End-of-Life (EoL)
PAN-OS 7.1.20 Addressed Issues
PAN-OS® 7.1.20 addressed issues
The following table lists the issues that are addressed
in the PAN-OS® 7.1.20 release. For new features, associated software
versions, known issues, and changes in default behavior, see PAN-OS 7.1 Release Information.
Before you upgrade or downgrade to this release, review the information in Upgrade to PAN-OS 7.1.
Starting with PAN-OS 7.1.5, all unresolved known issues
and any newly addressed issues in these release notes are identified
using new issue ID numbers that include a product-specific prefix.
Issues addressed in earlier releases and any associated known issue
descriptions continue to use their original issue ID.
Issue ID | Description |
---|---|
PAN-103132 | A security-related fix was made to address
the FragmentSmack vulnerability (CVE-2018-5391 / PAN-SA-2018-0012). |
PAN-102750 | Fixed an issue with dataplane restarts on PA-5000
Series firewalls when multicast traffic matched a stale session
on the offload processor that was not cleared as expected. |
PAN-101585 | ( The following PA-7000 Series NPCs only:
PA-7000-20G-NPC, PA-7000-20GQ-NPC, PA-7000-20GXM-NPC, PA-7000-20GQXM-NPC ) Fixed
an issue where an egress buffer overflow that impacted internal packet
path monitoring caused a high availability (HA) failover.Additionally,
enhancements were made to flow control communication between the
traffic manager and flow engine components to improve system stability
during periods of heavy traffic. |
PAN-100594 | Fixed an issue where Panorama pushed stale
Dynamic Address Group updates when Panorama received most of the
updates from an NSX manager that contained multiple updates for
the same Dynamic Address Group. |
PAN-99780 | Fixed an issue where the second virtual system
(vsys) sent TCP traffic that was out-of-order when that second vsys
controlled the proxy session in a multi-vsys configuration. |
PAN-99590 | Fixed an issue where the firewall did not return
Captive Portal response pages as expected due to depletion of file
descriptors. |
PAN-98217 | Fixed an issue where user-account group members
in subgroups (n+1) were unnecessarily queried when nested level
was set to n. |
PAN-97881 | Fixed an issue where an administrator with
the CLI Device Read privilege was able to discard a session that
was revoked. |
PAN-95740 | Fixed an issue where multicast FIB entries
were inconsistent across dataplanes, which caused the firewall to
intermittently drop multicast packets. |
PAN-95407 | Fixed an issue where an API call resulted in
an incorrect response. |
PAN-94167 | Fixed an issue where a firewall forwarded a
deleted or expired IP address-to-username mapping to another firewall
through User-ID Redistribution but the receiving firewall still
displayed the mapping as an active IP address-to-username mapping. |
PAN-90689 | Fixed an issue where firewalls in an active/active
HA configuration dropped packets in IPSec tunnel traffic because
the secondary firewall didn't update the Encapsulating Security
Payload (ESP) sequence number during failover. |
PAN-90347 | Fixed an issue on a PA-5000 Series firewall
configured to use an IPSec tunnel containing multiple proxy IDs
(Network > IPSec Tunnels > <tunnel>
> Proxy IDs) where the firewall dropped tunneled traffic
after clear text sessions were established on a different dataplane
than the first dataplane (DP0). |
PAN-81698 | Fixed an issue where the firewall did not correctly
enforce administrative account expiration settings (Device > Setup > Management > Minimum Password
Complexity). |
PAN-80505 | Fixed an issue where a firewall was able connect
to Panorama using an expired certificate. |
PAN-80077 | Fixed an issue on PA-7000 Series firewalls
where users failed to authenticate when the Captive Portal host
session incorrectly timed out after 5 seconds. |
PAN-78634 | Fixed an issue in Panorama templates where
the Panorama management server allowed you to configure a firewall administrator Password (Device > Administrators >
<administrator>) that did not meet the minimum password length
settings (Device > Setup > Management > Minimum
Password Complexity). With this fix, Panorama prevents you from
saving a firewall administrator account with a password that does
not meet the minimum password length settings. |
Recommended For You
Recommended Videos
Recommended videos not found.