PAN-OS 10.1.6 Addressed Issues
PAN-OSĀ® 10.1.6 addressed issues.
Issue ID | Description |
|---|---|
WF500-5509 | ( WF-500 appliance only ) Fixed an
issue where cloud inquiries were logged under the SD-WAN subtype. |
PAN-193579 | Fixed an issue where new logs viewed from
the CLI (show log <log_type>) and new syslogs forwarded to a
syslog server contained additional, erroneous entries. |
PAN-192930 | Fixed an issue where, when the default port
was not TCP/443, implicitly used SSL applications were blocked by
the Security policy as an SSL application and did not shift to the
correct application. |
PAN-191629 | ( PA-5450 firewalls only ) Fixed
an issue where the hourly summary log was limited to 100,001 lines
when summarized, which resulted in inconsistent report results when
using summary logs. |
PAN-191470 | Fixed an issue on Panorama where encrypted
passwords were sent to firewalls on PAN-OS 10.1 releases during
a multi-device group push, which caused client-based External Dynamic
Lists (EDL) to fail. |
PAN-191466 | Fixed an issue where you were unable to
use the web interface to override IPsec tunnels pushed from Panorama |
PAN-191222 | Fixed an issue where Panorama became inaccessible
when after a push to the collector group. |
PAN-190728 | Fixed an issue in an active/passive high
availability (HA) configurations with link or path monitoring enabled
where the aggregate ethernet interface went down before member interfaces
went down. |
PAN-190675 | Fixed an IoT cloud connectivity issue with
the firewall dataplane when the Data Services service
route was used and the egress interface had VLAN tagging. |
PAN-190660 | Fixed an issue where the vld process
stopped responding when Elasticsearch had no data. |
PAN-190644 | Fixed an issue where Elasticsearch removed
indices earlier than the configured retention period. |
PAN-190409 | ( PA-5450 and PA-3200 Series firewalls
that use a FE101 processor only ) Fixed an issue where packets
in the same session were forwarded through a different member of
an aggregate ethernet group when the session was offloaded. |
PAN-189982 | Fixed an issue where, when inputting tags,
the scrollbar in the dialog box for the tag field
obscured the down arrow. |
PAN-189643 | Fixed an issue where, when Quality of Service
(QoS) was enabled on an IPSec tunnel, traffic failed due to applying
the wrong tunnel QoS ID. |
PAN-189182 | Fixed an issue where the change summary
didn't work after upgrading the Panorama appliance. |
PAN-189010 | Fixed an issue on Panorama where a deadlock
in the configd process caused both the web interface
and the CLI to be inaccessible. |
PAN-188872 | Fixed an out-of-memory (OOM) condition caused
by a memory leak issue on the useridd process. |
PAN-188776 | ( PA-5200 Series firewalls only ) Fixed an issue where the AUX-2 port required a reboot to
link up after factory resetting the firewall. |
PAN-188336 | Fixed an issue with the dnsproxyd process
that caused the firewall to unexpectedly reboot. |
PAN-188303 | Fixed an issue where the serial number displayed
as unknown after running the show
system state CLI command. |
PAN-188272 | ( PA-5200 Series and PA-7000 Series firewalls
only ) Fixed an issue where Support UTF-8 For Log Output wasn't
visible on the web interface. |
PAN-188097 | Fixed an issue where the firewall stopped
allocating new sessions with increments in the counter session_alloc_failure.
This was caused by GPRS tunneling protocol (GTP-U) tunnel session
aging processing issue. |
PAN-188009 | Fixed an issue where a firewall import to
Panorama running a PAN-OS 10.1 release or a PAN-OS 10.2 release
resulted in corrupted private information when the master key was
not used. |
PAN-188005 | Fixed an issue where the var/off file
consumed more space than expected, which caused 100% root partition. |
PAN-187829 | Fixed an issue where the web_backend and httpd processes
leaked descriptors, which caused activities that depended on the
processes, such as logging in to the web interface, to fail. |
PAN-187630 | Fixed an issue where the all_task process stopped
responding with a stack trace that contained the function pan_agent_userpolicy_cache_find . |
PAN-187558 | Fixed an issue where the following error
message flooded the system log: Incremental update to DP failed . |
PAN-186750 | Fixed an issue where, after upgrading to
a PAN-OS 10.1 release, SaaS reports generated on Panorama did not
display Applications at a glance and most
charts were missing data on the right side of the chart. |
PAN-186262 | Fixed an issue where Panorama appliances
in Panorama or Log Collector mode became unresponsive while Elasticsearch
accumulated internal connections related to logging processes. |
PAN-186143 | Fixed an issue where no local changes could
be made on a Zero Touch Provisioning (ZTP) enabled device after
an upgrade to a PAN-OS 10.1 release. |
PAN-185616 | Fixed an issue where the firewall sent fewer
logs to the system log server than expected. With this fix, the
firewall accommodates a larger send queue for syslog forwarding
to TCP syslog receivers. |
PAN-185558 | Fixed an issue where Panorama log migration
failed when old logs migrated to a newer format. This was due to
older indices failing to close. |
PAN-185440 | Fixed an issue where iOS devices incorrectly
displayed as jailbroken under HIP match logs. |
PAN-185416 | ( PA-220 firewalls only ) Fixed an
issue where the firewall repeatedly rebooted every few hours. |
PAN-184979 | Fixed an issue in multi-vsys environments
where the DNS service route always used the management interface
even when the dataplane interface was |
PAN-184621 | Fixed an issue on FIPS-enabled devices where
modifying any configuration of an existing GlobalProtect portal
failed with the following error message: Operation failed : Malformed request . |
PAN-184291 | Fixed an issue where the GlobalProtect portal
generated a cookie with a domain as NULL instead of empty-domain,
which caused users to be identified incorrectly. |
PAN-184071 | Fixed an issue where tech support files
were not generated. |
PAN-183788 | Fixed an issue with SCEP certificate enrollment
where the incorrect Registration Authority (RA) certificate was
chosen to encrypt the enrollment request. |
PAN-183579 | Fixed an issue where SD-WAN path monitoring
failed over the interface directly connected to the ISP due to an
unsupported ICMP probe format. |
PAN-183529 | ( PA-5450 firewalls only ) Fixed
an issue where upgrading the firewall caused corrupted log records
to be created, which caused the logrcvr process to
fail. This resulted in the auto-commit process required to bring
up the firewall after a reboot to fail and, subsequently, the firewall
to become unresponsive. |
PAN-183339 | Fixed an issue where line breaks in a description
were not visible. |
PAN-183327 | ( Firewalls in HA configurations only )
Fixed an issue where policy based forwarding (PBF) sessions between
virtual systems (vsys) weren't pushed to the high availability peer. |
PAN-183322 | ( Firewalls in Hyper-V environments only )
Fixed an issue where, when upgrading PAN-OS 10.0.5 to PAN-OS 10.0.6
or later, the default Maximum Transmission Unit (MTU) is restored
to 1500 from 1496. |
PAN-181604 | Fixed an issue where audit comment archive configuration logs (between commits) were
lost after each upgrade. |
PAN-181568 | Fixed an issue where high dataplane CPU
occurred when DNS Security was enabled on a firewall with many DNS
sessions but less overall traffic. |
PAN-181277 | Fixed an issue where VPN tunnels in SD-WAN
flapped due to duplicate tunnel IDs. |
PAN-181262 | Fixed an issue where, when the data loss
prevention (DLP) plugin was installed, the Panorama web interface
froze after previewing changes. |
PAN-181245 | Fixed an internal path monitoring failure
issue that caused the dataplane to go down. |
PAN-181215 | Fixed an issue where the authd process
didn't receive authentication requests due to internal socket errors. |
PAN-181031 | Fixed an issue where the CN-NGFW (DP) folder
on the CN-MGMT pod eventually consumed a large amount of space in
the /var/log/pan because the old registered stale next-generation
firewall logs were not being cleared. |
PAN-180934 | Fixed an issue where, when decrypting at
TLS1.3, websites failed to load due to the firewall incorrectly
handling payload padding from the server. |
PAN-180661 | Fixed an issue on Panorama where pushing
an unsupported Minimum Password Complexity (Device
> Setup > Management ) to a managed firewall incorrectly
displayed a commit timeout as the reason the commit failed. |
PAN-180396 | Fixed an issue where Panorama displayed
an error when generating a ticket to disable GlobalProtect for Prisma
Access. |
PAN-180338 | Fixed an issue where the CTD loop count
wasn't accurately incremented. |
PAN-180125 | Fixed an issue where either Elasticsearch
es-1 or es-2 didn't start after rebooting the log collector. |
PAN-179184 | Fixed an issue where Security Assertion
Markup Language (SAML) authentication failed when multiple single
sign-on (SSO) requests were sent at the same time from SSL VPN to
the authd process on the firewall. |
PAN-178975 | Fixed an issue where the local log collector
was out of sync and displayed a public IP address mismatch for the
management interface. |
PAN-178862 | Fixed an issue where bootstrapped firewalls
didn't associate with the configured template stack if the stack
name had more than 31 characters. |
PAN-178450 | Fixed an issue where icons weren't displayed
for clientless VPN applications. |
PAN-177762 | Fixed an issue where wificlient in
PAN-OS 10.0 and later releases caused processing delays, on-chip
descriptor spikes, and buffer usage. |
PAN-177671 | Fixed an issue where, when SIP traffic traversing
the firewall was sent with a high QoS differentiated service code
(DSCP) value, the DSCP value was reset to the default setting (CS0)
for the first data packet. |
PAN-177455 | ( PA-7000 Series firewalls with HA clustering
enabled and using HA4 communication links only ) Fixed an issue
where loading PAN-OS 10.2.0 on the firewall caused the PA-7000 100G
NPC (Network Processing Card) to go offline. As a result, the firewall
failed to boot normally and entered maintenance. |
PAN-177409 | Fixed an issue where, when the quarantine
feature was enabled, every hostid lookup
created a new entry in the cache memory instead of having a single
cache entry for each IP address, which led to memory exhaustion. |
PAN-177063 | Fixed an issue where decrypting large packets
introduced congestion during content inspection, which caused processes
to stop responding due to missed heartbeats. |
PAN-176437 | ( PA-3200 Series firewalls only )
Fixed an issue where multiple processes stopped responding, which
caused the firewall to reboot. |
PAN-175186 | Fixed an issue where performing a commit-all
operation with the API type op instead of commit resulted
in Panorama returning the incorrect error message Use
type [commit-all] instead of the correct error message
to use the type commit . |
PAN-175022 | Fixed an issue where the PAN-OS web interface
table of contents did not display or the help contents reloaded
continuously. |
PAN-175016 | Fixed an issue where PDF summary reports
were empty when they were generated by a user in a custom admin
role. |
PAN-174660 | Fixed an issue where the devsrvr process
stopped responding after a local or Panorama pushed commit. This
occurred when a single NAT policy contained more than 64 address
objects. |
PAN-174514 | ( VM-Series firewalls on Amazon Web Services
(AWS) with Gateway Load Balancer (GWLB) enabled only ) Fixed
an issue where the firewall didn't block access with a response
page when accessing a blocked URL category. |
PAN-174161 | Fixed an issue in Panorama that occurred
when attempting to disable override on an
object from a child device group did not work after cloning and
renaming the object. |
PAN-173453 | Fixed an issue where multiple heartbeat
failures occurred, which resulted in high availability failover. |
PAN-172768 | Fixed an issue where HIP report generation
caused a memory leak on a process (useridd). |
PAN-172766 | Fixed an issue on Panorama where a commit
push to managed firewalls failed with sctp-init is invalid error
even though SCTP settings were not configured in the corresponding
template. |
PAN-170462 | Fixed an issue where Saas applications downloaded
from the App-ID Cloud Engine (ACE) didn't appear in daily application
reports ( Monitor Reports Application Reports ACC Network Activity |
PAN-168400 | Fixed an issue where, after installing Cloud
Services plugin 10.2, the Plugin cloud_services status (Dashboard
> High Availability ) displayed as Mismatch . |
PAN-168339 | Fixed an issue where replacing SSL certificates
for inbound management traffic did not work when Block
Private Key Export was enabled. |
PAN-165660 | Fixed an issue where, in scenarios with
Fragmented Session Initiation Protocol (SIP), where the first packet
arrived out of order, bypassing App-ID and Content and Threat Detection
(CTD). With this fix, the out-of-order packet is transmitted after
it has been queued and processed by APP-ID and CTD. |
PAN-163174 | Fixed an issue on the firewall where, after
a commit, GlobalProtect users saw SAML authentication failure due
to an improper certificate revocation check. |
PAN-162444 | Fixed an issue where the system state reported
incorrect or missing capacity numbers for FQDN address objects. |
PAN-162164 | Fixed an issue where, when upgrading a multi-dataplane
firewall from a PAN-OS 10.0 to a PAN-OS 10.1 release, the commit
failed if the DHCP Broadcast Session option was enabled in the configuration. |
PAN-159702 | Fixed an issue where FQDN refresh did not
work with the error No name servers found! ,
and no subsequent retries occur. |
PAN-155730 | Fixed an issue where corrupted log index
files were not automatically removed. |
PAN-142701 | Fixed an issue where the firewall did not
delete Stateless SCTP sessions after receiving an SCTP Abort packet. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.
