End-of-Life (EoL)
PAN-OS 7.1.2 Addressed Issues
PAN-OS® 7.1.2 addressed issues
The following table lists the issues that are addressed
in the PAN-OS® 7.1.2 release. For new features, associated software
versions, known issues, and changes in default behavior, see PAN-OS 7.1 Release Information.
Before you upgrade or downgrade to this release, review the information in Upgrade to PAN-OS 7.1.
Issue ID | Description |
---|---|
95120 | Fixed an issue where authentication failed
on the GlobalProtect gateway because the client tried to authenticate
using cookies with domain\user specified in the agent configuration. |
95021 | Fixed an issue where the VLAN ID was added
in the wrong location in the packet payload in Layer 2 deployments,
which caused some applications to fail. |
94990 | Fixed an issue where the User-ID (useridd)
process stopped responding when encountering a custom URL category
that included a space (" ") character in the category name. |
94939 | Fixed an issue where strongSwan Linux VPN clients
failed to connect to the GlobalProtect gateway because the firewall
presented a server certificate that did not include a Common Name
(CN) value. |
94883 | Fixed an issue on firewalls that were upgraded
from a PAN-OS 7.0 release to a PAN-OS 7.1 release where GlobalProtect
prevented third-party IPSec (X-Auth) clients from connecting to
the GlobalProtect gateway. With this fix, you can now upgrade from
a PAN-OS 7.0 release to a PAN-OS 7.1.2 or later release to prevent
this issue. If your GlobalProtect firewall is already running
a PAN-OS 7.1.0 or 7.1.1 release, you must downgrade to
a PAN-OS 7.0 release before upgrading to a PAN-OS 7.1.2
or later release to prevent this issue from occurring after the
upgrade. |
94695 | Fixed an issue where the firewall failed to
connect to AutoFocus unless you manually re-entered the URL in the
AutoFocus settings (Device > Setup > Management)
even though the URL was correctly pre-configured. With this fix,
the firewall connects to AutoFocus as expected using the prepopulated
AutoFocus URL. |
94571 | Fixed an issue where commits failed if you
configured two proxy IDs on a single tunnel using the same source,
destination subnets, and protocol because the proxy IDs appeared
to be duplicates of each other even though they were configured
with different ports. With this fix, the firewall also uses the
port value when determining whether proxy IDs are unique or duplicates. |
94493 | Fixed an issue where Panorama™ Device Group
and Template administrators were unable to perform commits because
the Commit dialog opened and immediately closed without allowing
administrators to modify, preview, or confirm their commit requests. |
94437 | Fixed an issue where configurations pushed
from Panorama running a 7.1 release to a firewall running PAN-OS
7.0 or earlier release incorrectly deleted the gateway configuration
even when address objects were not included in the pushed configuration.
With this fix, the gateway configuration is deleted only when the
pushed configuration includes address objects. |
94408 | Fixed an issue where predefined URL categories
were not populated in Security and Decryption policy rules as expected
when using BrightCloud as the URL database. |
93961 | Fixed an issue were a process (configd or mgmtsrvr)
restarted due to the use of special characters (such as a bracket
character—" [ " or " ] "—in a search field (for example, in the
Address section). |
93882 | Fixed an issue where you were unable to deploy
a VM-Series firewall using a VHD exported from an existing VM-Series
firewall in Azure. |
93865 | Fixed an issue on an M-100 appliance in Log
Collector mode where locally-created proxy configurations were lost
when a commit was performed from Panorama. With this fix, locally-created
proxy configurations persist after a Panorama commit. |
93855 | Fixed an issue where the DNS proxy template
object that was pushed from Panorama did not override that object
on the firewall as expected. |
93775 | Fixed an issue where packet diagnostics failed
due to an unnecessarily large debug log related to HA3 packet forwarding. |
93644 | Fixed an issue on PA-3000 Series firewalls
where processing jumbo frames that were larger than 7,000 bytes
during a period of heavy traffic caused the FPGA to stop responding.
With this fix, the FPGA thresholds are adjusted to correctly handle
up to 9KB jumbo frames. |
93612 | A security-related fix was made to address
a privilege escalation issue (PAN-SA-2016-0015). |
93526 | Fixed an issue where the web interface and
CLI reported that configurations were out of sync between HA peers
even when the peers were in sync. With this fix, sync status is
reported correctly. |
93508 | Fixed an issue where a process (logrcvr) stopped
responding and restarted repeatedly after an upgrade to content
release version 571, which caused the firewall to reboot. Content
release version 572 mitigated this issue but this fix ensures that
firewalls running PAN-OS 7.1.2 or later releases will not be affected
by this issue. |
93449 | Fixed an issue where the API browser displayed
the incorrect XML API syntax for the show arp all command. |
93395 | Fixed an issue on firewalls and Panorama running
a 7.1.0 or 7.1.1 release where the firewall mgmtsrvr or
Panorama reportd process stopped responding and
caused the process to restart after displaying the following message: SYSTEM
ALERT : critical : mgmtsrvr (or reportd) -
virtual memory limit exceeded, restarting . This issue
was caused by a memory leak that occurred when viewing logs of single
log types (such as Traffic or Threat). |
93367 | Fixed an issue where ACC logs did not resolve
IP addresses to FQDN under destination IP activity. |
93333 | Fixed an issue where the firewall did not properly
process active FTP data sessions if the FTP client reused—within
a short period of time—the destination port number that was negotiated
in the FTP control session. |
93240 | PAN-OS 7.1.2 and later releases are enhanced
to prevent an issue where multiple SFP+ ports coming up at the same
time resulted in a race condition that caused ports to enter a re-initialization
phase that added several seconds delay before ports came up. |
93228 | Fixed an issue on PA-7050 firewalls in an HA
active/active configuration where jumbo frames that included the
DF (do not fragment) bit were dropped when crossing dedicated HA3
ports. |
92979 | Fixed an issue on Panorama where the Administrator
Use Only option (Template > Device > Radius
Profile) was not displayed in the web interface. |
92763 | Fixed an issue where commits failed due to
a validation error that occurred when Panorama pushed Authentication
Sequence profiles that included a virtual system that was not migrated
properly during an upgrade from a Panorama 6.1 release to a Panorama
7.0 or later release. |
92677 | Fixed an issue where the Comodo® RSA certificate
authority (CA) was not included in the default trusted root on the
firewall, which caused SSL decryption to fail on sites using this
as their CA. |
92642 | Fixed an issue on Panorama (virtual and M-Series
appliances) where a process (configd) stopped responding when triggering
a commit very soon after a reboot and before a database required
for the commit process was ready for use. Additionally, administrators
received an error message (Administrator does not have access to
any device-group data) when they attempted to view Monitor > Logs information or ACC information
on the Panorama web interface before the database was ready. With
this fix, this database loads faster so that commits and attempts
to view Monitor > Logs and ACC information
are successful even when attempted immediately following a reboot
of Panorama. |
92413 | A security-related change was made to address
a boundary check that caused a service disruption of the captive
portal (PAN-SA-2016-0013). |
92391 | Fixed an issue where firewall Traffic logs
displayed unusually large byte counts for sessions passing through
proxy servers. |
92082 | Fixed an issue where an administrator with
read-only privilege was unable to export Correlated Events logs
in CSV format. |
92050 | Fixed an issue on a PA-3000 Series firewall
running a PAN-OS 7.0.1 or later release with zone protection configured
to drop fragmented traffic where outgoing OSPF DB Description packets
were fragmented and subsequently dropped, which caused the OSPF
neighbor status to get stuck in Exchange state. |
91998 | Fixed an issue where the set application
dump on rule CLI command did not work for Security policy
rules pushed to firewalls from Panorama. |
91785 | Fixed an issue where a Panorama process (configd)
stopped responding when trying to add tags to multiple firewalls
at the same time. |
91724 | Fixed an issue where an autocommit of an incremental
antivirus update failed after a reload due to a corrupt virus signatures
file and a failed incremental installation. With this fix, incremental
content installation has enhanced protections to prevent autocommit
failures, and will log additional information to assist with troubleshooting. |
91395 | Fixed an issue where the simultaneous transfer
of large files from two different SMB servers over a GlobalProtect
connection from a Windows 8 client caused the connection to fail.
With this fix, you can enable heuristics on Windows 8 clients or
set the tunnel interface MTU size to 1,300 to avoid this issue. |
91379 | Fixed an issue where an out-of-sequence packet
was passed through the firewall. |
91156 | Fixed an issue on Panorama where performing
log queries and reports resulted in incorrect reporting of multiple
Panorama logged-in administrators on PA-7000 firewalls. |
91079 | Fixed an issue on a VM-Series firewall where
an ungraceful reboot caused Dynamic IP address information to get
out of sync. |
90856 | Fixed an issue where the dialog for creating
certificates and the dialog for editing certificates had different
character limits for the certificate name. With this fix, the certificate
name field in both dialogs allows up to 63 characters. |
90826 | Fixed an issue where unused shared objects
were calculated incorrectly during a commit from Panorama due to
address and service name overlaps. |
90044 | Fixed an issue where log forwarding in Panorama
failed when using syslog over TCP. |
90029 | Fixed an issue where a GlobalProtect gateway
rejected the same routes learned from different LSVPN satellites
when the routes were destined for a different virtual router. |
89925 | Fixed an issue where PAN-OS 7.1 images failed
to bootstrap a firewall if the bootstrapping tarball package was
created using a Mac OS (BSD-based tar format). With this fix, you
can bootstrap firewalls with PAN-OS 7.1.2 or later release images
using a BSD-based tarball created using a Mac OS. |
89620 | Fixed an issue where SSL inbound decryption
failed when a client sent a ClientHello with TLS 1.2 while the server
supported only TLS 1.0. |
89264 | Fixed an issue where DNS resolution failed
when message compression was disabled on the DNS server, which resulted
in case mismatch between CNAME query and answer values in DNS server
replies. With this fix, the firewall ignores case in CNAME values
so that query and answer values match and DNS requests resolve successfully. |
89261 | Fixed an issue where you could not display
interface QoS counters when the CLI output mode was set to op-command-xml-output . |
88157 | Fixed an issue with reduced throughput for
traffic originating on the firewall and traversing a VPN tunnel. |
86996 | Fixed an issue where Traffic logs reported
cumulative bytes for sessions with TCP port reuse, which caused
custom reports to incorrectly report the byte count. |
86990 | Fixed an issue on a firewall where a process
(sslvpn) repeatedly restarted due to an internal thread synchronization
issue. |
84641 | Fixed an issue where some DNS requests were
forwarded to the wrong DNS server—the one previously but no longer
configured on the firewall. |
83722 | Fixed an issue where destination-based service
routes did not work for RADIUS authentication servers. |
83569 | Fixed an issue where multiple QoS changes while
under a heavy load caused the dataplane to restart. |
83339 | Fixed an issue with the web interface where
uncommitted IPSec proxy ID details were unexpectedly deleted prior
to commit. |
80177 | Fixed an issue where the firewall did not present
the URL block page as expected when proxied request from client
used CONNECT method. |
77460 | Fixed an issue on a firewall with an expired
BrightCloud license where the specified vendor was unexpectedly
and automatically changed from BrightCloud to PAN-DB when any feature
auth code was pushed from Panorama to the firewall. |
76661 | Fixed an issue where voltage alarms were triggered
incorrectly (voltage was within the appropriate range). |
74443 | A security-related fix was made to address
CVE-2015-0235. |
40436 | Fixed an issue where firewalls running PAN-OS
7.0 and earlier releases did not update FQDN entries unless you
enabled the DNS proxy caching option (Network > DNS
Proxy > < DNS Proxy config > > Advanced). |
Recommended For You
Recommended Videos
Recommended videos not found.