End-of-Life (EoL)
PAN-OS 7.1.3 Addressed Issues
PAN-OS® 7.1.3 addressed issues
The following table lists the issues that are addressed
in the PAN-OS® 7.1.3 release. For new features, associated software
versions, known issues, and changes in default behavior, see PAN-OS 7.1 Release Information.
Before you upgrade or downgrade to this release, review the information in Upgrade to PAN-OS 7.1.
Issue ID | Description |
---|---|
98602 | Fixed an issue where the Panorama management
server had a memory increase due to syncing of WildFire reports
from Panorama to log collectors. |
97313 | Fixed an issue where the management plane of
Panorama M-100 and M-500 appliances stopped responding when renaming
objects or Security policy rules due to memory corruption. |
96792 | Fixed an issue where commits failed due to
a memory leak related to HA sync of the candidate configuration
that caused the passive Panorama peer to stop responding. |
96634 | Fixed an issue where a certificate signing
request (CSR) using Simple Certificate Enrollment Protocol (SCEP)
over SSL failed due to buffer limit (signing over non-SSL worked
correctly). |
96140 | Fixed an issue where disabling and importing
local copies of Panorama policies and objects resulted in exclusion
of Log Forwarding profile imports on multiple virtual systems (multi-vsys). |
95747 | VLAN tag translation is enhanced so that the
firewall now preserves the Priority Code Point value (802.1P) in
the Layer 2 VLAN tag field when receiving a frame on one VLAN Tag
port and then forwarding it to another VLAN Tag port. See Changes
to Default Behavior for more information about this enhancement
in PAN-OS 7.1.3 and about further enhancements in PAN-OS 7.1.5. |
95275 | Fixed an issue where a role-based administrator
could view unified logs under the Monitor tab
but could not export these logs. |
95133 | Fixed an issue where firewall incorrectly applied
Policy Based Forwarding (PBF) to sessions created via prediction
(such as ftp-data sessions). |
95047 | Fixed an issue where PAN-OS log integration
with AutoFocus did not use proxy server settings. |
94930 | Fixed an issue where firewall running on a
VMware NSX edition firewall had incorrect address-group objects
pushed via Panorama updates. |
94914 | Fixed an issue where a firewall running PAN-OS
7.1 failed to block HTTP-Video applications. |
94790 | Fixed an issue where dataplane CPU usage became
excessive after upgrading from PAN-OS 7.0 to PAN-OS 7.1. |
94765 | Fixed an issue where NAT translation did not
work as expected when the administrator deleted a virtual system
(vsys) from a firewall with multiple virtual systems (multi-vsys)
and NAT rules configured without first deleting NAT rules associated
with the vsys. With this fix, when an administrator deletes a vsys,
the firewall automatically deletes NAT rules associated with that
vsys. |
94573 | Fixed an issue where a firewall dropped incoming
PSH+ACK segments from the server. |
94570 | Fixed an issue where role-based Panorama administrators
were unable to perform commits because the Commit dialog opened
and immediately closed without allowing these administrators to
modify, preview, or confirm their commit requests. |
94533 | Fixed an issue where Panorama pushed unused
shared address objects to the firewall when the name of the object
matched another pushed address object from the device group for
that firewall even though the Share Unused Address and
Service Objects with Devices option was unchecked. |
94435 | Fixed an issue where a firewall failed to learn
of OSPF neighbors that were on interfaces configured with a maximum
transmission unit (MTU) of 9216 because the OSPF database exchange
could fail for jumbo packets. |
94282 | Fixed an issue on PA-7000 Series firewalls
configured as HA pairs where, after the active firewall failed over
to become the passive firewall, the newly passive firewall restarted
with the error message: internal packet path monitoring
failure . With this fix, the firewall will not restart
after becoming passive. |
94165 | Fixed an issue where the firewall generated
WildFire Submissions logs with an incorrect email subject and sender
information when sending more than one email to a recipient in a
POP3 session. |
94136 | Fixed an issue where a PA-200 firewall reported
an antivirus update job as successful when the update downloaded
without installing. With this fix, a larger timeout value allows
the installation to complete. |
94097 | Fixed an issue where the firewall did not log
email sender, receiver, or subject in WildFire Submissions log. |
93783 | Fixed an issue where autocommit failed if an
administrator configured an IPSec tunnel using the manual-key method. |
93778 | Fixed a rare issue where a bind request from
the firewall to the LDAP server failed. |
93770 | Fixed an issue where the firewall interpreted
a truncated external dynamic list IP address (such as 8.8.8.8/)
as 0.0.0.0/0 and blocked all traffic. With this fix, the firewall
ignores incorrectly formatted IP address entries. |
93729 | Fixed an issue where SSH decryption caused
a dataplane memory leak and restart. |
93667 | Fixed an issue where the GlobalProtect endpoint
incorrectly failed the Host Information Profile (HIP) evaluation
when there is an empty missing-patch tag in the HIP Report and the Check setting
for patch management in HIP Objects criteria was set to has-all (Objects > GlobalProtect > HIP
Objects > Patch Management > Criteria). |
93458 | Fixed an issue where WildFire platforms experienced
non-responsive processes and sudden restarts under certain customer-specific
traffic conditions. |
93276 | In PAN-OS 7.1.3 and later releases, the Application
Command Center (ACC) includes the following usability enhancements:
|
93218 | Fixed an issue where an administrator who is
not a superuser was unable to view detailed configuration changes
using Logs > Configuration. With this
fix, administrators of all types are able to view detailed configuration changes. |
92934 | Fixed an issue where a firewall configured
for DHCP relay (with multiple DHCP relays or in certain firewall
virtual system configurations) rebroadcast a DHCP packet on the
same interface that received the packet, which caused a broadcast
storm. With this fix, the firewall drops duplicate broadcasts instead
of retransmitting them. |
92912 | Fixed an issue on Panorama where an administrator
received a File not found error when attempting
to view a threat packet capture (pcap). |
92684 | Fixed an issue where a process (l3svc) stopped
responding when processing a large number of user authentication
requests. |
92610 | Fixed an issue on PA-200 firewalls where the
firewall stalled during boot-up after an upgrade from PAN-OS 6.1.12
or an earlier PAN-OS 6.1 release to a PAN-OS 7.0 or later release. |
92467 | Fixed an issue on Panorama where exporting
the device state failed if a running-config.xml file already existed
in the target location, which resulted in one or more Server
error messages. With this fix, the new device state file
exports as expected. |
91726 | Fixed an issue where using the hold and resume
features during a call resulted in one-way audio when the call manager
or SIP proxy was in a different zone than either the called or the
calling party. |
91497 | Fixed an issue where stale next-hop MAC entries
persisted on the session offload processor after you modified a
subinterface configuration, which caused SSH connections to fail.
With this fix, the management plane cache no longer duplicates next-hop
MAC entries, which prevents the stale entries that caused SSH connections
to fail. |
91269 | Fixed an issue where the firewall restarted
the dataplane after a process stopped responding. |
91202 | Fixed a user interface issue on firewalls and
Panorama where searches on Correlated Events logs using classless
subnets (for example, /21 instead of /24) failed to give the correct
results. |
91171 | Fixed the issue where, if the firewall processed
a high volume of BFD sessions for routing peers that use BGP, OSPF
or RIP, and the firewall also processed a high volume of packets
belonging to existing sessions that were not offloaded, the BFD
sessions to those peers flapped when the firewall received a content
update. |
91086 | Fixed an issue where PA-7000 Series firewalls
experienced BGP disconnections because the firewall failed to send
keepalive messages to neighbors within specified timers. |
90691 | Fixed an issue on firewalls running a PAN-OS
7.0 or later release where the web interface became inaccessible
(502 bad gateway error) when sending a high rate of concurrent
User-ID XML API POST requests. |
90618 | Fixed an issue on Panorama where creating an
exemption for a threat name from the Threat log caused the web interface
to display the exemption multiple times depending on the number
of sub-device groups. After the fix, the interface correctly displays
only one profile name. |
90596 | Fixed an issue on PA-5000 Series firewalls
where the FPGA did not initialize. With this fix, the FPGA is automatically
reprogrammed after an initialization failure so that it can attempt
to reinitialize (multiple times) before triggering a boot failure. |
90560 | Fixed an issue where the firewall did not authenticate
a syslog server's certificate signed by a trusted root certificate
authority (CA) included in the predefined trusted root certificate
list, which caused connection issues with syslog forwarding over
SSL. With this fix, the firewall can authenticate the syslog server's
certificate and can establish SSL connections. |
90508 | A security-related fix was made to address
CVE-2016-0777 and CVE-2016-0778 (PAN-SA-2016-0011). |
90326 | Fixed an issue on PA-7000 Series firewalls
where Botnet reports were not created consistently due to a log
cleanup job that ran just before the Botnet reports were generated,
which—on some days—resulted in empty or no Botnet reports. With
this fix, the botnet log cleanup job takes place after the daily
generation of Botnet reports so that daily reports are created and
populated as expected. |
90256 | Fixed an issue where decrypted SSH sessions
were not mirrored to the decrypt mirror interface as expected. |
89984 | A security-related fix was made to address
a stack overflow condition (PAN-SA-2016-0024). |
89551 | Fixed an issue where User Activity Reports
delivered via the Email Scheduler were empty if the username contained
German language-specific characters. |
89007 | Fixed an issue where VM-Series firewalls deployed
in AWS firewalls used UDP port 24946 for HA2 keep-alive packets
instead of UDP port 29281. |
88334 | Fixed an issue where the firewall restarted
unexpectedly when trying to delete a tunnel interface configuration. |
88307 | Fixed an issue where the dataplane restarted
and dataplane processes stopped responding when passing SSH traffic
using SSH decryption. |
88194 | Fixed an issue where Panorama did not log if
the Force Template Values option was in the checked
state when applying a template or Device Group commit. With this
fix, the Panorama logs will indicate if the Force Template
Values option is in the checked state when doing a template
or Device Group commit. |
88029 | Fixed an issue where, after an upgrade, the
firewall did not use the previously configured system-wide proxy
configuration (Device > Setup > Services) for accessing the WildFire
public cloud (PAN-OS 7.0 introduced a separate WildFire proxy configuration Device
> Setup > WildFire). With this fix, the upgrade process automatically
uses the previous proxy configuration when creating the WildFire
public cloud configuration. |
84461 | Fixed a Panorama issue where the virtual memory
for a process (configd) exceeded its allocation, which caused commit
and HA sync attempts to fail. |
83165 (PAN-49890) | Fixed an issue where exporting custom reports
to CSV, XML, and PDF failed. |
83008 | Fixed an issue where VM-Series firewalls experienced
packet loss. With this fix, an internal buffer is increased in size
to prevent the packet loss. |
Recommended For You
Recommended Videos
Recommended videos not found.