End-of-Life (EoL)
PAN-OS 7.1.17 Addressed Issues
PAN-OS® 7.1.17 addressed issues
The following table lists the issues that are addressed
in the PAN-OS® 7.1.17 release. For new features, associated software
versions, known issues, and changes in default behavior, see PAN-OS 7.1 Release Information.
Before you upgrade or downgrade to this release, review the information in Upgrade to PAN-OS 7.1.
Starting with PAN-OS 7.1.5, all unresolved known issues
and any newly addressed issues in these release notes are identified
using new issue ID numbers that include a product-specific prefix.
Issues addressed in earlier releases and any associated known issue
descriptions continue to use their original issue ID.
Issue ID | Description |
---|---|
PAN-93244 | A security-related fix was made to prevent
a Cross-Site Scripting (XSS) attack through the PAN-OS session browser
(CVE-2018-9335). |
PAN-93233 | Fixed an issue where PA-7000 Series firewalls
caused slow traffic over IPSec VPN tunnels because the firewalls
reordered TCP segments during IPSec encryption when the tunnel session
and inner traffic session were on different dataplanes. |
PAN-93089 | A security-related fix was made to prevent
denial of service (DoS) to the management web interface (CVE-2018-8715). |
PAN-92916 | Fixed an issue where firewalls configured for
User-ID redistribution did not redistribute IP address-to-username
mappings due to a memory leak. |
PAN-92487 | Fixed an issue where enabling jumbo frames
(Device > Setup > Session) reduced throughput because:
|
PAN-92459 | Fixed an issue on firewalls in an active/passive
high availability (HA) configuration where the management server
on the passive firewall restarted because it exceeded the virtual
memory limit during HA synchronization. |
PAN-92268 | Fixed an issue on PA-7000 Series firewalls
where one or more dataplanes did not pass traffic when you ran several
operational commands (from any firewall user interface or from the
Panorama management server) while committing changes to device or
network settings or while installing a content update. |
PAN-91591 | Fixed an issue where the GlobalProtect agent
failed to establish a TCP connection with the GlobalProtect gateway
when TCP SYN packets were set with unsupported congestion notification
flag bits (ECN or CWR). |
PAN-91564 | A security-related fix was made to prevent
a local privilege escalation vulnerability that allowed administrators
to access the password hashes of local users (CVE-2018-9334). |
PAN-91088 | Fixed an issue on PA-7000 Series firewalls
in a high availability (HA) configuration where the HA3 link did
not come up after you upgraded to PAN-OS 7.1.14, 7.1.15, or 7.1.16. |
PAN-90954 | A security-related fix was made to prevent
a local privilege escalation vulnerability that could potentially
result in the deletion of files (CVE-2018-9242). |
PAN-89030 | Fixed an issue where the firewall could not
authenticate to a hardware security module (HSM) partition when
the partition password contained special characters. |
PAN-87552 | Fixed an issue where commit validation failed
on firewalls after you disabled the option to Share Unused
Address and Service Objects with Devices on the Panorama
management server, assigned the firewalls to a template stack, and
pushed an interface configuration that referenced an address object
instead of an address that you typed. |
PAN-82942 | Fixed an issue where the firewall rebooted
because the User-ID process (useridd) restarted several times when
endpoints, while requesting services that could not process HTTP
302 responses (such as Microsoft update services), authenticated
to Captive Portal through NT LAN Manager (NTLM) and immediately
disconnected. |
PAN-82089 | Fixed an issue on PA-3000, PA-5000, and PA-7000
Series firewalls where heavy IPv6 traffic caused session offloading
to fail, which reduced throughput. |
PAN-81682 | Fixed an issue where the firewall dataplane
restarted while processing traffic after you enabled SSL Inbound
Inspection decryption but not SSL Forward Proxy decryption. |
PAN-81585 | Fixed an issue on the Panorama management server
where, after you renamed an object in a device group, a commit error
occurred because policies in the child device groups still referenced
the object by its old name. |
PAN-81382 | Fixed an issue where the firewall took longer
than expected to collect group mapping information from Active Directory
groups that had circular nesting (Device > User Identification >
Group Mapping Settings > <group_mapping_configuration> > Group
Include List). |
PAN-79721 | Fixed an issue where only administrators with
the superuser dynamic role could run the show logging-status
CLI command. With this fix, the command is available to administrators
with dynamic or custom roles that have the privileges associated
with the following role types: superuser, superreader, deviceadmin,
devicereader (Device > Admin Roles > <admin_role_profile> > Command
Line). |
PAN-76632 | Fixed an issue where administrators could not
log in to the firewall web interface due to the root partition running
out of disk space because management logs continued growing without
the firewall ever deleting them. |
PAN-72667 | Fixed an issue where the Panorama web interface
and CLI displayed a negative value for the Log Storage capacity
(Panorama > Collector Groups > <Collector_Groups > General). |
PAN-71885 | Fixed an issue on PA-7000 Series, PA-5000 Series,
and PA-3000 Series firewalls in an active/passive high availability
(HA) configuration where manually restarting the dataplane caused
the all_pktproc process to stop responding. |
PAN-70156 | Fixed an issue where the Panorama M-100 appliance
stopped responding while one job for deploying a software or content
update was still in progress when another update deployment job
started (Panorama > Device Deployment). |
PAN-62447 | Fixed an issue where, when available swap space
approached the maximum capacity on a firewall, the masterd
process restarted multiple processes without successfully reducing
swap usage because it did not restart the process that triggered
the high usage. With this fix, masterd reduces swap usage when necessary
by restarting the process that uses the highest combination of physical
memory and swap space. |
PAN-49312 | Fixed an issue on PA-3000 Series firewalls
where, after you manually restarted the dataplane (Device > Setup
> Operations), in rare cases it spontaneously restarted repeatedly
due to an FPGA calibration failure. With this fix, after detecting
an FPGA calibration failure, the firewall enters maintenance mode
to prompt you to power cycle the firewall for recovery. |
Recommended For You
Recommended Videos
Recommended videos not found.