The following table lists the issues that are addressed in the PAN-OS® 7.1.16 release. For new features, associated software versions, known issues, and changes in default behavior, see PAN-OS 7.1 Release Information. Before you upgrade or downgrade to this release, review the information in Upgrade to PAN-OS 7.1.
Starting with PAN-OS 7.1.5, all unresolved known issues and any newly addressed issues in these release notes are identified using new issue ID numbers that include a product-specific prefix. Issues addressed in earlier releases and any associated known issue descriptions continue to use their original issue ID.
Issue ID Description
PAN-91113 Fixed an issue where the mprelay process stopped responding when processing IPv6 neighbor discovery updates.
PAN-89471 Fixed an issue where firewalls rebooted because the userid process restarted too often due to a socket binding failure that caused a memory leak.
PAN-89171 Fixed an issue on firewalls in a high availability (HA) configuration where an auto-commit failed (the error message was Error: Duplicate user name ) after you connected a new suspended-secondary peer to an active-primary peer.
PAN-88547 Fixed an issue where the firewall did not accept AS:0 as a value in the Set Community list of a BGP redistribution profile ( Network > Virtual Routers > <router> > BGP > Redist Rules).
PAN-88487 Fixed an issue where the firewall stopped enforcing policy after you manually refreshed an external dynamic list (EDL) that had an invalid IP address or that resided on an unreachable web server.
PAN-88213 Fixed an issue where firewalls that had ECMP and session offloading enabled sent offloaded traffic to the incorrect next hop.
PAN-86115 Fixed an issue where PA-7000 Series firewalls intermittently displayed incorrect usernames for Traffic logs.
PAN-86076 As an enhancement to improve security for GlobalProtect deployments, the GlobalProtect portal now includes the following HTTP security headers in responses to end user login requests: X-XSS-Protection, X-Content-Type-Options, and Content-Security-Policy.
PAN-85035 Fixed an issue where end users could not access applications and services due to DNS resolution failures that occurred because the firewall associated the destination port with Bidirectional Forwarding Detection (BFD) packets instead of DNS packets.
PAN-84703 Fixed an issue where pushing a custom application named http or smb ( Objects > Applications) from the Panorama management server to firewalls interfered with antivirus detection on the firewalls.
PAN-83909 Fixed an issue where the WF-500 appliance sent ICMP unreachable messages from the VM Interface to the Management interface.
PAN-81539 Fixed an issue where commits failed because the logrcvr process restarted continuously on firewalls with NetFlow exports configured.
PAN-81287 Fixed an issue where a firewall in FIPS/CC mode intermittently switched to maintenance mode.
PAN-81102 Fixed an issue where the tftp export stats-dump CLI command failed to generate a Stats Dump file and displayed the following error: Failed to redirect error to /var/log/pan/report_gen.log (Permission denied) .
PAN-79753 Fixed an issue where the Panorama management server restarted after you ran the replace device old <old_SN#> new <new_SN#> CLI command to replace the serial number of an old managed firewall with that of a new managed firewall.
PAN-72246 Fixed an issue where the firewall generated an ECDSA certificate signing request (CSR) using the SHA1 algorithm instead of the selected algorithm.
PAN-67952 Fixed an issue on PA-5000 Series firewalls where the dataplanes became unstable when jumbo frames and first packet broadcasting were both enabled. With this fix, first packet broadcasting is disabled by default on PA-5000 Series firewalls.
PAN-64376 Fixed an issue where you could not set the QoS Egress Max to more than 16,000 Mbps for an aggregate Ethernet interface ( Network > QoS > <interface> > Physical Interface). With this fix, you can set the QoS Egress Max to a maximum of 60,000 Mbps. If you downgrade from PAN-OS 7.1.16 or a later release to PAN-OS 7.1.15 or an earlier release, you must reset the QoS Egress Max to 16,000 Mbps or less to avoid commit failures.
PAN-60083 Fixed an issue where traffic fails to pass through the firewall due to insufficient memory in the memory pools of the firewall dataplane.

Related Documentation