End-of-Life (EoL)

PAN-OS 7.1.21 Addressed Issues

PAN-OS® 7.1.21 addressed issues
The following table lists the issues that are addressed in the PAN-OS® 7.1.21 release. For new features, associated software versions, known issues, and changes in default behavior, see PAN-OS 7.1 Release Information. Before you upgrade or downgrade to this release, review the information in Upgrade to PAN-OS 7.1.
Starting with PAN-OS 7.1.5, all unresolved known issues and any newly addressed issues in these release notes are identified using new issue ID numbers that include a product-specific prefix. Issues addressed in earlier releases and any associated known issue descriptions continue to use their original issue ID.
Issue ID
Description
PAN-105724
Fixed an issue where the firewall did not generate a new random value in the TLS Server Hello message, which breaks TLSv1.3 connections when SSL Forward Proxy decryption is enabled.
PAN-104406
Fixed an intermittent issue where the replace device CLI command caused the configuration lock to stop responding.
PAN-104116
Fixed an issue where a hardware packet buffer leak caused firewall performance to degrade.
PAN-104073
Fixed an issue where the replace device old [serial number] new [serial number] command caused the configuration process (configd) to stop responding.
PAN-101378
Fixed an issue with firewalls in a high availability (HA) active/passive configuration where the firewall processed traffic in a suspended state.
PAN-101182
Fixed an issue where a system failure occurred due to packet size exceeding the hardware limit.
PAN-100985
Fixed an issue with PA-5000 Series, PA-5200 Series, and PA-7000 Series firewalls where the firewall fails to clear cache for refreshing the FQDN list, which periodically results in an out of memory condition that forces the firewall to reboot.
PAN-99110
Fixed an issue where a library (libpam_pan.so) did not handle incorrect passwords as expected.
PAN-98504
A security-related fix was made to address three OpenSSL vulnerabilities: CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739.
PAN-95819
Fixed an issue where a firewall did not apply the configured NAT policy during a predicted RTSP session.
PAN-93457
Fixed an issue where continuous renewal for a session that went into DISCARD state when the firewall reached its resource limit prevented the creation of new sessions that matched that DISCARD session.
PAN-92893
Fixed an issue that occurred during the reboot process and caused some firewalls to go in to maintenance mode.
PAN-84267
Fixed an issue where firewalls in an HA active/passive configuration stopped passing traffic when OSPF hello packets contained a duplicate router ID or when the passive peer leaked packets during a reboot.
PAN-77229
Fixed an issue on firewalls with SSL Forward Proxy decryption enabled where the dataplane restarted due to an out-of-memory condition after you performed multiple commits.
PAN-71361
Fixed an issue on PA-2000 Series firewalls where you were unable to access maintenance mode after a reboot.
PAN-69491
Fixed an issue where App-ID™ misidentified TCP traffic until cache timeout occurred.

Recommended For You