End-of-Life (EoL)

PAN-OS 7.1.21 Addressed Issues

PAN-OS® 7.1.21 addressed issues
The following table lists the issues that are addressed in the PAN-OS® 7.1.21 release. For new features, associated software versions, known issues, and changes in default behavior, see PAN-OS 7.1 Release Information. Before you upgrade or downgrade to this release, review the information in Upgrade to PAN-OS 7.1.
Starting with PAN-OS 7.1.5, all unresolved known issues and any newly addressed issues in these release notes are identified using new issue ID numbers that include a product-specific prefix. Issues addressed in earlier releases and any associated known issue descriptions continue to use their original issue ID.
Issue ID
Fixed an issue where the firewall did not generate a new random value in the TLS Server Hello message, which breaks TLSv1.3 connections when SSL Forward Proxy decryption is enabled.
Fixed an intermittent issue where the replace device CLI command caused the configuration lock to stop responding.
Fixed an issue where a hardware packet buffer leak caused firewall performance to degrade.
Fixed an issue where the replace device old [serial number] new [serial number] command caused the configuration process (configd) to stop responding.
Fixed an issue with firewalls in a high availability (HA) active/passive configuration where the firewall processed traffic in a suspended state.
Fixed an issue where a system failure occurred due to packet size exceeding the hardware limit.
Fixed an issue with PA-5000 Series, PA-5200 Series, and PA-7000 Series firewalls where the firewall fails to clear cache for refreshing the FQDN list, which periodically results in an out of memory condition that forces the firewall to reboot.
Fixed an issue where a library (libpam_pan.so) did not handle incorrect passwords as expected.
A security-related fix was made to address three OpenSSL vulnerabilities: CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739.
Fixed an issue where a firewall did not apply the configured NAT policy during a predicted RTSP session.
Fixed an issue where continuous renewal for a session that went into DISCARD state when the firewall reached its resource limit prevented the creation of new sessions that matched that DISCARD session.
Fixed an issue that occurred during the reboot process and caused some firewalls to go in to maintenance mode.
Fixed an issue where firewalls in an HA active/passive configuration stopped passing traffic when OSPF hello packets contained a duplicate router ID or when the passive peer leaked packets during a reboot.
Fixed an issue on firewalls with SSL Forward Proxy decryption enabled where the dataplane restarted due to an out-of-memory condition after you performed multiple commits.
Fixed an issue on PA-2000 Series firewalls where you were unable to access maintenance mode after a reboot.
Fixed an issue where App-ID™ misidentified TCP traffic until cache timeout occurred.

Recommended For You