End-of-Life (EoL)

PAN-OS 7.1.16 Addressed Issues

PAN-OS® 7.1.16 addressed issues
The following table lists the issues that are addressed in the PAN-OS® 7.1.16 release. For new features, associated software versions, known issues, and changes in default behavior, see PAN-OS 7.1 Release Information. Before you upgrade or downgrade to this release, review the information in Upgrade to PAN-OS 7.1.
Starting with PAN-OS 7.1.5, all unresolved known issues and any newly addressed issues in these release notes are identified using new issue ID numbers that include a product-specific prefix. Issues addressed in earlier releases and any associated known issue descriptions continue to use their original issue ID.
Issue ID
Fixed an issue where the mprelay process stopped responding when processing IPv6 neighbor discovery updates.
Fixed an issue where firewalls rebooted because the userid process restarted too often due to a socket binding failure that caused a memory leak.
Fixed an issue on firewalls in a high availability (HA) configuration where an auto-commit failed (the error message was Error: Duplicate user name) after you connected a new suspended-secondary peer to an active-primary peer.
Fixed an issue where the firewall did not accept AS:0 as a value in the Set Community list of a BGP redistribution profile (Network > Virtual Routers > <router> > BGP > Redist Rules).
Fixed an issue where the firewall stopped enforcing policy after you manually refreshed an external dynamic list (EDL) that had an invalid IP address or that resided on an unreachable web server.
Fixed an issue where firewalls that had ECMP and session offloading enabled sent offloaded traffic to the incorrect next hop.
Fixed an issue where PA-7000 Series firewalls intermittently displayed incorrect usernames for Traffic logs.
As an enhancement to improve security for GlobalProtect deployments, the GlobalProtect portal now includes the following HTTP security headers in responses to end user login requests: X-XSS-Protection, X-Content-Type-Options, and Content-Security-Policy.
Fixed an issue where end users could not access applications and services due to DNS resolution failures that occurred because the firewall associated the destination port with Bidirectional Forwarding Detection (BFD) packets instead of DNS packets.
Fixed an issue where pushing a custom application named http or smb (Objects > Applications) from the Panorama management server to firewalls interfered with antivirus detection on the firewalls.
Fixed an issue where the WF-500 appliance sent ICMP unreachable messages from the VM Interface to the Management interface.
Fixed an issue where commits failed because the logrcvr process restarted continuously on firewalls with NetFlow exports configured.
Fixed an issue where a firewall in FIPS/CC mode intermittently switched to maintenance mode.
Fixed an issue where the tftp export stats-dump CLI command failed to generate a Stats Dump file and displayed the following error: Failed to redirect error to /var/log/pan/report_gen.log (Permission denied) .
Fixed an issue where the Panorama management server restarted after you ran the replace device old <old_SN#> new <new_SN#> CLI command to replace the serial number of an old managed firewall with that of a new managed firewall.
Fixed an issue where the firewall generated an ECDSA certificate signing request (CSR) using the SHA1 algorithm instead of the selected algorithm.
Fixed an issue on PA-5000 Series firewalls where the dataplanes became unstable when jumbo frames and first packet broadcasting were both enabled. With this fix, first packet broadcasting is disabled by default on PA-5000 Series firewalls.
Fixed an issue where you could not set the QoS Egress Max to more than 16,000 Mbps for an aggregate Ethernet interface (Network > QoS > <interface> > Physical Interface). With this fix, you can set the QoS Egress Max to a maximum of 60,000 Mbps.
If you downgrade from PAN-OS 7.1.16 or a later release to PAN-OS 7.1.15 or an earlier release, you must reset the QoS Egress Max to 16,000 Mbps or less to avoid commit failures.
Fixed an issue where traffic fails to pass through the firewall due to insufficient memory in the memory pools of the firewall dataplane.

Recommended For You