PAN-OS 9.1.16 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 9.1 (EoL)
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
-
- Changes to Default Behavior
- Limitations
-
-
- PAN-OS 9.1.19 Known Issues
- PAN-OS 9.1.18 Known Issues
- PAN-OS 9.1.17 Known Issues
- PAN-OS 9.1.16 Known Issues
- PAN-OS 9.1.15 Known Issues
- PAN-OS 9.1.14 Known Issues
- PAN-OS 9.1.13 Known Issues
- PAN-OS 9.1.12 Known Issues
- PAN-OS 9.1.11 Known Issues
- PAN-OS 9.1.10 Known Issues
- PAN-OS 9.1.9 Known Issues
- PAN-OS 9.1.8 Known Issues
- PAN-OS 9.1.7 Known Issues
- PAN-OS 9.1.6 Known Issues
- PAN-OS 9.1.5 Known Issues
- PAN-OS 9.1.4 Known Issues
- PAN-OS 9.1.3 Known Issues
- PAN-OS 9.1.2 Known Issues
- PAN-OS 9.1.1 Known Issues
-
-
- PAN-OS 9.1.19 Addressed Issues
- PAN-OS 9.1.18 Addressed Issues
- PAN-OS 9.1.17-h1 Addressed Issues
- PAN-OS 9.1.17 Addressed Issues
- PAN-OS 9.1.16-h5 Addressed Issues
- PAN-OS 9.1.16-h4 Addressed Issues
- PAN-OS 9-1-16-h3 Addressed Issues
- PAN-OS 9.1.16 Addressed Issues
- PAN-OS 9.1.15-h1 Addressed Issues
- PAN-OS 9.1.15 Addressed Issues
- PAN-OS 9.1.14-h8 Addressed Issues
- PAN-OS 9.1.14-h7 Addressed Issues
- PAN-OS 9.1.14-h4 Addressed Issues
- PAN-OS 9.1.14-h1 Addressed Issues
- PAN-OS 9.1.14 Addressed Issues
- PAN-OS 9.1.13-h5 Addressed Issues
- PAN-OS 9.1.13-h4 Addressed Issues
- PAN-OS 9.1.13-h3 Addressed Issues
- PAN-OS 9.1.13-h1 Addressed Issues
- PAN-OS 9.1.13 Addressed Issues
- PAN-OS 9.1.12-h7 Addressed Issues
- PAN-OS 9.1.12-h6 Addressed Issues
- PAN-OS 9.1.12-h4 Addressed Issues
- PAN-OS 9.1.12-h3 Addressed Issues
- PAN-OS 9.1.12 Addressed Issues
- PAN-OS 9.1.11-h5 Addressed Issues
- PAN-OS 9.1.11-h4 Addressed Issues
- PAN-OS 9.1.11-h3 Addressed Issues
- PAN-OS 9.1.11-h2 Addressed Issues
- PAN-OS 9.1.11 Addressed Issues
- PAN-OS 9.1.10 Addressed Issues
- PAN-OS 9.1.9 Addressed Issues
- PAN-OS 9.1.8 Addressed Issues
- PAN-OS 9.1.7 Addressed Issues
- PAN-OS 9.1.6 Addressed Issues
- PAN-OS 9.1.5 Addressed Issues
- PAN-OS 9.1.4 Addressed Issues
- PAN-OS 9.1.3-h1 Addressed Issues
- PAN-OS 9.1.3 Addressed Issues
- PAN-OS 9.1.2-h1 Addressed Issues
- PAN-OS 9.1.2 Addressed Issues
- PAN-OS 9.1.1 Addressed Issues
- PAN-OS 9.1.0 Addressed Issues
End-of-Life (EoL)
PAN-OS 9.1.16 Addressed Issues
PAN-OS® 9.1.16 addressed issues.
Issue ID | Description |
---|---|
PAN-235168
|
Fixed an issue where disk space became full even after clearing old
logs and content images.
|
PAN-216656 | Fixed an issue where the firewall was unable to fully process the user list from a child group when the child group contained more than 1,500 users.
|
PAN-215911 | Fixed an issue that resulted in a race condition, which caused the configd process to stop responding.
|
PAN-215488 | Fixed an issue where an expired Trusted Root CA was used to sign the forward proxy leaf certificate during SSL Decryption.
|
PAN-211997 | Fixed an issue where large OSPF control packets were fragmented, which caused the neighborship to fail.
|
PAN-211602 | Fixed an issue where, when viewing a WildFire Analysis Report via the web interface, the detailed log view was not accessible if the browser window was resized.
|
PAN-209696 | Fixed an issue where link-local address communication for IPv6, BFD, and OSPFv3 neighbors was dropped when IP address spoofing check was enabled in a Zone Protection profile.
|
PAN-207740 | Fixed an issue that resulted in a race condition, which caused the configd process to stop responding.
|
PAN-205453 | Fixed an issue where running reports or queries under a user group caused the reportd process to stop responding.
|
PAN-203563 | Fixed an issue with Content and Threat Detection allocation storage space where performing a commit failed with a CUSTOM_UPDATE_BLOCK error message.
|
PAN-203402 | Fixed an intermittent issue where forward session installs were delayed, which resulted in latencies.
|
PAN-203147 | (Firewalls in FIPS-CC mode only) Fixed an issue where the firewall unexpectedly rebooted when downloading a new PAN-OS software image.
|
PAN-201910 | PAN-OS security profiles might consume a large amount of memory depending on the profile configuration and quantity. In some cases, this might reduce the number of supported security profiles below the stated maximum for a given platform.
|
PAN-201639 | Fixed an issue with Saas Application Usage reports where Applications with Risky Characteristics displayed only two applications per section.
|
PAN-199612 | Fixed a sync issue with firewalls in active/active HA configurations.
|
PAN-198871 | Fixed an issue when both URL and Advanced URL licenses were installed, the expiry date was not correctly checked.
|
PAN-198693 | Fixed an issue where decrypted SSH sessions were interrupted with a decryption error.
|
PAN-198038 | A CLI command was added to address an issue where long-lived sessions were aging out even when there was ongoing traffic.
|
PAN-197919 | Fixed an issue where, when path monitoring for a static route was configured with a new Ping Interval value, the value was not used as intended.
|
PAN-197847 | Fixed an issue where disabling the enc-algo-aes-128-gcm cipher did not work when using an SSL/TLS profile.
|
PAN-197729 | Fixed an issue where repeated configuration pushes from Panorama resulted in a management server memory leak.
|
PAN-197576 | Fixed an issue where commits pushed from Panorama caused a memory leak related to the mgmtsrvr process.
|
PAN-197219 | Fixed an issue where the following error message was not sent from multi-factor authentication
PingID and did not display in the browser: Your
company has enhanced its VPN authentication with PingID. Please
install the PingID app for iOS or Android, and use pairing
key:<key>. To connect, type
"ok".
|
PAN-195790 | Fixed an issue where syslog traffic that was sent from the management interface to the syslog server even when a destination IP address service route was configured.
|
PAN-195583 | Fixed an issue where, after renaming an object, configuration pushes from Panorama failed with the commit error object name is not an allowed keyword.
|
PAN-194175 | Fixed an issue on Panorama where a commit push to managed firewalls failed when objects were added as source address exclusions in a Security policy and Share Unused Address and Service Objects with Devices was unchecked.
|
PAN-193808 | Fixed a memory leak issue in the mgmtsrvr process that resulted in an OOM condition.
|
PAN-193763 | Fixed an issue on the firewall where the dataplane CPU spiked, which caused traffic to be affected during commits or content updates.
|
PAN-192681 | Fixed an issue where HIP database storage on the firewall reached full capacity due to the firewall not purging older HIP reports.
|
PAN-190950 | Fixed an issue where creating or modifying a GlobalProtect portal configuration failed in FIPS mode with the following error message: clientless-vpn enc-algo-rc4 unexpected here.
|
PAN-189518 | Fixed an issue where incoming DNS packets with looped compression pointers caused the dnsproxyd process to stop responding.
|
PAN-189379 | Fixed an issue where FQDN based Security policy rules did not match correctly.
|
PAN-187829 | Fixed an issue where the web_backend and httpd processes leaked descriptors, which caused activities that depended on the processes, such as logging in to the web interface, to fail.
|
PAN-187761 | Fixed an issue where, during HA failover, the newly passive firewall continued to pass traffic after the active firewall had already taken over.
|
PAN-184537 | Fixed an issue where GlobalProtect requested for passwords that contained non ASCII characters (ö) to be reentered when refreshing the connection.
|
PAN-183319 | Fixed an issue on Panorama where commits remained at 99% due to multiple firewalls sending out CSR singing requests every 10 minutes.
|
PAN-183297
|
Fixed an issue where, when the firewall received a large amount of
user information, the firewall was unable to output IP-address to
username mapping information via XML API.
|
PAN-183126 | Fixed an issue on Panorama where you were able to attempt to push a number of active schedules to the firewall that was greater than the firewall's maximum capacity.
|
PAN-182845 | Fixed an issue that caused devices to be removed from Panorama when one device was added by one user, but a Commit and Push operation was completed by a second user before the first user completed a Commit of the added device change.
|
PAN-181839 | Fixed an issue where Panorama Global Search reported No Matches found while still returning results for matching entries on large configurations.
|
PAN-181759 | (Firewalls in active/active HA configurations only) Fixed an issue where firewall configuration files were not synced.
|
PAN-181295 | Fixed an issue where clicking on a rule in the App Dependency tab after a commit or commit all did not display the rule correctly.
|
PAN-179624 | Fixed an issue where setting the password complexity to Require Password Change on First Login caused the user to be prompted with certificate authentication.
|
PAN-177942 | Fixed an issue where, when grouping HA peers, access domains that were configured using multi-vsys firewalls deselected devices or virtual systems that were in other configured access domains.
|
PAN-177054 | Fixed an issue where, when you disabled a NAT rule, the Destination Translation value none displayed in blue and was still able to be modified to a different value.
|
PAN-175176 | Fixed an issue in which CBC ciphers for TLS traffic to port 28443 on Panorama were enabled.
|
PAN-174680 | Fixed an issue where, when adding new configurations, Panorama didn't display a list of suggested template variables when typing in a relevant field.
|
PAN-173179 | Fixed an issue where the rem_addr field in Terminal Access Controller Access-Control System (TACACS+) authentication displayed the management or service route IP address of the firewall instead of the source IP address of the user.
|
PAN-161958 | Fixed an issue where the FQDN refresh timer was pushed from Panorama appliances on PAN-OS 9.0 and later releases to firewalls running a PAN-OS 8.1 release.
|
PAN-158511 | Fixed an issue where configurations loaded and committed to Panorama changed external dynamic list references on Security policy rules to NONE when Antivirus Protection was not installed.
|
PAN-143930 | Fixed an issue where a process (routed) restarted due to the number of BGP peers exceeding the supported configuration.
|
PAN-78762 | Fixed an issue where you were unable to reset a VPN tunnel via the firewall web interface (Network > IPSec Tunnels > Tunnel Info > Restart).
|