End-of-Life (EoL)
PAN-OS 8.0.1 Addressed Issues
PAN-OS 8.0.1 addressed issues
Issue ID | Description |
|---|---|
WF500-4098 | Fixed an issue in a WildFire appliance cluster
that had three nodes where decommissioning the active (primary)
controller node failed. |
PAN-74932 | Fixed an issue where the direction ( dir ) parameter
used in type=log XML API requests was incorrectly made
a required parameter, which caused applications that use the type=log request
to fail when the dir argument was not
included in the request. With this fix, the direction parameter
is again optional. |
PAN-74829 | Fixed an issue where Authentication policy
incorrectly matched traffic coming from known users—those included
in the Terminal Services (TS) agent user mapping—and displayed the
captive portal page. With this fix, only unknown users are directed
to the captive portal page. |
PAN-74367 | Fixed an issue where some platforms did
not connect to BrightCloud after you upgraded to PAN-OS 8.0. |
PAN-74264 | Fixed an issue where new fields in Threat
and HIP Match logs were inserted between existing fields, which
disrupted some third-party integrations. With this fix, the new
fields are appended at the end of all pre-existing fields. |
PAN-73977 | Fixed an issue where firewalls and Panorama
did not forward logs as expected when the local machine time was
not set to current local time and was set to a time between current
UTC time and current UTC time plus < n >, where <n >
is the UTC+<n > value for the current time zone. |
PAN-73964 | Fixed an issue where you could not upgrade VM-Series firewalls on AWS in an HA configuration to
PAN-OS 8.0. With this fix, you can upgrade VM-Series firewalls on
AWS in an HA configuration to PAN-OS 8.0.1 or a later PAN-OS 8.0
release. |
PAN-73877 | Fixed an issue where you were unable to
generate a SAML metadata file for Captive Portal or GlobalProtect
when the firewall had multiple virtual systems because there were
no virtual systems available for you to select when you clicked
the Metadata link associated with an authentication
profile. |
PAN-73579 | Fixed an issue where, after you upgraded
a firewall to PAN-OS 8.0, the firewall didn't apply updates to the
predefined Palo Alto Networks malicious IP address feeds (delivered
through the daily antivirus content updates) until after you performed
a commit on the firewall. With this fix, changes to the predefined
malicious IP address feeds are automatically applied when delivered
to the firewall. |
PAN-73545 | Fixed an issue on VM-300, VM-500, and VM-700
firewalls where you were required to commit changes a second time
after adding an interface before traffic would pass normally. |
PAN-73363 | Fixed an issue where Panorama did not display
any results when you filtered logs or generated reports based on
user groups even after you enabled reporting and filtering on groups. |
PAN-73360 | Fixed an issue where the passive Panorama
peer in an HA configuration showed shared policy to be out of sync
even when the device group commit from the active peer was successful. |
PAN-73291 | Fixed an issue where authentication failed
for client certificates signed by a CA certificate that was not
listed first in the Certificate Profile configured with client certificate
authentication for GlobalProtect portals and gateways. |
PAN-73207 | Fixed an issue where you could not push
notifications as an authentication factor if the firewall was integrated
with Okta Adaptive as the multi-factor authentication (MFA) vendor. |
PAN-73168 | Fixed an issue where your web browser displayed
the error message 400 Bad Request when
you tried to access a PAN-OS web interface that shared the same
FQDN as the GlobalProtect portal that hosted Clientless VPN applications. |
PAN-73006 | Fixed an issue where the App Scope Change
Monitor and Network Monitor reports failed to display data if you
filtered by Source or Destination IP
addresses when logging rates were high. This fix also addresses
an issue where the App Scope Summary report failed to display data
for the Top 5 Bandwidth Consuming Sources and Top 5 Threats when
logging rates were high. |
PAN-72952 | Improved file-type identification for Office
Open XML (OOXML) files, which improves the ability for WildFire
to accurately classify OOXML files as benign or malicious. |
PAN-72875 | Fixed an issue where the severity level
of the Failed to sync PAN-DB to peer: Peer user failure syslog
message was too high. With this fix, the message severity level
is info instead of medium . |
PAN-72849 | Fixed an issue in Panorama HA active/passive
configurations where Elasticsearch parameters were not pushed to
the passive peer. |
PAN-72726 | Fixed an issue where the firewall was unable
to mark BFD packets with appropriate DSCP values. |
PAN-72667 | Fixed an issue where the Panorama web interface
and CLI displayed a negative value for the Log Storage capacity (Panorama Collector Groups <Collector_Groups General |
PAN-72547 | Fixed an issue where running the clear session all CLI
command on a PA-5200 Series firewall in a high availability (HA)
configuration caused the firewall to fail over due to an issue with
path monitoring. |
PAN-72402 | Fixed an issue where, after you configured
a BGP IPv6 aggregate address with an Advertise Filter that had both
a prefix filter and a next-hop filter, the firewall advertised only
the aggregate address and did not advertise the specific routes
that the Advertise Filter covered ( Network Virtual Routers <router> BGP Aggregate <address> Advertise Filters <advertise_filter> |
PAN-72246 | Fixed an issue where the firewall generated
an ECDSA certificate signing request (CSR) using the SHA1 algorithm
instead of the selected algorithm. |
PAN-71833 | Fixed an issue where the output of the test authentication authentication-profile CLI
command intermittently displayed authentication/authorizationfailed for user for
TACACS+ authentication profiles even though the administrator could
successfully log in to the web interface or CLI using the same credentials
as were specified in the test command. |
PAN-71829 | Fixed an issue on PA-5000 Series firewalls
where the dataplane restarted due to specific changes related to
certificates or SSL profiles in a GlobalProtect configuration; specifically,
configuring a new gateway, changing a certificate linked to GlobalProtect,
or changing the minimum or maximum version of the TLS profile linked
to GlobalProtect. |
PAN-71556 | Fixed an issue where MAC address table entries
with a time-to-live (TTL) value of 0 were not removed as expected,
which caused the table to continually increase in size. |
PAN-71530 | Fixed an issue where LDAP authentication
failed intermittently due to a race condition. |
PAN-71334 | Fixed an issue with delays of up to 10 seconds
before the firewall transmitted the audio/video stream when you
set up a VoIP call on a PA-5200 Series firewall using the Session
Initiation Protocol (SIP). |
PAN-71312 | Fixed an issue where custom reports did
not display results for queries that specified the Negate option, Contains operator,
and a Value that included a period (.) character preceding
a filename extension. |
PAN-71271 | Fixed an issue where new logs were lost
if the log purging process started running before you started log
migration after an upgrade to PAN-OS 8.0. |
PAN-70436 | A security-related fix was made to prevent
tampering with files that are exported from the firewall web interface (CVE-2017-7217/PAN-SA-2017-0008). |
PAN-70366 | Fixed an issue where SMTP email servers
did not receive PDF reports from the firewall because the report
emails had line separators that used bare LF instead of CRLF. |
PAN-70323 | Fixed an issue where firewalls running in
FIPS-CC mode did not allow import of SHA-1 CA certificates even
when the private key was not included; instead, firewalls displayed
the following error:
|
PAN-69622 | Fixed an issue where the firewall did not
properly close a session after receiving a reset (RST) message from
the server if the SYN Cookies action was triggered. |
PAN-69585 | Fixed an issue where the URL link included
in the email for a SaaS Application Usage report (so that you could
retrieve the report from the firewall web interface) triggered third-party
spam filters deployed in your network. |
PAN-69340 | Fixed an issue where PAN-OS did not apply
the capacity license when you used a license authorization code
(capacity license or a bundle) to bootstrap a VM-Series firewall
because the firewall did not reboot after the license was applied. |
PAN-68795 | Fixed an issue where the SaaS Application
Usage report displayed upload and download bandwidth usage numbers
incorrectly in the Data Transfer by Application section. |
PAN-68185 | Fixed an issue where the 7.1 SNMP traps
MIB (PAN-TRAPS.my) had an incorrect description for the panHostname attribute. |
PAN-67952 | Fixed an issue on PA-5000 Series firewalls
where the dataplanes became unstable when jumbo frames and first
packet broadcasting were both enabled. With this fix, first packet
broadcasting is disabled by default on PA-5000 Series firewalls. |
PAN-67629 | Fixed an issue where existing users were
removed from user-group mapping when the Active Directory (AD) did
not return an LDAP Page Control in response to an LDAP refresh,
which resulted in the following User-ID ( useridd ) logs:
|
PAN-66122 | Firewalls did not support tunnel content
inspection in a virtual-system-to-virtual-system topology. |
PAN-64725 | Fixed an issue where Panorama did not maintains
its connections to firewalls if it received logs at a high rate
and the logs matched queries and other settings in scheduled reports. |
PAN-64164 | Fixed an issue on Panorama virtual appliances
in an HA configuration where, if you enabled log forwarding to syslog,
both the active and passive peers sent logs. With this fix, only
the active peer sends logs when you enable log forwarding to syslog. |
PAN-63274 | Fixed an issue on firewalls with multiple
virtual systems where inner flow sessions installed on dataplane
1 (DP1) failed if you configured tunnel content inspection for traffic
in a shared gateway topology. Additionally with this fix, when networking
devices behind the shared gateway initiate traffic, that traffic
can now reach the networking devices behind the virtual systems. |
PAN-62820 | Fixed an issue for the Apple Safari browser
in Private Browsing mode where the firewall did not redirect you
to the service or application—even when authentication succeeded—when
you requested a service or application that required multi-factor
authentication (MFA). |
PAN-61840 | Fixed an issue where the show global-protect-portal statistics CLI
command was not supported. |
PAN-60101 | Fixed an issue on the M-500 and M-100 appliances
in Panorama mode where emailed custom reports contained no data
if you configured a report query that used an Operator set
to contains (Monitor Manage Custom Reports |
PAN-59677 | A security-related fix was made to prevent
firewall administrators logged in as root from using GNU Wget to
access remote servers and write to arbitrary files by redirecting
a request from HTTP to a crafted FTP resource (CVE 2016-4971). |
PAN-58979 | Fixed an issue where the dataplane restarted
due to a memory leak ( mprelay ) that occurred if you
did not disable LLDP when you disabled an interface with LLDP enabled (Network Interfaces <interface> Advanced LLDP |
PAN-57553 | Fixed an issue where a QoS profile failed
to work as expected when applied to a clear text node configured
with an Aggregate Ethernet (AE) source interface that included AE
subinterfaces. |
PAN-57142 | Fixed an issue on PA-7000 Series firewalls
in an HA active/passive configuration where QoS limits were not
correctly enforced on Aggregate Ethernet (AE) subinterfaces. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.
