End-of-Life (EoL)
PAN-OS 7.1.18 Addressed Issues
PAN-OS® 7.1.18 addressed issues
The following table lists the issues that are addressed
in the PAN-OS® 7.1.18 release. For new features, associated software
versions, known issues, and changes in default behavior, see PAN-OS 7.1 Release Information.
Before you upgrade or downgrade to this release, review the information in Upgrade to PAN-OS 7.1.
Starting with PAN-OS 7.1.5, all unresolved known issues
and any newly addressed issues in these release notes are identified
using new issue ID numbers that include a product-specific prefix.
Issues addressed in earlier releases and any associated known issue
descriptions continue to use their original issue ID.
Issue ID | Description |
|---|---|
PAN-95445 This fix requires the VMware NSX
2.0.4 or a later plugin. | Fixed an issue where VM-Series firewalls for
NSX and firewalls in an NSX notify group (Panorama > VMware NSX
> Notify Group) briefly dropped traffic while receiving dynamic
address updates after the primary Panorama in a high availability
(HA) configuration failed over. |
PAN-94687 | Fixed an issue where the passive firewall in
an active/passive high availability (HA) configuration rebooted
unexpectedly in rare cases due to a kernel file system journaling
issue. |
PAN-93959 | Fixed an issue where the GlobalProtect™ portal
connection timed out during authentication regardless of the timeout
you specified through the set deviceconfig setting global-protect
timeout configuration mode CLI command. |
PAN-93854 | Fixed an issue where the VM-Series firewall
for NSX randomly disrupted traffic due to high CPU usage by the pan_task process. |
PAN-93687 | Fixed an issue where the firewall dataplane
restarted, disrupting traffic, because the all_pktproc process
stopped responding when the firewall decoded HTTP message bodies
with chunked transfer encoding or gzip-compressed data. |
PAN-93242 | A security-related fix was made to prevent
a Cross-Site Scripting (XSS) vulnerability in a PAN-OS web interface
administration page (CVE-2018-9337). |
PAN-92163 | Fixed an issue where firewalls in an active/passive
HA configuration took longer than expected to fail over after you
configured them to redistribute routes between an Interior Gateway
Protocol (IGP) and Border Gateway Protocol (BGP). |
PAN-90952 | Fixed an issue on PA-5000 Series firewalls
where multicast traffic failed because PAN-OS did not remove stale
sessions from the hardware session offload processor. |
PAN-88388 | Fixed an issue where you could not export certificates
when you accessed the firewall web interface through Firefox v56,
Chrome v66, or later versions of either browser (Device > Certificate
Management > Certificates > Device Certificates). |
PAN-85299 | Fixed an issue on firewalls in an active/passive
HA configuration with link or path monitoring enabled where a failover
resulting from a link or path failure intermittently caused the
deletion of host, connected, static, and dynamic routes (both OSPF
and BGP) from the forwarding information base (FIB) on the firewall
peer that became active. The failover also caused intermittent sending
of unnecessary BGP withdrawal messages to BGP peers. With this fix,
you can prevent these issues by using the new set system
setting delay-interface-process interface <interface-name> delay <0-5000> CLI
command (default is 0ms; range is 0 to 5000ms). This command specifies
a delay period—after a link fails and before the firewall brings
down its associated interface—to provide enough time after failover
for the newly active firewall HA peer to become fully active and
to synchronize the correct route information with its peer. In most
deployments, the best practice is to set the delay to a period that
is greater than the sum of the Promotion Hold Time (default
2000ms) and Monitor Fail Hold Up Time (default
0ms). |
PAN-80263 | Fixed an issue where numerous simultaneous
LDAP connections (in the order of tens or more) caused the connections
between firewalls and User-ID™ agents to become stuck in the connecting
state. |
PAN-80246 | Fixed an issue where, after using a Panorama
management server running PAN-OS 7.1 to Force Template
Values when pushing device group or template configurations to firewalls
running an earlier PAN-OS release, FQDN refreshes failed on the
firewalls. |
PAN-78716 | Fixed an issue on the Panorama management server
and firewall where, after you added new administrator accounts and
those administrators logged in, the administrative roles you assigned
to those accounts had incomplete and therefore invalid configurations. |
PAN-78431 | Fixed an issue where firewalls in an active/passive
HA configuration with OSPF or BGP graceful restart enabled took
longer than expected to fail over. |
PAN-74054 | Fixed an issue on firewalls in an active/passive
HA configuration where a link-monitoring failure caused a delay
in OSPF convergence on the firewall that became active after HA
failover. |
PAN-71190 | Fixed an issue where the GlobalProtect gateway
did not establish an IPSec VPN tunnel with a peer after you Enable
X-Auth Support without specifying a Group Name or Group
Password (Network > GlobalProtect > Gateways > <gateway>
> Agent > Tunnel Settings). With this fix, commits fail with a validation
error when you Enable X-Auth Support without specifying
a Group Name and Group Password. |
PAN-60849 | Fixed an intermittent issue where
the firewall failed to refresh group-mapping information because
a group-mapping query job (show user group-mapping-service query
all) stalled. |
PAN-59291 | Fixed an issue where the firewall dataplane
restarted, causing temporary traffic loss, because the mprelay process
stopped responding while sending NetFlow updates. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.
