End-of-Life (EoL)
PAN-OS 7.1.13 Addressed Issues
PAN-OS® 7.1.13 addressed issues
The following table lists the issues that are addressed
in the PAN-OS® 7.1.13 release. For new features, associated software
versions, known issues, and changes in default behavior, see PAN-OS 7.1 Release Information.
Before you upgrade or downgrade to this release, review the information in Upgrade to PAN-OS 7.1.
Starting with PAN-OS 7.1.5, all unresolved known issues
and any newly addressed issues in these release notes are identified
using new issue ID numbers that include a product-specific prefix.
Issues addressed in earlier releases and any associated known issue
descriptions continue to use their original issue ID.
Issue ID | Description |
---|---|
PAN-84142 | Fixed an issue where a process (vm_agent) on
a VM-Series firewall on Azure stopped responding after upgrading
to PAN-OS 7.1.12 due to a bug in the Azure Linux Agent library (waagentlib)
package. |
PAN-83754 | Fixed an issue where a process (vm_agent) on
a VM-Series firewall on Azure stopped responding after an update
was applied on Azure. |
PAN-82076 | Fixed an issue on PA-7000 Series firewalls
where traffic delays occurred due to packet buffer congestion when
the all_pktproc process stopped responding. This
issue occurred when an incorrect Policy Based Forwarding (PBF) policy
rule ID referenced an invalid egress interface. |
PAN-82046 | Fixed an issue on VM-Series firewalls for NSX
where dynamic address groups had no members. |
PAN-81939 | Fixed an issue where memory corruption caused
the correlation engine process to restart. |
PAN-81661 | Fixed an issue where PA-7000 Series firewalls
in a hairpin virtual wire deployment dropped traffic when predict
sessions were created. In a hairpin deployment, traffic crosses
a firewall twice, in both directions, across the same virtual wire(s)
in the same zones. |
PAN-81321 | Fixed an issue where IPSec tunnel phase 2 negotiations
failed when attempting to connect to a remote peer when /32 traffic
selectors were included in the configuration on the remote peer. |
PAN-81118 | Fixed an issue where client systems could use
a translated IP address-and-port pair for only one connection even
if you configured the Dynamic IP and Port (DIPP) NAT Oversubscription
Rate to allow multiple connections (Device > Setup > Session
> Session Settings > NAT Oversubscription). This issue is fixed
on all firewall models except PA-7000 Series firewalls (see PAN-99483
in Limitations section). |
PAN-80831 | Fixed an issue where connections that the firewall
handles as an Application Level Gateway (ALG) service were disconnected
when destination NAT and decryption were enabled. This fix applies
only when the ALG service does not change packet lengths before
and after NAT translation. |
PAN-80660 | Fixed an issue where the firewall flooded System
logs with the following message: Traffic and logging are
resumed since traffic-stop-on-logdb-full feature has been disabled. |
PAN-80535 | Fixed an issue on a firewall with multiple
virtual systems where policy rules defined for a specific virtual
system could not access shared EDL objects. |
PAN-80447 | Fixed an issue where, after a PAN-OS upgrade,
packet buffer and descriptor utilization spiked and caused latency
in network traffic. |
PAN-79026 | Fixed an issue where the firewall Reset
both client and server after you set the Antivirus profile
to default in a Security policy rule even though all
WildFire actions in the default profile are set to allow (Policies
> Security > <security_rule> > Actions). |
PAN-78718 | Fixed an issue where a PA-7000 Series firewall
running PAN-OS 7.1.12 or an earlier release stopped saving and displaying
new logs due to a memory leak after a Panorama management server
running a PAN-OS 8.0 release pushed a predefined report that specified
a field that is unrecognized by the firewall running the earlier
PAN-OS release (Monitor > Reports > Mobile Network Reports). |
PAN-78342 | Fixed an issue where Panorama failed to export
a custom report if you set the Database to Remote
Device Data (Monitor > Manage Custom Reports). |
PAN-78341 | Fixed an issue where the root partition ran
out of space during generation of a tech support file when the output
of the show user user-ids command was extremely
large. With this fix, the data saved to the tech support file is
modified to show only statistics instead of raw output, which prevents
the output from this command from being so large that it fills up
all available disk space. |
PAN-78127 | A security-related fix was made to prevent
the firewall Management (MGT) interface from becoming unavailable
for legitimate use (CVE-2017-15942). |
PAN-78100 | Fixed an issue where the XML API query for show
session distribution policy resulted in an error message
(An error occurred). |
PAN-77939 | Fixed an issue where the Panorama virtual appliance
in Legacy mode purged older Traffic logs even when space was available
to store more logs. |
PAN-77748 | Added debug enhancements to capture more details
about IKE when third-party VPN clients use the X-AUTH feature. |
PAN-77706 | Fixed an issue on PA-7000 Series firewalls
where packet capture intermittently failed. |
PAN-77384 | Fixed an issue where tunnel-bound traffic was
incorrectly routed through an ECMP route instead of a PBF route
as expected. |
PAN-77292 | Fixed an issue where firewalls in a high availability
(HA) active/passive configuration did not always synchronize sessions. |
PAN-77063 | Fixed an issue where SSL Forward Proxy decryption
failed for SSL/TLS websites that had unused certificate chains containing
algorithms that PAN-OS did not support. With this fix, the firewall
verifies only the certificate chains that the websites use. |
PAN-77055 | Fixed an issue where, after logging in to GlobalProtect,
end users could access the Firewall PAN-OS XML API without additional
authentication. |
PAN-76565 | Fixed an issue where dynamic content updates
failed on the firewall when DNS response times were slow. |
PAN-76505 | Fixed an issue where the mprelay process
stopped responding when processing IPv6 neighbor discovery updates. |
PAN-76454 | Fixed an issue on PA-7000 Series firewalls
where Generic Routing Encapsulation (GRE) session creation failed
when the firewalls received GRE packets with a Point-to-Point Protocol
(PPP) payload. |
PAN-76373 | Fixed an issue on PA-5000 Series firewalls
where using the web interface to display QoS Statistics (Network
> QoS) resulted in a memory leak that caused the control plane and
dataplane to restart. |
PAN-76263 | Fixed an issue where the Panorama management
server retained the Threshold value for update
schedules (Device > Dynamic Updates > <update_type_schedule>)
in a template stack even after you removed the value from templates
in the stack. |
PAN-76075 | Fixed an issue where the User-ID process stopped
responding when an NTLM request was received on a vsys where NTLM
was not configured |
PAN-75705 | Fixed an issue where administrators were able
to download tech support files even when the administrators were
not configured with this privilege. |
PAN-75505 | Fixed an issue where the firewall failed to
export a report to PDF, XML, or CSV format when the report job ID
was higher than 65535. |
PAN-75474 | Fixed an issue where a firewall with a disk
full condition could not connect to WildFire or the PAN-DB
cloud after a management process restarted. The show wildfire
status CLI command displayed the following message: Unable
to authenticate remote CA certificate. |
PAN-75412 | Fixed an issue where the Monitor >
Botnet report displayed the wrong portion of the URL when
the HTTP GET request was too long, while the Monitor >
Logs > URL Filtering logs displayed the URL correctly. |
PAN-74074 | Fixed an issue where an HA sync resulted in
an empty ethernet1/1 node on the passive peer. This issue occurred
when ethernet1/1 on the active HA peer was configured as an Aggregated
Ethernet (AE) interface while ethernet1/1 was not configured in
the local configuration for the passive peer. |
PAN-73333 | Fixed an issue where the firewall did not record
the sender or recipient in WildFire Submission logs for emails in
which the header had no white space character between the display
name and the email address. |
PAN-73196 | Fixed an issue on VM-Series firewalls that
occurred when attempting to shut down the firewall from the VCenter
Client or from a Web Client due to a VM-tools integration issue. |
PAN-72495 | Fixed an issue where PA-7000 Series firewalls
intermittently dropped packets from GlobalProtect end users if the
GlobalProtect IKE gateway used a local interface that was in a different
security zone than the physical ingress interface. |
PAN-71622 | Fixed an issue where Panorama took longer than
expected to generate reports. |
PAN-71012 | Fixed an issue where Panorama did not display
log data in the Monitor or ACC tabs
and did not display custom reports. |
PAN-66675 | Fixed an issue where extended packet captures
consumed excessive storage space in /opt/panlogs. |
PAN-64589 | Fixed an issue where administrators with custom
roles could not perform packet captures or download and install
software and content updates. |
PAN-60414 | Fixed an issue where the HL7 application was
not correctly identified. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.