1. Home
    2. PAN-OS
    3. PAN-OS® Release Notes
    4. PAN-OS 7.1 Addressed Issues
    5. PAN-OS 7.1.5 Addressed Issues
    End-of-Life (EoL)

    PAN-OS 7.1.5 Addressed Issues

    PAN-OS® 7.1.5 addressed issues
    The following table lists the issues that are addressed in the PAN-OS® 7.1.5 release. For new features, associated software versions, known issues, and changes in default behavior, see PAN-OS 7.1 Release Information. Before you upgrade or downgrade to this release, review the information in Upgrade to PAN-OS 7.1.
    Starting with PAN-OS 7.1.5, all unresolved known issues and any newly addressed issues in these release notes are identified using new issue ID numbers that include a product-specific prefix. Issues addressed in earlier releases and any associated known issue descriptions continue to use their original issue ID.
    Issue ID
    Description
    PAN-63171
    Fixed an issue where, when using the GlobalProtect agent on a Mac OS X endpoint, the connection from the agent to the GlobalProtect gateway failed and the agent displayed the error Certificate error. Restart the service?.
    PAN-63080
    Fixed an issue where, if you had a custom response page that used a large binary object, a process (websrvr) stopped responding, which caused the captive portal to not function.
    PAN-62803
    Fixed an issue where, if you configured GlobalProtect to use certificate-based authentication, users on Chromebook endpoints received prompts to log on using username and password.
    PAN-62773
    Fixed an issue on VM-Series firewalls in an HA configuration where synchronization traffic lead to a condition where the firewall stopped responding.
    PAN-62589
    Fixed an issue on Panorama where a stack configuration was incomplete and failed with the error message Failed to create configuration for template, even though the composing templates had configuration entries present.
    PAN-62339
    Fixed an issue where a process (websrvr) restarted repeatedly during captive portal redirects because the redirect URL did not include required vsys and URL arguments.
    PAN-61818
    Fixed an issue where CPU utilization on the dataplane was higher than expected.
    PAN-61815
    Fixed a rare issue where VM-Series firewalls stopped generating traffic, threat or URL logs, or lost the ability to resolve the URL category.
    PAN-61547
    Fixed an issue where a process (snmpd) had a memory leak that caused frequent SNMP restarts.
    PAN-61521
    Fixed an issue on Panorama where, if you added a User-ID agent to a template in a template stack, and one of the templates in the stack did not have a User-ID agent specified, you would lose User-ID agents from templates in the stack.
    PAN-61146
    Fixed an issue where, if you changed or refreshed an FQDN configuration with a large number of IP address entries (more than 32 IPV4 and IPV6 entries) in a single FQDN object, the firewall or Panorama management server stopped responding.
    PAN-61046
    A security-related fix was made to address a cross-site request forgery issue (PAN-SA-2016-0032).
    PAN-60872
    Fixed an issue where WildFire falsely identified Microsoft Word files containing macros as suspicious.
    PAN-60830
    Fixed an issue on firewalls in an HA active-passive pair where HA configuration sync failed. This issue occurred when configuration sync from the active firewall happened while the passive firewall was in a state where a local commit failed. With this fix, configuration sync from the active firewall overwrites the configuration on the passive firewall, and configuration sync succeeds.
    PAN-60828
    Fixed an issue where a process (l3svc) restarted due to missing too many heartbeats, which caused the Captive Portal to fail to trigger.
    PAN-60819
    Fixed an issue where the dataplane restarted while processing a chain of tunnel packets.
    PAN-60667
    Fixed an issue where a process (devsrvr) restarted repeatedly due to a problem with the internal URL cache structure.
    PAN-60587
    Fixed an issue where the firewall did not provide a blocked page response if you accessed a blocked application over HTTPS.
    PAN-60568
    A security-related change was made to address a version disclosure in GlobalProtect (PAN-SA-2016-0026).
    PAN-60444
    Fixed an issue where SCEP enrollment failed when parsing CA certificates sent by the Aruba ClearPass server.
    PAN-60002
    Fixed an issue where, if you configured virtual routers with OSPF Type-5 external routes with non-zero forward addresses, the routing tables of some virtual routers did not contain the routes. With this fix, OSPF Type-5 external routes install as expected in the virtual routers.
    PAN-59778
    Fixed an issue where, in very rare cases, the firewall forwarded frames to incorrect ports because duplicate MAC address entries were present in the offload processor MAC table. With this fix, the offload processor will not have duplicate MAC address entries in the MAC table.
    PAN-59704
    Fixed an issue on VM-Series firewalls where, if path monitoring for HA used IPv6 addressing, the firewall used the wrong IPv6 address and path monitoring checking failed.
    PAN-59634
    Fixed an issue in WildFire that led to a false negative detection on a malicious file. With this fix, WildFire detects malicious files that launch via powershell.exe.
    PAN-59565
    Fixed an issue where exported log files did not correctly escape certain characters, such as commas (,), backslashes (\), and equal-to operators (=).
    PAN-59470
    Fixed an issue where the firewall brought down a tunnel that terminated at an IKE gateway configured for dynamic IP addressing when the IP address of the gateway changed. With this fix, the firewall does not bring down a tunnel if the IKE gateway dynamic IP address changes.
    PAN-59451
    Fixed an issue where the captive portal response page did not display the user's IP address as specified by the <user/> variable in the HTML code for the page.
    PAN-59315
    Fixed an issue where a delay occurred on HA failover following a control plane failure on the active firewall.
    PAN-5925 898112
    Fixed an issue on firewalls in an HA active/active configuration where session timeouts for some traffic were unexpectedly refreshed after a commit or HA sync attempt. However, in PAN-OS 7.1.4, this issue is fixed only for an HA pair where both peers are running a PAN-OS 7.1 release; this issue is not fixed in a configuration where one firewall is running a PAN-OS 7.1 release and the other is running a PAN-OS 7.0 or earlier release.
    PAN-58896
    Fixed an issue where, if you used the CLI command request system fqdn show to display FQDN objects, the firewall displayed extra IP addresses that were not associated with the FQDN.
    PAN-58885
    Fixed an issue where dataplane CPU usage became excessive.
    PAN-58816
    Fixed an issue where, if you configured multiple virtual systems (Vsys) with non-consecutive identifying numbers, an SNMP poll of the panVsysActiveSessions OID incorrectly showed zero session values for some virtual systems. With this fix, SNMP polling output is correct and matches the equivalent CLI output of the same data.
    PAN-58657
    Fixed an issue on PA-7000 Series firewalls where a slot stopped responding due to a memory condition.
    PAN-58322
    Fixed an issue where, if you monitored server status from the user interface, the connection state appeared to toggle between the connected and disconnected states even though the server remained connected. This issue occurred for servers with agentless user mapping when you selected Enable Session in Device > User Identification > User Mapping > Palo Alto Networks User-ID Agent Setup > Server Monitor.
    PAN-58086
    Fixed an issue where a process (devsrvr) restarted if you committed a configuration that used more than 64 vendor IDs in a single vulnerability protection rule. With this fix, if you commit a configuration with more then 64 vendor IDs in a single rule, you receive a warning that you have exceeded the maximum number of IDs, and the process restart does not occur.
    PAN-57659
    A security-related fix was made to address a cross-site scripting (XSS) condition in the web interface (PAN-SA-2016-0031).
    PAN-57464
    Fixed an issue where end users experienced delays because the firewall sent an RST packet without an ACK flag to the client. This issue occurred when the firewall applied a security policy action of Reset Client or Reset Both.
    PAN-57383
    Fixed an issue where SSL decrypted traffic that used an unsupported RSA key size of 16384 caused the dataplane to restart.
    PAN-57323
    Fixed an issue where VPN traffic went into a discard state because the firewall allowed packets to be sent through the tunnel prior to the completion of the IKE Phase 2 re-key process.
    PAN-57200
    Fixed an issue where you could not restart certain firewall processes from the CLI without root access. With this fix, you can now restart these processes (bfd, cryptod, dhcpd, ikemgr, keymgr, and pppoed) using the CLI command debug software restart process. See CLI Changes in PAN-OS 7.1 for more information.
    PAN-57054
    Fixed an issue where, if you redistributed User-ID mapping information and the mapping used a timeout value of NEVER, the firewall incorrectly changed the timeout value to 3600.
    PAN-56937
    Fixed an issue where, if you viewed a configuration diff on the active Panorama server in an HA pair, a process (configd) restarted on the passive Panorama server.
    PAN-56924
    Fixed an issue where Panorama incorrectly removed the LDAP domain field when it pushed a template configuration to a firewall running a PAN-OS 6.x release. This issue occurred in a configuration where Panorama used a PAN-OS 7.x release and firewalls used a mixture of PAN-OS 6.x and PAN-OS 7.x releases.
    PAN-56918
    Fixed an issue where firewalls did not recognize malware that had been Base64 encoded in a zipped RTF file. This issue occurred during an SMTP session.
    PAN-56650
    Fixed an issue where a log collector failed to send the system log to the active Panorama peer in an HA active/passive Panorama configuration after the active peer restarted.
    PAN-56580
    Fixed an issue where throughput in an IPSec tunnel was lower than expected. With this fix, the firewall defaults the DSCP field to 0 for ESP packets to improve performance.
    PAN-56456
    Fixed an issue where, if you implemented an authorization profile for OSPF with MD5 authentication on a firewall configured for FIPS-CC mode, the dataplane restarted.
    PAN-56438
    Fixed an issue where the internal value for block time in the Denial of Service (DoS) table exceeded the configured block time. This issue occurred on firewalls installed in an HA configuration.
    PAN-56280
    Fixed an issue where the firewall displayed the status of a 10G SFP+ virtual wire interface as 10000/full/up when the configured state of the interface was auto/auto/down. This issue occurred when Link State Pass Through in Network > Virtual Wires was enabled.
    PAN-56221
    A security-related fix was made to address a cross-site scripting (XSS) condition in the web interface (PAN-SA-2016-0033).
    PAN-56200
    Fixed an issue where the firewall allowed access to the search engine's cached version of a web page even though the page belonged to a URL category blocked by a policy.
    PAN-56034
    Fixed an issue where WildFire platforms experienced nonresponsive processes and sudden restarts under certain clients' traffic conditions.
    PAN-55996
    Fixed an issue where the dataplane restarted when processing SSL packets with an oversized Layer 2 header.
    PAN-55993
    Fixed an issue where user authentication based on user groups stopped working after you enabled the multiple virtual systems (multi-vsys) feature.
    PAN-55560
    Fixed an issue where a memory condition caused the dataplane to restart with the message Dataplane is down: too many dataplane processes exited.
    PAN-55190
    Fixed an issue where the firewall failed to resolved URLs on the dataplane. This issue occurred when an out-of-memory error caused faults in the URL cache. With this fix, the firewall handles out-of-memory errors correctly, allowing proper resolution of URLs.
    PAN-54696
    Fixed an issue where incorrect handling of selective-acknowledgment (SACK) packets caused a decrease in download speeds on SSL-decrypted traffic.
    PAN-54309
    Fixed an issue in Panorama and where the default value of Save User Credentials in Network > GlobalProtect > Portals > GlobalProtect-portal-config > Agent > agent-config > Authentication was No when it should have been Yes.
    PAN-54196
    Fixed an issue where the firewall did not increment the packet identifier of RADIUS Access-Request packets as required by the RFC standard.
    PAN-52379
    A security-related fix was made to address CVE-2015-5364 and 2015-5366 (PAN-SA-2016-0025).
    PAN-52202
    Fixed an issue where Panorama, when configured with a log collector, showed logs for a previous date and did not refresh the log display to show the latest logs.
    PAN-49329
    Fixed an issue where a firewall configured to block URL categories over HTTPS did not send a FIN/ACK to the browser to close the connection after sending a block page. This issue occurred for firewalls configured to perform NAT.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo