A fix was made to address a remote code
execution vulnerability in Elasticsearch included with Panorama
management servers known as Log4Shell (CVE-2021-44228).
PAN-183767
Fixed an issue where downloading Dynamic
Updates files failed when connected to the static update server
at us-static.updates.paloaltonetworks.com.
PAN-179581
Fixed an issue on firewalls in high availability
(HA) configurations where a process (brdagent) stopped
responding on a suspended active peer, which caused the suspended
firewall to continue sending traffic.
PAN-174055
Fixed an issue where SNMP readings reported
as 0 for dataplane interface packet statistics for Amazon Web Services
(AWS) m5n.4xlarge instance types. This issue occurred because the
physical port counters read from MAC addresses were reported as
0.
PAN-173978
Fixed an issue where the Elasticsearch process
continuously restarted if zero-length files were present.
PAN-172783
Fixed an issue on an HA active/passive configuration
where old (GPRS tunneling protocol) GTP-U tunnel sessions did not
sync to the passive firewall during some upgrades, such as upgrading
from a PAN-OS 8.1 release version to a 9.0 release version or upgrading
from a 9.0 release version to a 9.1 release version.
PAN-172490
Fixed an issue on firewalls in HA configuration
where HA-2 links continuously flapped on HSCI interfaces after upgrading
to PAN-OS 8.1.19.
PAN-172243
Fixed an issue where NetFlow traffic triggered
a packet buffer leak.
PAN-171203
Fixed an issue in an HA configuration where,
when one firewall was active and its peer was in a suspended state,
the suspended firewall continued to send traffic, which triggered
the detection of duplicate MAC addresses.
PAN-170825
Fixed an issue where, when a partial Preview Change job
failed, a process (configd) stopped responding.
PAN-170595
Fixed an issue with Content and Threat Detection
where traffic patterns created a bus error, which caused the all_pktproc process
to stop responding and the dataplane to restart.
PAN-166299
(PA-3000 Series firewalls only)
Fixed an issue where Server Message Block (SMB) sessions failed
due to resource unavailability.
PAN-166180
Fixed an issue where SNMPV3 traps were not
processed by the snmptrap receiver
after a firewall reboot.
PAN-161496
Fixed an issue when calculating the incremental
checksum after a post-NAT translation where the arguments to pan_in_cksm32_diff overflowed
the 32-bit integer.
PAN-160708
Fixed an issue where the dataplane restarted
after configuring a deny_all policy.
PAN-160238
Fixed an issue where intermittent VXLAN
packet drops occurred if the TCI was not configured for inspecting
VXLAN traffic. This issue occurred when traffic was migrated from
a firewall running a PAN-OS version earlier than PAN-OS 9.0 to a
firewall running PAN-OS 9.0 or later.
PAN-158280
Fixed an issue where SMB session were discarded
with the following error message: ctd out of resource.
PAN-157730
Fixed an issue where, after a firewall reboot,
a commit or auto-commit operation failed with the following error
message: ID population failed. This
issue occurred because the Phase1 ID assignment failure did not
trigger an idmgr reset.
PAN-157725
Fixed an issue on firewalls where URL category
responses were not processed by the dataplane in a timely fashion,
which adversely affected web-browsing traffic.
PAN-157632
Fixed an intermittent issue where the firewall
dropped GTP-U traffic with the message TEID=0x00000000.
PAN-154526
Fixed an issue where a process (genindex.sh) caused
high memory usage on the management plane. Due to the resulting
out-of-memory (OOM) condition, multiple processes stopped responding.
PAN-154433
Fixed an issue where the firewall was unable
to detect end-user IP address spoofing on the GTP-U for a user data
session when using an IPv6 address.
PAN-150097
Fixed an issue where hourly URL summary
log generation failed.
PAN-147256
(Firewalls in HA configurations only)
Fixed an issue where connections to the SafeNet hardware security
module (HSM) were lost after upgrading to a new major PAN-OS release.
PAN-141454
Fixed an issue where the output of the CLI
command show running resource-monitor ingress-backlogs displayed
an incorrect total utilization value.
PAN-128634
A debug command was added to provide more
verbose output when troubleshooting packet processing on the firewall.
PAN-113093
Fixed an intermittent issue where, when
the DNS Security cloud was not reachable, DNS responses had bad
UDP checksums.