End-of-Life (EoL)
PAN-OS 8.0.11 Addressed Issues
PAN-OS® 8.0.11 addressed issues
Issue ID | Description |
---|---|
PAN-97561 | Fixed an issue where a Panorama appliance
running PAN-OS 8.1.2 was unable to connect to the Logging Service. |
PAN-97084 | Fixed a rare issue where the task manager
failed to load in the web interface when a pending job caused subsequent
completed jobs to be inappropriately held in memory. |
PAN-96587 | Fixed an issue where PA-7000 Series and
PA-5200 Series firewalls intermittently failed to forward logs to
Log Collectors or the Logging Service due to DNS resolution failure
for the FQDNs of those log receivers. |
PAN-96490 | Fixed an issue where syslog servers misrepresented
HIP Match, Authentication, and User-ID logs received from the firewall
because the order changed in the first seven syslog fields for those
log types. With this fix, the first seven syslog fields are the
same for all log types. |
PAN-96150 | Fixed a memory corruption error that caused
the dataplane to restart when content decode length was zero. |
PAN-95884 | Fixed an issue where routing FIB entries
that were learned from a BGP peer were not deleted when BGP Peering
went down. |
PAN-95740 | Fixed an issue where multicast FIB entries
were inconsistent across dataplanes, which caused the firewall to
intermittently drop multicast packets. |
PAN-95445 This fix requires
the VMware NSX 2.0.4 or a later plugin. | Fixed an issue where VM-Series firewalls
for NSX and firewalls in an NSX notify group ( Panorama VMware NSX Notify Group |
PAN-94920 | Fixed an issue where PA-5200 Series firewalls
in a high availability (HA) active/active configuration experienced
internal packet corruption that caused the firewalls to stop passing
traffic when the active member of a cluster came back up as passive
after being either suspended or rebooted (moving from tentative
to passive state). |
PAN-94646 | Fixed an issue with firewalls in a high
availability (HA) configuration where a an HA sync initiated from
the active peer caused a race condition while processing the previous
request. |
PAN-94586 | Fixed an issue where the Panorama management
server exported reports slowly or not at all due to DNS resolution
failures. |
PAN-94578 | Fixed an issue where WildFire submissions
with a filename that contained %20n or
a subject that contained %n caused
the management server (mgmtsrvr ) process to stop responding. |
PAN-94452 | Fixed an issue where the firewall recorded
GPRS Tunneling Protocol (GTP) packets multiple times in firewall-stage
packet captures (PCAPs). |
PAN-94450 | Fixed an issue where QSFP+ interfaces (13
and 14) on a PA-7000-20GQ-NPC Network Processing Card (NPC) unexpectedly
flapped when the card was booting up. |
PAN-94165 | Fixed an issue where the firewall used an
incorrect next hop in the Border Gateway Protocol (BGP) route that
it advertised to External BGP (eBGP) peers in the BGP peer group. |
PAN-94122 | Fixed an issue where firewalls intermittently
blocked SSL traffic due to a certificate timeout error after you
enabled SSL Forward Proxy decryption and selected to Block
sessions on certificate status check timeout (Objects Decryption Profile <Decryption_profile> SSL Decryption SSL Forward Proxy |
PAN-94070 | Fixed an issue where Bidirectional Forwarding
Detection (BFD) sessions were active in only one virtual router
when two or more virtual routers had active BGP sessions (with BFD
enabled) using the same peer IP address. |
PAN-94023 | Fixed an issue where the requestsystem external-list show type ip name CLI
command did not display external dynamic list entries after you
restarted the management server (<EDL_name> mgmtsrvr ) process. |
PAN-93854 | Fixed an issue where the VM-Series firewall
for NSX randomly disrupted traffic due to high CPU usage by the pan_task process. |
PAN-93754 | A security-related fix was made to address
vulnerabilities related to some SAML implementations (CVE-2018-0486
and CVE-2018-0489). Refer to www.kb.cert.org/vuls/id/475445 for details. |
PAN-93753 | Fixed an issue on PA-200 firewalls where
disk space usage was constantly running high and often reaching
maximum capacity. With this fix, the PA-200 firewall purges logs
more quickly and it no longer requires as much space for monitor
daemons. |
PAN-93722 | Fixed an issue where the firewall failed
to perform decryption because endpoints tried to resume decrypted
inbound perfect forward secrecy (PFS) sessions. |
PAN-93687 | Fixed an issue where the firewall dataplane
restarted, disrupting traffic, because the all_pktproc process
stopped responding when the firewall decoded HTTP message bodies
with chunked transfer encoding or gzip-compressed data. |
PAN-93609 | Fixed an issue where the firewall silently
dropped the first packet of a session when that packet was received
as a fragmented packet (typically with UDP traffic). |
PAN-93431 | Fixed an issue where the Panorama management
server failed to export Traffic logs as a CSV file ( Monitor Logs Traffic Max Rows in CSV Export to more
than 500,000 rows (Panorama Setup Management Logging and Reporting Settings Log Export
and Reporting |
PAN-93411 | Fixed an issue on VM-Series firewalls for
KVM where applications that relied on multicasting failed because
the firewalls filtered multicast traffic by the physical function
(PF) after you configured them to use single root I/O virtualization
(SR-IOV) virtual function (VF) devices. |
PAN-93318 | Fixed an issue where firewall CPU usage
reached 100 per cent due to SNMP polling for logical interfaces
based on updates to the Link Layer Discovery Protocol (LLDP) MIB
(LLDP-V2-MIB.my). |
PAN-93254 | Fixed an issue where automatic threat packet
captures on the firewall displayed a error when attempting to retrieve these captures from a threat log entry. |
PAN-93242 | A security-related fix was made to prevent
a Cross-Site Scripting (XSS) vulnerability in a PAN-OS web interface
administration page (CVE-2018-9337). |
PAN-92958 | Fixed an issue where disk utilization increased
unnecessarily because the firewall did not archive and rotate the /var/on file,
which therefore grew to over 40MB. |
PAN-92944 | Fixed an issue where the firewall assigned
the wrong URL filtering category to traffic that contained a malformed
host header. With this fix, the firewall enables the blocking of
any traffic with a malformed URL. |
PAN-92738 | Fixed an issue on the Panorama management
server where administrators with read-only privileges could not
view deployment Schedules for content updates (Panorama Device Deployment Dynamic Updates |
PAN-92481 | Fixed an issue where the root partition
became full. With this fix, the /tmp/tplsp_to_validate.xml file
and the /tmp/panorama_pushed folder are moved
to the /opt/pancfg/mgmt/tmp folder. |
PAN-92456 | Fixed an issue on the Panorama management
server where administrators couldn't log in to the web interface
because disk space utilization reached 100 per cent due to the continuous
growth of cmserror log files. |
PAN-92366 | Fixed an issue where PA-5200 Series firewalls
in an active/passive high availability (HA) configuration dropped
Bidirectional Forwarding Detection (BFD) sessions when the passive
firewall was in an initialization state after you rebooted it. |
PAN-92257 | Fixed an issue where the firewall was intermittently
sending incorrect bytes-per-packet values for some flows to the
NetFlow collector. |
PAN-92163 | Fixed an issue where firewalls in an active/passive
high availability (HA) configuration took longer than expected to
fail over after you configured them to redistribute routes between
an Interior Gateway Protocol (IGP) and Border Gateway Protocol (BGP). |
PAN-91785 | Fixed an issue where the firewall intermittently
did not apply antivirus exceptions after you added more than one
in an Antivirus profile ( Objects Security Profiles Antivirus <Antivirus_profile> Virus Exception |
PAN-91662 | Fixed an issue where a certificate was loaded
without a digital signature, which caused the configuration daemon ( configd )
to stop responding. |
PAN-91503 | Fixed an issue where the firewall failed
to generate tech support logs because there was not enough disk
space available. |
PAN-91370 | Fixed an issue where the firewall dropped
IPv6 traffic while enforcing IPv6 bidirectional NAT policy rules
because the firewall incorrectly translated the destination address
for a host that resided on a directly attached network. |
PAN-91254 | Fixed an issue where end user accounts were
locked out after you configured authentication based on a RADIUS
server profile with multiple servers ( Device Server Profiles RADIUS Retrieve Framed-IP-Address
attribute from authentication server (Network GlobalProtect Gateways <gateway> Agent Client Settings <clients_configuration> IP Pools |
PAN-91095 | Fixed an issue where the firewall did not
perform a validation check when you set the Subnet Mask while configuring
the firewall as a DHCP server (Network DHCP <interface> Options |
PAN-90952 | Fixed an issue on PA-5000 Series firewalls
where multicast traffic failed because PAN-OS did not remove stale
sessions from the hardware session offload processor. |
PAN-90835 | A security-related fix was made to prevent
a Cross-Site Scripting (XSS) attack through the URL Continue page
(CVE-2018-7636). |
PAN-90535 | Fixed an issue where the firewall unnecessarily
sent an Authorize-only request to the RADIUS server which was denied
during the login process if you disabled the Retrieve Framed-IP-Address
attribute from authentication server (Network GlobalProtect Gateways <gateway> Agent Client Settings <clients_configuration> IP Pools |
PAN-90531 | Fixed an issue where the firewall discarded
any unsaved changes you made to the exceptions in a Vulnerability
Protection profile after you enabled or disabled (cleared) the Show
all signatures option (Objects Security Profiles Vulnerability Protect <Vulnerability_Protection_profile> Exceptions |
PAN-90418 | Fixed an issue where PA-7000 Series, PA-5200
Series, PA-5000 Series, PA-3200 Series, and PA-3000 Series firewalls
dropped packets because their dataplanes restarted due to QoS queue
corruption. |
PAN-89525 | Fixed a configuration parsing issue where
a default setup of the Authentication Profile caused the firewall
to reboot during commit. If the administrator configured the Authentication
Profile with any allowed values, including the default values, the
configuration committed successfully. The issue was observed on
a PA-500 firewall in FIPS-CC mode. |
PAN-89177 | Fixed an issue where the Panorama management
server ran out of disk space because PAN-OS did not automatically
purge configuration export files from the tmp folder after exporting
them. |
PAN-89164 | Fixed an issue where content update failures
(associated with the error message) had only a high severity level in System logs. With this fix, content update failures have a critical severity level for better visibility. |
PAN-88897 | Fixed an issue where SNMP managers could
not retrieve firewall power supply information associated with the entPhysicalEntry (1.3.6.1.2.1.47.1.1.1)
and entPhysicalDescr (1.3.6.1.2.1.47.1.1.1.1)
SNMP objects. |
PAN-88473 | Fixed an issue where the firewall was sending
incorrect bytes-per-packet values to the NetFlow collector when
two servers were configured in the same NetFlow profile. |
PAN-87166 | Fixed a rare issue on PA-7000 Series firewalls
where 20GQ NPC QSFP+ ports didn't link up (during online insertion
and removal (OIR), link-state change, or boot up events) and became
unrecoverable until the NPC was restarted. |
PAN-86934 | Fixed an issue where the firewall applied
case sensitivity to the names of shared user groups that were defined
in its local database and, as a result, users who belonged to those
groups couldn't access applications through GlobalProtect Clientless
VPN even after successful authentication. With this fix, the firewall
ignores character case when evaluating the names of user groups
in its local database. |
PAN-86028 | Fixed an issue in an HA active/active configuration
where traffic in a GlobalProtect VPN tunnel in SSL mode failed after
Layer 7 processing when asymmetric routing was involved. |
PAN-85773 | Fixed an issue where, after end users resumed
their sessions, GlobalProtect connections failed with a client certificate
error because the certificate host ID field was not cached in the
session cache. |
PAN-82502 | Fixed an issue where the firewall web interface
did not display the task manager when indices were corrupted and
did not purge the old jobs as expected. |
PAN-80922 | Fixed an issue where the firewall failed
to parse the merged configuration file after you changed the master
key; it parsed only the running configuration file. With this fix,
the firewall parses both files as expected after you change the
master key. |
PAN-80091 | Fixed an issue where no results were returned
for a Global Find request when using the short name domain\group
format. |
PAN-79786 | Fixed an issue where Panorama was unable
to pull any groups from a specific domain when the query for users
included a domain name that ended with a backslash ( "\" ) character. |
PAN-79450 | Fixed an issue where all WildFire jobs on
the firewall were stuck at zero percent progress, which prevented
the firewall from installing the latest WildFire updates. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.