End-of-Life (EoL)
PAN-OS 7.1.7 Addressed Issues
PAN-OS® 7.1.7 addressed issues
The following table lists the issues that are addressed
in the PAN-OS® 7.1.7 release. For new features, associated software
versions, known issues, and changes in default behavior, see PAN-OS 7.1 Release Information.
Before you upgrade or downgrade to this release, review the information in Upgrade to PAN-OS 7.1.
Starting with PAN-OS 7.1.5, all unresolved known issues
and any newly addressed issues in these release notes are identified
using new issue ID numbers that include a product-specific prefix.
Issues addressed in earlier releases and any associated known issue
descriptions continue to use their original issue ID.
Issue ID | Description |
---|---|
PAN-70349 | Fixed an issue where external dynamic list
(EDL) objects lost IP addresses and returned 0.0.0.0 when two or
more EDL objects used in a security policy referenced the same source
URL. |
PAN-69546 | Fixed an issue on firewalls in an HA active/passive
configuration where, if you enabled LACP pre-negotiation, the egress
interface on the passive firewall transmitted packets that should
have been filtered, which caused packet loss when neighboring switches
incorrectly forwarded traffic to the passive firewall. With this
fix, the passive firewall correctly filters egress traffic. |
PAN-69485 | Fixed an issue where User-ID group mapping
did not retain groups retrieved from Active Directory (AD) servers
if there were any invalid groups in the group-mapping include list. |
PAN-68487 | Fixed an issue where the web interface displayed
24 ports instead of 14 ports for the PA-7000-20GQXM-NPC network
processing card. |
PAN-68045 | Fixed an issue on PA-7000 Series firewalls
where forwarding to WildFire failed due to an incorrect calculation
of file size. |
PAN-67986 | Fixed an issue where the dataplane restarted
due to a corruption in the QoS queue pointer. |
PAN-67587 | Fixed a rare condition where a dataplane process
(all_pktproc) stopped responding. |
PAN-67079 | Fixed an issue in PAN-OS 7.1.6 where SSL sessions
were discarded if the server certificate chain size exceeded 23KB. |
PAN-66540 | Fixed an issue where the management interface
and HA interfaces flapped during installation of a software upgrade,
which caused HA failover or split brain. |
PAN-65738 | Fixed an issue on firewalls in active/active
configuration where a newly created BFD profile disappeared after
you performed a commit operation on either of the peers. |
PAN-64662 | Fixed an issue where latency intermittently
spiked over 3ms for IPSec traffic. With this fix, the conditions
that contributed to latency spikes are addressed. |
PAN-64626 | Fixed an issue where a memory leak occurred
on a process (authd) after each commit, which caused restarts of
another process (mgmtsrvr) and affected access to the web interface. |
PAN-64435 | Fixed an issue on Panorama virtual appliances
where a process (configd) experienced high memory usage and stopped
responding, which caused commits to fail. |
PAN-64321 | Fixed an issue where Panorama did not update
the names of log forwarding profiles and zone protection profiles
in a template stack after renaming, which caused failures when pushing
the configuration to devices. |
PAN-64177 | Fixed an issue where the CLI command test custom-url
did not return the correct custom category. |
PAN-63901 | Fixed an issue where TCP sequence numbering
shifted when the firewall performed a decrypted session tear down
in the case of a fatal alert. |
PAN-63796 | Fixed an issue on PA-7000 Series firewalls
where internal looping of tunnel creation packets caused high dataplane
CPU usage. |
PAN-63038 | Fixed an issue on Panorama where traffic logs
retrieved by XML API query displayed IP addresses with subnet notation
instead of full IP addresses. This issue occurred when the administrator
using the query had a custom privacy configuration in the web interface
that had Show Full IP Addresses disabled. |
PAN-63021 | Fixed an issue where policy-based forwarding
(PBF) symmetric return traffic enforcement failed intermittently
because return MAC address entries aged-out prematurely. With this
fix, the firewall enforces symmetric return even when PBF return
MAC entries age out. |
PAN-62944 | Fixed an issue where the management server
process stopped responding when a Commit All job
was initiated from Panorama, which prevented managed devices from reporting
the commit job status back to Panorama. As a result, the commit
job appeared stalled in Panorama even after commits were successfully
completed on the managed devices. |
PAN-62212 | Fixed an issue where the Global Find window
was grayed-out and non-functional if you accessed it from the Browse
link when configuring an address object in a security policy. |
PAN-62050 | Fixed an issue where a User-ID redistribution
loop caused high management plane CPU usage. This issue occurred
when the User-ID redistribution configuration included three or
more firewalls, and the firewall encountered the same IP address
and timestamp for different users. |
PAN-61742 | Fixed an issue where the firewall incorrectly
identified BGP traffic as traceroute traffic, causing the wrong
policy to be applied to the traffic. |
PAN-61643 | Fixed an issue where locally created certificates
had duplicate serial numbers because the firewall did not check
the serial numbers of existing certificates signed by the same CA
when generating new certificates. |
PAN-61367 | Fixed an issue where the firewall failed to
send a TCP reset (RST) to the client-side and server-side devices
when an application had a reset-both deny action in its security
policy. |
PAN-60222 | Fixed an issue where Panorama allowed you to
configure a decryption type on No Decrypt policies. When Panorama
pushed these policies to firewalls, it set the decryption type to
the default value SSL Forward Proxy. With this fix, when you select
No Decrypt as a policy rule action, Panorama disables configuration
of the decryption type. |
PAN-60182 | In response to an issue where LACP flapped
intermittently due to negotiation failures, priority for LACP processing
is enhanced to mitigate flapping, and additional debug options are
added to help isolate negotiation failures. |
PAN-59870 | Fixed an issue where purged software packages
appeared in the list of uploaded software packages. With this fix,
the software list will no longer display purged software packages. |
PAN-59669 | Fixed an issue where Online Certificate Status
Protocol (OCSP) verification failed when using non-CA certificates.
With this fix, you can configure a non-CA certificate as an OCSP
Verify certificate (Device > Certificate Management > Certificates
Profile > Add). Note that if you use a non-CA certificate and then
downgrade to a PAN-OS release that does not include this fix, auto-commits
will work, but manual commits will fail. |
PAN-58744 | Fixed an issue where IPSec VPN tunnels failed
to establish if you used dynamic VPNs and mixed IKEv1 and IKEv2
on the static device. |
PAN-58582 | Fixed an issue where the hostname obtained
from a Panorama template for a firewall reverted to the default
hostname. This issue occurred after the management server process
on the firewall (mgmtsrvr) restarted following an event such as
a PAN-OS update or firewall restart. |
PAN-58520 | Fixed an issue where PDF exports of custom
reports generated using Run Now did not display hostnames obtained
from reverse DNS lookup. |
PAN-57874 | Fixed an issue where IPSec tunnels flapped
randomly because a race condition between two processes (mprelay
and pan_task) caused duplicate tunnel monitoring ICMP packets with
the same sequence numbers to be sent, which disrupted IPSec tunnel
state. |
PAN-57360 | Fixed an issue where the management server
process (mgmtsrvr) had an out-of-memory condition and restarted,
causing a loss of uncommitted changes. |
PAN-57181 | Fixed an issue on Panorama in an HA configuration
where synchronization failed after a commit with the message, Committing
mgt settings failed. Could not read merged running config from file.
This issue occurred when WildFire updates created a race condition
with HA synchronization. |
PAN-56569 | Fixed an issue where the top half of text lines
failed to display correctly in the PDF version of the App Scope
Threat Monitor Report (Monitor > App Scope > Threat Monitor). |
PAN-56189 | Fixed an issue where a custom role administrator
who had threat log viewing privileges disabled could view threat
logs in the Unified log view. |
PAN-55747 | Fixed an issue where websites failed to load
properly if you enabled SSL decryption. This issue occurred due
to an error in the handling of URL block pages and captive portal
redirects. |
Recommended For You
Recommended Videos
Recommended videos not found.