PAN-OS 9.1.5 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 9.1 (EoL)
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
-
- Changes to Default Behavior
- Limitations
-
-
- PAN-OS 9.1.19 Known Issues
- PAN-OS 9.1.18 Known Issues
- PAN-OS 9.1.17 Known Issues
- PAN-OS 9.1.16 Known Issues
- PAN-OS 9.1.15 Known Issues
- PAN-OS 9.1.14 Known Issues
- PAN-OS 9.1.13 Known Issues
- PAN-OS 9.1.12 Known Issues
- PAN-OS 9.1.11 Known Issues
- PAN-OS 9.1.10 Known Issues
- PAN-OS 9.1.9 Known Issues
- PAN-OS 9.1.8 Known Issues
- PAN-OS 9.1.7 Known Issues
- PAN-OS 9.1.6 Known Issues
- PAN-OS 9.1.5 Known Issues
- PAN-OS 9.1.4 Known Issues
- PAN-OS 9.1.3 Known Issues
- PAN-OS 9.1.2 Known Issues
- PAN-OS 9.1.1 Known Issues
-
-
- PAN-OS 9.1.19 Addressed Issues
- PAN-OS 9.1.18 Addressed Issues
- PAN-OS 9.1.17-h1 Addressed Issues
- PAN-OS 9.1.17 Addressed Issues
- PAN-OS 9.1.16-h5 Addressed Issues
- PAN-OS 9.1.16-h4 Addressed Issues
- PAN-OS 9-1-16-h3 Addressed Issues
- PAN-OS 9.1.16 Addressed Issues
- PAN-OS 9.1.15-h1 Addressed Issues
- PAN-OS 9.1.15 Addressed Issues
- PAN-OS 9.1.14-h8 Addressed Issues
- PAN-OS 9.1.14-h7 Addressed Issues
- PAN-OS 9.1.14-h4 Addressed Issues
- PAN-OS 9.1.14-h1 Addressed Issues
- PAN-OS 9.1.14 Addressed Issues
- PAN-OS 9.1.13-h5 Addressed Issues
- PAN-OS 9.1.13-h4 Addressed Issues
- PAN-OS 9.1.13-h3 Addressed Issues
- PAN-OS 9.1.13-h1 Addressed Issues
- PAN-OS 9.1.13 Addressed Issues
- PAN-OS 9.1.12-h7 Addressed Issues
- PAN-OS 9.1.12-h6 Addressed Issues
- PAN-OS 9.1.12-h4 Addressed Issues
- PAN-OS 9.1.12-h3 Addressed Issues
- PAN-OS 9.1.12 Addressed Issues
- PAN-OS 9.1.11-h5 Addressed Issues
- PAN-OS 9.1.11-h4 Addressed Issues
- PAN-OS 9.1.11-h3 Addressed Issues
- PAN-OS 9.1.11-h2 Addressed Issues
- PAN-OS 9.1.11 Addressed Issues
- PAN-OS 9.1.10 Addressed Issues
- PAN-OS 9.1.9 Addressed Issues
- PAN-OS 9.1.8 Addressed Issues
- PAN-OS 9.1.7 Addressed Issues
- PAN-OS 9.1.6 Addressed Issues
- PAN-OS 9.1.5 Addressed Issues
- PAN-OS 9.1.4 Addressed Issues
- PAN-OS 9.1.3-h1 Addressed Issues
- PAN-OS 9.1.3 Addressed Issues
- PAN-OS 9.1.2-h1 Addressed Issues
- PAN-OS 9.1.2 Addressed Issues
- PAN-OS 9.1.1 Addressed Issues
- PAN-OS 9.1.0 Addressed Issues
End-of-Life (EoL)
PAN-OS 9.1.5 Addressed Issues
PAN-OS® 9.1.5 addressed issues.
Issue ID | Description |
---|---|
PAN-154092 | Added an enhancement that provides an option
to increase Data Plane Development Kit (DPDK) ring size and DPDK
queue number for VM-Series firewalls deployed on ESXi. |
PAN-152699 | Fixed an issue where the firewall added
a redundant 0\r\n packet while processing Clientless
VPN traffic. |
PAN-152285 | Fixed an issue where certain GPRS tunneling
protocol (GTP-U) sessions that could not complete installation still
occupied the flow table, which led to higher session table usage. |
PAN-151203 | Fixed an issue where the firewall dropped
certain GTPv1 Update PDP Context packets. |
PAN-151164 | Fixed an issue where logs weren't able to
be migrated from PA-5200 Series firewalls manually via the CLI. |
PAN-151057 | Fixed an issue where upgrading the capacity
license on a virtual machine (VM) high availability (HA) pair resulted
in both firewalls going into a non-functional state instead of only
the higher capacity license firewall. |
PAN-150750 | (PA-5200 and PA-7000 Series firewalls
only) Fixed an intermittent issue where the firewall dropped
packets when two or more GTP packets on the same GTP tunnel were
very close to each other. |
PAN-150748 | Fixed an issue where the firewall silently
dropped GTPv2-C Delete Session Response packets. |
PAN-150746 | Fixed an issue where the firewall dropped
GTP packets with Delete Bearer messages for EBI 6 if they were received
within two seconds of receiving the Delete Bearer messages for EBI
5. |
PAN-150243 | Fixed an issue where after a successful
commit, the candidate configuration was not updated to running configuration
when initiated by an API-privileges-only custom role based administrator. |
PAN-149839 | (PA-7000 Series firewalls only)
Added CLI commands to enable/disable resource-control groups and
CLI commands to set an upper memory limit of 8G on a process (mgmtsrvr).
To enable resource-control groups, use debug software resource-control enable and
to disable them, use debug software resource-control disable.
To set the memory limit, use debug management-server limit-memory enable,
and to remove the limit, use debug management-server limit-memory disable.
For the memory limit change to take effect, the firewall must be
rebooted. |
PAN-149813 | Fixed an issue where the reply to an XML
API call from Panorama was in a different format after upgrading
to PAN-OS 8.1.14-h1 and later releases, which caused automated systems
to fail the API call. |
PAN-149770 | Fixed an issue with debug file handling
that led to a process (mgmtsrvr) restart. |
PAN-149480 | Fixed an issue where, if Panorama was connected
to log collectors running an earlier release, a custom report query
from Panorama, which includes new fields not supported in prior
releases, triggered a restart on a process (reportd). |
PAN-149426 | Fixed an issue where non-superuser administrators
with all rights enabled were unable to Review Policies or Review
Apps for downloaded or installed content versions. |
PAN-149325 | Fixed an issue on Panorama where the web
interface took more time than expected to load changes when the
virtual router was large or when there was a large configuration
change request from the web interface. |
PAN-149296 | Fixed an issue on Panorama where system
and configuration logs of dedicated Log Collectors did not show
up on Panorama appliances in Management Only mode. |
PAN-149008 | Fixed an issue where the CLI command Show config running following
the CLI command set cli op-command-xml-output on produces
an unreadable output. |
PAN-149005 | Fixed an issue where XML API failed to fetch
logs larger than 10MB. |
PAN-148564 | Fixed an issue where Panorama stopped showing
new logs when url_category_list was
in the URL payload format of the HTTP(S) server profile used to
forward URL logs from the Panorama Log Collector. |
PAN-148087 | Fixed an issue where the object identifier
(OID) being polled for the component hrStorageUsed was not
unique after a PAN-OS upgrade. |
PAN-147741 | Fixed an issue where an API call for correlated
events did not return any events. |
PAN-147595 | Fixed an issue where, after a policy commit
and session rematch, stream control transmission protocol (SCTP)
logs for an existing SCTP session still showed old rule information. |
PAN-147285 | Fixed an issue where host information profile
(HIP) details were not available on Panorama even when a HIP redistribution
configuration was in place. |
PAN-146878 | Fixed an issue where TCP traffic dropped
due to TCP sequence checking in an HA active/active configuration
where traffic was asymmetric. |
PAN-146841 | Fixed an issue in Panorama where a commit-all
to the managed firewalls failed with the following error message: invalid object reference when address
objects were uploaded using an external script. |
PAN-146787 | Fixed an issue where traffic incorrectly
matched URL based authentication policies. |
PAN-146650 | A fix was made to address an authentication
bypass vulnerability in the GlobalProtect SSL VPN component of PAN-OS
that allowed an attacker to bypass all client certificate checks
with an invalid certificate. As a result, the attacker was able
to authenticate as any user and gain access to restricted VPN network
resources when the gateway or portal was configured to rely only
on certificate-based authentication (CVE-2020-2050). |
PAN-146623 | Fixed an issue where a GlobalProtect client
in a system with umlaut diacritics serial number was unable to log
in to the GlobalProtect gateway. |
PAN-146506 | Fixed an issue where memory usage on a process (useridd)
was high, which caused the process to restart on the firewall acting
as the User-ID redistribution agent. This issue occurred when multiple
clients requested IP address-to-user mappings at the same time. |
PAN-146284 | Fixed an issue where Application and Threat
Content installation failed on the firewall with the following error
message: Error: Threat database handler failed. |
PAN-146117 | Fixed an issue on the firewalls where memory
usage on a process (devsrvr) increased after running
the show object dynamic-address-group all CLI
command. |
PAN-146115 | Fixed an issue where GlobalProtect IPsec
connections flapped when the peer address to the gateway changed
due to NAT. |
PAN-146107 | Fixed an issue where memory allocation failure
caused a process (pan_comm) to restart several times,
which caused the firewall to restart. |
PAN-145823 | Fixed an issue where BGP learned routes
were incorrectly populated with a VR error as a next hop. |
PAN-145757 | Fixed an issue on the firewalls where a
process (all_pktproc) restarted while processing Session Traversal
Utilities for NAT (STUN) over TCP. |
PAN-145752 | Fixed an issue where exporting policies
to PDF or CSV files did not include all policies and contained duplicates. |
PAN-145721 | Fixed an issue where Application Command
Center (ACC) data did not load when accessed from the Top Applications widget
in the Dashboard. |
PAN-145507 | Fixed an issue on the firewalls where traffic
originating from a GlobalProtect user did not match HIP-based Security
policies using the cached HIP report. Instead, the traffic was denied
until the GlobalProtect agent submitted a new HIP report about 20
seconds later. |
PAN-145305 | Fixed an issue where an inconsistent PAN-DB
cloud connection caused the firewall to negotiate the incorrect
version and decode the cloud responses with the incorrect format. |
PAN-145133 | A fix was made to address a vulnerability
in the PAN-OS signature-based threat detection engine that allowed
an attacker to evade threat prevention signatures using specifically
crafted TCP packets (CVE-2020-1999). |
PAN-145041 | Fixed an issue on the firewalls where a
process (all_task) stopped responding. |
PAN-144919 | Fixed an issue on an M-600 appliance where
the Panorama management server stopped receiving new logs from firewalls
because delayed log purging caused log storage on the Log Collectors
to reach maximum capacity. |
PAN-144448 | Fixed an issue with the automated correlation
engine that caused firewalls to stop generating correlated event
logs for the beacon-heuristics object
(ID 6005). |
PAN-144232 | Fixed an issue where, when any change was
made to an authentication profile, the LDAP server or local user
database in a shared context removed the user group mapping information
from the firewall. |
PAN-143959 | Fixed an issue on Panorama where a custom
administrator with all rights enabled was not able to display the
content of the external dynamic list (EDL) on the Panorama web interface. |
PAN-143809 | Fixed an issue where Log Collectors had
problems ingesting logs for older days received at a high rate. |
PAN-143796 | Fixed an issue where commits failed on the
firewall due to memory allocation failure. Configuration memory
can be checked using the debug dataplane show cfg-memstat statistics CLI
command. |
PAN-143010 | (PA-7000 Series firewalls only)
Fixed an issue with intermittent packet loss for GlobalProtect SSL
tunnel traffic. |
PAN-142562 | Fixed an issue on Panorama where creating
certificates took longer than expected, which caused configuration
lock timeouts. |
PAN-142363 | Fixed an issue where a process (mprelay) stopped
responding and invoked an out-of-memory (OOM) killer condition and
displayed the following error messages: `tcam full` and pan_plfm_fe_cp_arp_delete. |
PAN-142219 | Fixed an issue where a Panorama log query
did not work for closed indices. |
PAN-141980 | Fixed an issue where random member ports
in a link aggregate group failed to join the aggregate group due
to the following error: Link speed mismatch. |
PAN-141895 | Fixed an issue that prevented GTP tunnel
session timeout values from being configured via the web interface. |
PAN-141793 | Fixed an issue where Panorama did not show
correct logs filtered with not, leq,
and geq. |
PAN-141717 | Fixed an issue where an administrative user
using custom admin roles and without access to the Device tab
was unable to expand the detailed views of Monitor > Logs. |
PAN-141551 | Fixed an issue where SSH service restart
management did not take effect in the SSH management server profile. |
PAN-141296 | Fixed an issue where a large certificate
chain transmission delayed the decryption process and did not populate
the mutual authentication cache. |
PAN-140900 | Fixed an issue where IP address-to-tag mapping
entries had negative time-to-live (TTL) values instead of being
removed after expiry. |
PAN-140883 | Fixed an issue where, after rebooting the
firewall, the SNMP object identifier (OID) for TCP connections per
second (panVsysActiveTcpCps / .1.3.6.1.4.1.25461.2.1.2.3.9.1.6.1)
returned 0 until another OID was pulled. Additionally, after a restart
of a daemon (snmpd), if the above OID was called before
other OIDs, there was an approximate 10 second delay in populating
the data pulled by each OID. |
PAN-140736 | Fixed an issue where configuration synchronization
failed in an HA configuration. |
PAN-140382 | Fixed an issue where the Host Evasion Threat
ID signature did not trigger for the initial session even after
the DNS response was received before the session expired. |
PAN-140227 | (PA-7000 Series firewalls only)
Fixed a rare issue where the firewall rebooted due to path monitoring
failure on the Log Processing Card (LPC). |
PAN-140173 | Fixed an issue where a high number of groups
in group mapping caused a process (useridd) to exit. |
PAN-140100 | Fixed an issue where Detailed
Log View (Monitor > Logs > Traffic)
did not display the URL filtering logs as expected on HTTP/2 stream
sessions. |
PAN-140084 | (PA-3200 Series firewalls only)
Fixed an issue where the default Dynamic IP and Port (DIPP) NAT
oversubscription rate was set as 2. |
PAN-139991 | Fixed an issue where the web interface and
the CLI were inaccessible, which caused the following error message
to display on the web interface: Timed out while getting config lock. |
PAN-139233 | Fixed an issue where HIP reports failed
to show up via the web interface or the CLI. |
PAN-139136 | Fixed an issue where a large number of groups
in group mappings caused a process (useridd) to exit. |
PAN-138427 | Fixed an issue where pushing a configuration
from a Panorama management server running PAN-OS 9.0 to a firewall
running PAN-OS 8.1 produced a HTTP/2 warning. To leverage this fix,
update both Panorama and the firewall to PAN-OS 9.1.5. |
PAN-137663 | Fixed a cosmetic issue where misleading
App-ID and rule shadowing warnings populated after a commit. |
PAN-137157 | Fixed an issue where Panorama became inaccessible
with the following error message: Timed out while getting config lock. |
PAN-135989 | Fixed an issue where the serial number was
unknown for VM-Series firewalls after upgrading from PAN-OS 8.0
to PAN-OS 8.1. |
PAN-135354 | Fixed an issue where the paths between the
control plane and the dataplanes in network processing cards (NPCs)
stalled in the dataplane-to-control plane direction due to the Ring
Descriptor entries becoming out of sync on each side. This produced
unrecoverable data path monitoring failures, which caused the chassis
to become nonfunctional. |
PAN-135071 | Fixed an issue in Panorama where the template
stack drop-down was missing templates when using access domain.
This issue is fixed only for existing template stacks. |
PAN-134907 | Fixed an issue where IP tags were not evaluated
in the filter evaluation criteria when Dynamic Address Groups were
configured. |
PAN-134745 | Fixed an issue where Panorama commits failed
due to a process (useridd) running on high file descriptors
as a large number firewalls connect to Panorama for User-ID redistribution. |
PAN-134226 | Fixed an issue where AdminStatus for HA1
and High Speed Chassis Interconnect (HSCI) interfaces were incorrectly
reported. |
PAN-133934 | Fixed an intermittent issue where user-to-IP
address mappings were not redistributed to client firewalls. |
PAN-131750 | Fixed an issue where a configuration push
from Panorama to the firewall showed the Commit All status
as completed even though the job was still being processed. |
PAN-130955 | Fixed an issue where templates on the secondary
Panorama appliance were out of sync with the primary Panorama appliance
due to an empty content-preview node. |
PAN-130389 | (PA-220 firewalls only) Fixed an
issue where rx-broadcast and rx-multicast interface counters were
not increasing even broadcast and/or multicast traffic was being
received. |
PAN-130357 | Fixed a memory leak issue where virtual
memory used by the SNMP process started to slowly increase when
the request was sent with a request-id of
0. |
PAN-129376 | (PA-800 Series firewalls only)
Fixed an issue that prevented ports 9-12 from being powered down
by hardware after being requested to do so. |
PAN-129234 | Fixed an issue where syslog connection failures
were frequently reported in system logs. |
PAN-128048 | Fixed an issue where certificate-based authentication
with IKEv2 IPSec tunnels failed to establish with some third-party
vendors. |
PAN-126353 | Fixed an issue where the XML API used to
retrieve hardware status periodically failed with a 200 OK message
and no data. |
PAN-125218 | A fix was made to address an information
exposure vulnerability in Panorama that disclosed the token for
the Panorama web interface administrator's session to a managed
device when the Panorama administrator performed a context switch (CVE-2020-2022). |
PAN-124681 | A fix was made to address a vulnerability
where Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000
Series, PA-3000 Series, PA-3200 Series, PA-5000 Series, PA-5200
Series, and PA-7000 Series firewalls were not cleared before the
data frame was created (CVE-2021-3031). |
PAN-121035 | Added support of high powered module PAN-QSFP28-100GBASE-ER4. |
PAN-120245 | Fixed an issue on Panorama where WildFire
cloud content download failed for content deployment to the WF-500
appliance. |
PAN-119982 | Fixed an issue where template variable view
failed to display some template variables when the Device
Priority type variable was configured. |
PAN-115541 | Fixed an issue where removing a cipher from
an SSL/TLS profile did not take effect if it was attached to the
management interface. |
PAN-112449 | Fixed an issue that caused a daemon (snmpd)
to hang when sending a Simple Network Management Protocol (SNMP)
GET request for LcLogUsageTable on
a Panorama appliance in Management Only mode. |
PAN-110423 | Fixed an issue where mounting failure occurred
and root partition reached 100%. |
PAN-110168 | Fixed an issue where the firewall and Panorama
web interface did not present HSTS headers to your web browser. |
PAN-103018 | Fixed an issue where, when defining the
match criteria for dynamic address groups on Panorama, the boolean
AND/OR operators did not function properly. |