PAN-OS 9.1.2 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 9.1 (EoL)
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
-
- Changes to Default Behavior
- Limitations
-
-
- PAN-OS 9.1.19 Known Issues
- PAN-OS 9.1.18 Known Issues
- PAN-OS 9.1.17 Known Issues
- PAN-OS 9.1.16 Known Issues
- PAN-OS 9.1.15 Known Issues
- PAN-OS 9.1.14 Known Issues
- PAN-OS 9.1.13 Known Issues
- PAN-OS 9.1.12 Known Issues
- PAN-OS 9.1.11 Known Issues
- PAN-OS 9.1.10 Known Issues
- PAN-OS 9.1.9 Known Issues
- PAN-OS 9.1.8 Known Issues
- PAN-OS 9.1.7 Known Issues
- PAN-OS 9.1.6 Known Issues
- PAN-OS 9.1.5 Known Issues
- PAN-OS 9.1.4 Known Issues
- PAN-OS 9.1.3 Known Issues
- PAN-OS 9.1.2 Known Issues
- PAN-OS 9.1.1 Known Issues
-
-
- PAN-OS 9.1.19 Addressed Issues
- PAN-OS 9.1.18 Addressed Issues
- PAN-OS 9.1.17-h1 Addressed Issues
- PAN-OS 9.1.17 Addressed Issues
- PAN-OS 9.1.16-h5 Addressed Issues
- PAN-OS 9.1.16-h4 Addressed Issues
- PAN-OS 9-1-16-h3 Addressed Issues
- PAN-OS 9.1.16 Addressed Issues
- PAN-OS 9.1.15-h1 Addressed Issues
- PAN-OS 9.1.15 Addressed Issues
- PAN-OS 9.1.14-h8 Addressed Issues
- PAN-OS 9.1.14-h7 Addressed Issues
- PAN-OS 9.1.14-h4 Addressed Issues
- PAN-OS 9.1.14-h1 Addressed Issues
- PAN-OS 9.1.14 Addressed Issues
- PAN-OS 9.1.13-h5 Addressed Issues
- PAN-OS 9.1.13-h4 Addressed Issues
- PAN-OS 9.1.13-h3 Addressed Issues
- PAN-OS 9.1.13-h1 Addressed Issues
- PAN-OS 9.1.13 Addressed Issues
- PAN-OS 9.1.12-h7 Addressed Issues
- PAN-OS 9.1.12-h6 Addressed Issues
- PAN-OS 9.1.12-h4 Addressed Issues
- PAN-OS 9.1.12-h3 Addressed Issues
- PAN-OS 9.1.12 Addressed Issues
- PAN-OS 9.1.11-h5 Addressed Issues
- PAN-OS 9.1.11-h4 Addressed Issues
- PAN-OS 9.1.11-h3 Addressed Issues
- PAN-OS 9.1.11-h2 Addressed Issues
- PAN-OS 9.1.11 Addressed Issues
- PAN-OS 9.1.10 Addressed Issues
- PAN-OS 9.1.9 Addressed Issues
- PAN-OS 9.1.8 Addressed Issues
- PAN-OS 9.1.7 Addressed Issues
- PAN-OS 9.1.6 Addressed Issues
- PAN-OS 9.1.5 Addressed Issues
- PAN-OS 9.1.4 Addressed Issues
- PAN-OS 9.1.3-h1 Addressed Issues
- PAN-OS 9.1.3 Addressed Issues
- PAN-OS 9.1.2-h1 Addressed Issues
- PAN-OS 9.1.2 Addressed Issues
- PAN-OS 9.1.1 Addressed Issues
- PAN-OS 9.1.0 Addressed Issues
End-of-Life (EoL)
PAN-OS 9.1.2 Addressed Issues
PAN-OS® 9.1.2 addressed issues.
Issue ID | Description |
---|---|
WF500-5343 | Fixed an issue on WF-500 that caused cloud
queries to fail when the cloud verdict did not match the local verdict. |
PAN-142084 | Fixed an issue where upgrading a Panorama
management server deployed on Amazon Web Services (AWS) using a
C5 or M5 instance type to PAN-OS 9.1.1 caused the Panorama Virtual
Appliance to stop responding. |
PAN-140509 | Fixed an issue where performing private
data resets during custom Amazon Machine Image (AMI) creation removed
CloudWatch directories and caused the CloudWatch plugin to fail. |
PAN-140157 | A fix was made to address a vulnerability
where the password for a configured system proxy server for a PAN-OS
appliance was displayed in cleartext when using the CLI in PAN-OS (CVE-2020-2048). |
PAN-138003 | Fixed an issue where a process (rasmgr)
exited, which caused the firewall to reboot due to a null pointer
dereference error when usr_info was
null. |
PAN-137966 | |
PAN-137709 | Fixed an issue where dynamic DNS (DDNS)
failed due to a Lua script error. |
PAN-137191 | Fixed an issue where the Custom
URL Category default action changed from allow to none after upgrading
to PAN-OS 9.1.0. |
PAN-136724 | Fixed an issue with a process (snmpd)
and booting errors. |
PAN-136698 | Fixed an issue where a process (all_pktproc) stopped
responding and the dataplane restarted when the firewall processed
a malformed GPRS tunneling protocol (GTP) packet. |
PAN-136696 | Fixed an issue where the dataplane restarted
due to excessive logs from the pan_comm process. |
PAN-136608 | Fixed an issue in Panorama where the Security
policy Target displayed the serial number
of the targeted device instead of the hostname. |
PAN-136607 | Fixed an issue with GPRS tunneling protocol
(GTP) event packet capture (pcap) where enabling Packet Capture did
not work. |
PAN-136453 | Fixed an issue where performing a private
data reset using the request system private-data-reset CLI
command caused the unit to boot into maintenance mode. |
PAN-136390 | (PA-7000 Series with 100GB NPC only)
Fixed an issue during firewall bootup where the following error
message: Bootloader upgrade failed, ret 255 appeared
when small form-factor pluggable (SPF) modules were installed. |
PAN-136304 | Fixed an issue where clientless VPN rewrite
failed due to incorrect parsing of the HTML webpage. |
PAN-135909 | Fixed an issue where connections leading
to the web interface were abruptly interrupted due to a double free
condition (gPanUiPhpGlobal_secure_config_reset), which led to unexpected process
restarts and core file generation. |
PAN-135703 | (PA-7000 Series firewalls only)
Fixed an issue where the switch ports connected to Quad Small Form-factor
Pluggable (QSFP+) interfaces were up while Network Processing Cards
(NPCs) were still rebooting. |
PAN-135587 | Fixed an issue where the GlobalProtect gateway
was unable to parse a large list of IP addresses assigned on a local
machine. |
PAN-135570 | Fixed an issue where management access to
a VM-Series firewall deployed in Amazon Web Services (AWS) cloud
was slow due to high disk input/output (I/O) operations caused by
expired Large Scale VPN (LSVPN) certificates. |
PAN-135452 | Fixed an issue where configuration related
to virtual machine (VM) information sources caused a process (userid)
to crash, which led to a firewall reboot. |
PAN-135260 | (PA-7000 Series firewalls running PAN-OS®
8.1.12 only) Fixed an intermittent issue where the dataplane
process (all_pktproc_X) on a Network Processing Card
(NPC) restarted when processing IPSec tunnel traffic. |
PAN-135141 | Fixed an issue where the Log Processing
Card (LPC) did not come up intermittently in a fully loaded PA-7000
Series. |
PAN-135103 | A fix was made to address a format string
vulnerability on PA-7000 Series firewalls with a Log Forwarding
Card (LFC) (CVE-2020-1992). |
PAN-135089 | Fixed an issue where the CPU for a process (ikemgr)
spiked when third-party VPN clients connected to the GlobalProtect
gateway with more than three DNS servers configured. |
PAN-135039 | Fixed an issue in Panorama where a memory
leak occurred during a high availability (HA) sync commit. |
PAN-134981 | Fixed an issue with a memory leak in a process (user-id)
due to failed LDAP over SSL (LDAPS) requests. |
PAN-134810 | Fixed an issue where Resolve in
the web interface did not work for FQDN address objects with more
than 63 characters. |
PAN-134714 | Fixed an issue where Safe Search was not
enabled after an application change. |
PAN-134571 | Fixed an issue where DNS security incorrectly
set bits to zero on compressed DNS packets, which caused DNS malformation. |
PAN-134547 | Fixed an issue where the passive firewall
in an active/passive high availability (HA) configuration deleted
BGP-learned routes synchronized from the active firewall if the
BGP configuration included the redistribution of the learned routes. |
PAN-134546 | Fixed a rare issue on the firewall where
a process (flow_mgmt) restarted due to an invalid packet received
through the GlobalProtect agent or clientless VPN. |
PAN-134488 | Fixed an issue where a process (all_pktproc) crashed
while processing Clientless VPN traffic. |
PAN-134370 | Fixed an issue where a process (mp-relay) restarted
due to missing routes or next hops. |
PAN-134309 | Fixed an issue where a process (devsrvr) restarted
when it hit the limit of the number of custom patterns available in
the allocated memory. |
PAN-134244 | Fixed an issue where connections proxied
by the firewall (such as SSL Decryption, GlobalProtect portal and
gateway connections, and SIP over TCP) failed due to insufficient
buffer allocation. Some connections failed with the following error
message: proxy decrypt failure. |
PAN-134038 | Fixed an issue where custom signatures did
not properly detect the User-Agent header when the Origin header
was also present. |
PAN-133915 | Fixed an issue on Panorama where configuring
a BGP import rule from the CLI failed with the following error message: Server error : permission denied for the command set. |
PAN-133912 | Fixed an issue where querying traffic logs
based on address objects and address groups did not work. |
PAN-133883 | Fixed an issue where a race condition caused
"pan_task" and "pan_com" to exit unexpectedly. |
PAN-133880 | Fixed an issue where RADIUS authentication
failed due to an FQDN resolution failure after the VM-Series firewall
rebooted. |
PAN-133731 | Fixed an issue on the Panorama Virtual Appliance
where the show interface all CLI command
did not list any output. |
PAN-133614 | Fixed an issue on the Panorama Virtual Appliance
where SNMP Object IDs (OIDs) were missing for interfaces other than
the Management interface. |
PAN-133609 | Fixed an issue where the Authentication
Portal did not work due to a large number of HTTP requests with
unsupported Authorization headers. |
PAN-133582 | Fixed an issue in the firewalls where some
Dynamic Address Groups pushed from Panorama were missing member
IP addresses. |
PAN-133527 | A fix was made to address a NULL pointer
dereference vulnerability in PAN-OS (CVE-2020-1995). |
PAN-133491 | Fixed an issue where Internet Protocol (IP)
to user mappings were not synced from the HUB virtual system (vsys)
to the non-hub vsys. |
PAN-133448 | |
PAN-133440 | Fixed an issue where fragmented traffic
caused high dataplane use and firewall performance issues. |
PAN-133411 | Fixed an issue where after making configuration
changes and selecting Preview Changes, a
500 Internal Server Error message displayed due to a memory leak. |
PAN-133378 | Fixed an issue in Panorama where a process (configd)
restarted while doing a commit using a RADIUS super admin role. |
PAN-133289 | Fixed an issue where improper parsing of
the URL database caused high device-server CPU usage. |
PAN-133288 | Fixed an issue where the API key limit in
the *HTTP server profile was 128 characters. |
PAN-133211 | Fixed an issue where the policy order was
not maintained when moved to a different device group. |
PAN-133179 | Fixed a rare issue where the show ntp CLI
command showed the status as rejected even when the NTP was synced
with at least one NTP server. |
PAN-133042 | (PA-5200 and PA-7000 Series firewalls
only) Fixed an issue where firewalls dropped certain GPRS tunneling
protocol (GTP) traffic even when gtp nodrop was enabled. |
PAN-132995 | (PA-7000 Series and PA-3200 Series firewalls
only) Fixed an issue where when jumbo frames were enabled,
the maximum transmission unit (MTU) size limit was lower than expected. |
PAN-132766 | Fixed an issue in Panorama where custom
region objects were not visible in the GlobalProtect Portal External Gateway drop-down. |
PAN-132715 | Fixed an issue where a child dynamic address
group was not added as a member of the parent group. |
PAN-132697 | Fixed an issue where the GlobalProtect portal
did not generate certificate signing requests (CSRs) due to failed
Simple Certificate Enrollment Protocol (SCEP) authentication cookie
validation. |
PAN-132658 | Fixed an issue where a nullification method
for steam control transmission protocol (SCTP) data chunks did not
work. |
PAN-131993 | Fixed an issue where a process (reportd)
would crash while running a log query. |
PAN-131501 | Fixed an issue when configuring Clientless
VPN and executing the portal-getconfig CLI
command where user groups were retrieved but were not freed, which
caused a memory leak on a process (sslvpn). |
PAN-131491 | Fixed an issue where the ACC risk
meter displayed as zero for long time periods with a large amount
of logs. |
PAN-130776 | Fixed an issue on Panorama where Applications
and Threats content update deployment failed due to the content
version date check. |
PAN-130573 | Fixed an issue where the software pool for
Regex results was depleted and caused connection failures. |
PAN-130447 | Fixed an issue where the firewall dropped
offloaded traffic every time there was an explicit commit (Commit on the
firewall locally or Commit All Changes in Panorama)
or an implicit commit (such as an Antivirus update, Dynamic Update,
or WildFire® update) on the firewall. |
PAN-129281 | Fixed an issue where a process (useridd) restarted
due to a buffer overflow when the time-to-live (TTL) and Idle
Timeout values were set to Never,
a timing issue between user group context and a process (sysd)
callback, and a group mapping issue when multiple group mappings
fetched the same groups with different override domains. |
PAN-128879 | Fixed an issue where the PAN-OS XML API
inject was not working for IP address to user mappings or for the
import of software, content, and plugins. |
PAN-128398 | Fixed an issue where performing a factory
reset or enabling FIPS mode would cause the VM-Series plugin to
revert to the default VM-Series plugin 1.0.0. |
PAN-127438 | Fixed an issue where GlobalProtect portal
configuration selection based on certificate template OID failed. |
PAN-127260 | Fixed an issue where the /opt/pancfg partition
became full due to a large amount of botnet reports that were not
automatically deleted. |
PAN-125534 | (PA-5200 Series and PA-7000 Series firewalls
only) Fixed an issue where firewalls experienced high packet
descriptor (on-chip) usage during uploads to the WildFire Cloud
or WF-500 appliance. |
PAN-125501 | Fixed an issue where URL information in
a URL Custom Report was blank when the report contained
flexible size fields (such as URL Category List). |
PAN-124658 | Fixed an issue where the timer system call
activated more frequently than expected, which caused higher than
expected CPU usage. |
PAN-123637 | (PA-3200 Series firewalls only)
Fixed an issue where configuring 1G small form-factor pluggable
(SFP) ports on the firewall in forced speed mode (of 1G) rendered
the link unusable when the peer device also had forced speed mode
(of 1G) enabled. |
PAN-122004 | (PA-5200 Series firewalls only)
Fixed an issue where the Quad Small Form-factor Pluggable (QSFP)
28 ports 21 and 22 did not respond when plugged in with a Finisar
100G AOC cable. |
PAN-121626 | (PA-3200 Series firewalls only)
Fixed an intermittent issue where firewalls dropped packets, which
caused issues such as traffic latency, slow file transfers, reduced
throughput, internal path monitoring failures, and application failures. |
PAN-119452 | An enhancement was made to improve subsequent
loading times of device groups after the first load. |
PAN-117043 | Fixed an issue where using special characters
in the tag names of the Security policy rules returned the following
error message when committing or pushing a configuration: group-tag is invalid. |
PAN-116480 | Fixed an issue in Panorama where the show system search-engine-quota CLI
command, the show log-collector serial-number <log-collector_SN> CLI
command, and Statistics (Panorama
> Managed Collectors > Statistics) showed incorrect
log retention data. |
PAN-116002 | Fixed an issue where an incorrect optimization
could cause IP address-to-user mapping to not update within 60 seconds. |
PAN-114966 | Fixed an issue where trunk interfaces were
not working on Hyper-V. |
PAN-114533 | Fixed an issue where traffic was blocked
by safe search enforcement before matching the intended allow rule. |
PAN-110960 | Fixed an issue on Panorama M-Series and
virtual appliances where commits failed when you configured an address
group object in the Include List (Network > Zone > <zone-name>
> Include List). |
PAN-110441 | (PA-5200 Series firewall only)
Fixed an intermittent issue where the internal path monitoring failed,
which caused the firewall to unexpectedly restart. |
PAN-107207 | Fixed an issue where the VPN tunnel operational
status incorrectly displays "up" even though the VPN tunnel is down. |
PAN-98933 | Fixed an issue on an M-Series appliances
in a high availability (HA) active/passive configuration where the
schedules (Device > Dynamic Updates) were unresponsive after
a failover or restart of Panorama. |
PAN-88136 | Fixed a rare issue where a URL update caused
the dataplane to restart. |