where BGP command output
formats did not display consistently across different PAN-OS releases. |
PAN-96790 | Fixed an issue where the FTP data connection
was incorrectly matched to the predict session for IPv6 addresses. |
PAN-96707 | (PA-5200 Series firewalls only)
Fixed an intermittent issue where CRC errors caused traffic issues. |
PAN-96371 | Fixed an issue where you were unable to
connect to GlobalProtect when a certificate did not have a common
name. |
PAN-95534 | Fixed an issue where the firewall could
not send syslogs to the syslog server. |
PAN-95072 | Fixed a log forwarding filter issue where
the firewall incorrectly sent logs for policies that were not configured
with log forwarding to the syslog server. |
PAN-94279 | Fixed an issue where a commit with an authentication
sequence configured was pushed from Panorama to a firewall and caused
the firewall's management server to stop responding. |
PAN-94059 | Fixed an issue where the firewall did not
send a complete certificate chain when you configure the Windows
User-ID Agent as a Syslog Listener. |
PAN-91442 | Fixed an issue where an external dynamic
list with an invalid IPv6 address range caused commits to fail. |
PAN-89820 | Fixed an intermittent issue where the Data
Filtering (MonitorData Filtering)
and Threat Log (MonitorThreat)
did not display file names when you transferred multiple files into
a single session. |
PAN-88987 | Fixed an issue on the PA-5220 firewall with
Dynamic IP and Port (DIPP) NAT where the number of translated IP
addresses could not exceed 3,000 or it caused commits to fail. |
PAN-88487 | Fixed an issue where the firewall stopped
enforcing policy after you manually refreshed an External Dynamic
List (EDL) that had an invalid IP address or that resided on an
unreachable web server. |