End-of-Life (EoL)
PAN-OS 7.1.14 Addressed Issues
PAN-OS® 7.1.14 addressed issues
The following table lists the issues that are addressed
in the PAN-OS® 7.1.14 release. For new features, associated software
versions, known issues, and changes in default behavior, see PAN-OS 7.1 Release Information.
Before you upgrade or downgrade to this release, review the information in Upgrade to PAN-OS 7.1.
Starting with PAN-OS 7.1.5, all unresolved known issues
and any newly addressed issues in these release notes are identified
using new issue ID numbers that include a product-specific prefix.
Issues addressed in earlier releases and any associated known issue
descriptions continue to use their original issue ID.
Issue ID | Description |
---|---|
PAN-85938 | Fixed an issue where PAN-OS removed the IP
address-to-username mappings of end users who logged in to a GlobalProtect
internal gateway within a second of logging out from it. |
PAN-84781 | Fixed an issue on firewalls with Decryption
policy enabled where intermittent packet loss and decryption failures
occurred because the firewall depleted its software packet buffer
pool. |
PAN-84493 | Fixed an issue where a VM-Series firewall for
NSX, after connecting to Panorama, ran multiple dynamic address
update jobs over a ten-minute period instead of just one update
job. |
PAN-82332 | Fixed an issue where the firewall exported
a configuration file of 0 bytes when you used the firewall web interface
to export a configuration file (Setup > Operations). |
PAN-82273 | Fixed an issue where blocking proxy sessions
to enforce Decryption policy rules caused packet buffer depletion,
which eventually resulted in packet loss. |
PAN-82117 | Fixed an issue where PA-5000 Series firewalls
in an active/active high availability (HA) configuration intermittently
dropped packets due to a race condition that occurred when the session
owner and session setup were on different HA peers. |
PAN-82095 | Fixed an issue on PA-3000 Series, PA-500, PA-200,
and VM-Series firewalls where QoS throughput dropped on interfaces
configured to use a QoS profile with an Egress Max set to 0Mbps
or more than 1142Mbps (Network > Network Profiles > QoS Profile). |
PAN-81892 | A security-related fix was made to prevent
a command injection condition through the firewall web interface
(CVE-2017-15940). |
PAN-81820 | Fixed an issue on PA-7000 Series firewalls
where packet captures (pcaps) didn't include packets that matched
predict sessions. |
PAN-81586 | A security-related fix was made to prevent
a cross-site scripting (XSS) vulnerability in GlobalProtect (CVE-2017-15941). |
PAN-81573 | Fixed an issue where a firewall configured
as a DNS proxy (Network > DNS Proxy) failed to resolve an address
object (Objects > Addresses) with the Type set to FQDN and a name
that ended with a period. |
PAN-81475 | Fixed an issue where memory leaks occurred
when you used a Panorama management server running PAN-OS 8.0 or
7.1 to push configurations to PA-7000 Series firewalls running PAN-OS
7.1 or 7.0. |
PAN-80994 | A security-related fix was made to prevent
remote code execution through the firewall Management (MGT) interface
(CVE-2017-15944). |
PAN-80835 | Fixed an issue where PA-3020 firewalls intermittently
dropped sessions and displayed resources-unavailable in Traffic
logs when a high volume of threat traffic depleted memory. With
this fix, PA-3020 firewalls have more memory for processing threat
traffic. |
PAN-80645 | Fixed an issue where the VM-Series firewall
lost OSPF adjacency with a peer device because the firewall dropped
large OSPF link state packets. |
PAN-80452 | A security-related fix was made to prevent
inappropriate disclosure of information through the firewall web
interface (CVE-2017-15943). |
PAN-80423 | Fixed an issue where VM-Series firewalls in
an active/passive HA configuration added a delay in traffic once
every minute while sending Gratuitous Address Resolution Protocol
(GARP) packets after you set the Link State to down on a Layer 3
interface (Network > Interfaces > Ethernet > <interface> > Advanced). |
PAN-79671 | Fixed an issue where PA-5000 Series firewalls
ran out of disk space because they did not purge logs quickly enough. |
PAN-79569 | Fixed an issue where a commit failed after
an application name was moved to a container application. |
PAN-79441 | Fixed an issue where GlobalProtect connections
failed due to a memory leak in a management-plane process (sslvpn)
that caused the process to restart with the following error: virtual
memory limit exceeded. |
PAN-79067 | Fixed an issue where the firewall treated an
address object as a region object when the address object had the
same name as a deleted region object. |
PAN-77974 | Fixed an issue where the firewall could not
establish BGP connections using a loopback interface over a large-scale
VPN tunnel between a GlobalProtect satellite and GlobalProtect gateway. |
PAN-77800 | Fixed an issue where the firewall failed to
generate a Simple Certificate Enrollment Protocol (SCEP) certificate
when you selected a SCEP profile with the Subject containing an
email address attribute (Device > Certificate Management > SCEP). |
PAN-77673 | Fixed an issue where, when testing which policy
rule applies to traffic between a specified destination and source,
the PAN-OS XML API query does not display as much information as
the corresponding CLI command (test security-policy-match). |
PAN-73360 | Fixed an issue on the Panorama management server
in an HA configuration where the passive HA peer displayed Shared
Policy as Out of Sync (Panorama > Managed Devices) even when the
device group commit from the active peer succeeded. |
PAN-71485 | Fixed an issue where a firewall in FIPS-CC
mode rebooted in maintenance mode after you downloaded GlobalProtect
Client software that was listed under Device > GlobalProtect Client
but that was unavailable on the Palo Alto Networks Update Server. |
PAN-68256 | Fixed an issue on PA-7000 Series firewalls
in an HA configuration where the HA data link (HSCI) interfaces
intermittently failed to initialize properly during bootup. |
PAN-67950 | Fixed an issue where the firewall dropped Encapsulating
Security Payload (ESP) packets because IPSec sessions were stuck
in opening status when Extended Authentication (X-Auth) was enabled
(Network > GlobalProtect > Gateways > <gateway> > Agent > Tunnel
Settings). |
PAN-67713 | Fixed an issue where the firewall didn't display
the application groups you created unless your administrative account
was assigned an Admin Role profile with privileges enabled for both
application groups (full privileges) and application filters (full
or read-only privileges). With this fix, only application group
privileges are required for viewing application groups. |
PAN-66076 | Fixed an issue where the GlobalProtect portal
prompted end users to enter a one-time password (OTP) even after
the users entered the OTP for the GlobalProtect gateway with Authentication
Override enabled (Network > GlobalProtect > Portals > <portal-configuration>
> Agent > <agent-configuration> > Authentication). |
PAN-58581 | Fixed an issue where a GlobalProtect satellite
sent the wrong certificate chain after you renewed the certificate
authority (CA) certificates of GlobalProtect portals and gateways. |
PAN-55962 | Fixed an issue on the Panorama management server
where, when you used the PAN-OS XML API to request traffic logs,
Panorama limited the response to 1,152 logs instead of the normal
limit of 5,000 logs. |
PAN-54501 | Fixed an issue where the firewall intermittently
failed to block Gmail or Google Drive uploads. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.