PAN-OS 9.0.15 Addressed Issues
Focus
Focus

PAN-OS 9.0.15 Addressed Issues

Table of Contents
End-of-Life (EoL)

PAN-OS 9.0.15 Addressed Issues

PAN-OS® 9.0.15 addressed issues.
Issue ID
Description
PAN-184592
A fix was made to address a remote code execution vulnerability in Elasticsearch included with Panorama management servers known as Log4Shell (CVE-2021-44228).
PAN-183767
Fixed an issue where downloading Dynamic Updates files failed when connected to the static update server at us-static.updates.paloaltonetworks.com.
PAN-179581
Fixed an issue on firewalls in high availability (HA) configurations where a process (brdagent) stopped responding on a suspended active peer, which caused the suspended firewall to continue sending traffic.
PAN-174055
Fixed an issue where SNMP readings reported as 0 for dataplane interface packet statistics for Amazon Web Services (AWS) m5n.4xlarge instance types. This issue occurred because the physical port counters read from MAC addresses were reported as 0.
PAN-173978
Fixed an issue where the Elasticsearch process continuously restarted if zero-length files were present.
PAN-172783
Fixed an issue on an HA active/passive configuration where old (GPRS tunneling protocol) GTP-U tunnel sessions did not sync to the passive firewall during some upgrades, such as upgrading from a PAN-OS 8.1 release version to a 9.0 release version or upgrading from a 9.0 release version to a 9.1 release version.
PAN-172490
Fixed an issue on firewalls in HA configuration where HA-2 links continuously flapped on HSCI interfaces after upgrading to PAN-OS 8.1.19.
PAN-172243
Fixed an issue where NetFlow traffic triggered a packet buffer leak.
PAN-171203
Fixed an issue in an HA configuration where, when one firewall was active and its peer was in a suspended state, the suspended firewall continued to send traffic, which triggered the detection of duplicate MAC addresses.
PAN-170825
Fixed an issue where, when a partial Preview Change job failed, a process (configd) stopped responding.
PAN-170595
Fixed an issue with Content and Threat Detection where traffic patterns created a bus error, which caused the all_pktproc process to stop responding and the dataplane to restart.
PAN-166299
(PA-3000 Series firewalls only) Fixed an issue where Server Message Block (SMB) sessions failed due to resource unavailability.
PAN-166180
Fixed an issue where SNMPV3 traps were not processed by the snmptrap receiver after a firewall reboot.
PAN-161496
Fixed an issue when calculating the incremental checksum after a post-NAT translation where the arguments to pan_in_cksm32_diff overflowed the 32-bit integer.
PAN-160708
Fixed an issue where the dataplane restarted after configuring a deny_all policy.
PAN-160238
Fixed an issue where intermittent VXLAN packet drops occurred if the TCI was not configured for inspecting VXLAN traffic. This issue occurred when traffic was migrated from a firewall running a PAN-OS version earlier than PAN-OS 9.0 to a firewall running PAN-OS 9.0 or later.
PAN-158280
Fixed an issue where SMB session were discarded with the following error message: ctd out of resource.
PAN-157730
Fixed an issue where, after a firewall reboot, a commit or auto-commit operation failed with the following error message: ID population failed. This issue occurred because the Phase1 ID assignment failure did not trigger an idmgr reset.
PAN-157725
Fixed an issue on firewalls where URL category responses were not processed by the dataplane in a timely fashion, which adversely affected web-browsing traffic.
PAN-157632
Fixed an intermittent issue where the firewall dropped GTP-U traffic with the message TEID=0x00000000.
PAN-154526
Fixed an issue where a process (genindex.sh) caused high memory usage on the management plane. Due to the resulting out-of-memory (OOM) condition, multiple processes stopped responding.
PAN-154433
Fixed an issue where the firewall was unable to detect end-user IP address spoofing on the GTP-U for a user data session when using an IPv6 address.
PAN-150097
Fixed an issue where hourly URL summary log generation failed.
PAN-147256
(Firewalls in HA configurations only) Fixed an issue where connections to the SafeNet hardware security module (HSM) were lost after upgrading to a new major PAN-OS release.
PAN-141454
Fixed an issue where the output of the CLI command show running resource-monitor ingress-backlogs displayed an incorrect total utilization value.
PAN-128634
A debug command was added to provide more verbose output when troubleshooting packet processing on the firewall.
PAN-113093
Fixed an intermittent issue where, when the DNS Security cloud was not reachable, DNS responses had bad UDP checksums.