End-of-Life (EoL)
PAN-OS 8.0.13 Addressed Issues
PAN-OS® 8.0.13 addressed issues
Issue ID | Description |
|---|---|
WF500-4466 | Fixed an issue on WF-500 passive cluster
members where file forwarding was incorrectly disabled, which prevented
the passive firewall from uploading samples. |
PAN-104116 | Fixed an issue during a PAN-OS® upgrade
where a hardware packet buffer leak caused firewall performance
to degrade. |
PAN-103132 | A security-related fix was made to address
the FragmentSmack vulnerability (CVE-2018-5391 / PAN-SA-2018-0012). |
PAN-102750 | Fixed an issue on a PA-5000 Series firewall
where the dataplane restarts when multicast traffic matched a stale
session on the offload processor that was not cleared as expected. |
PAN-102664 | Fixed an issue where a process ( rasmgr ) restarted
when a satellite tunnel tear down command
and a get user config command occurred simultaneously. |
PAN-102631 | Fixed an issue where a process ( rasmgr ) restarted
multiple times, which caused the firewall to reboot. |
PAN-102168 | Fixed an issue where a PA-5200 Series firewall
processed the tunnel-monitoring with profile-failover as having
the tunnel status up and peers as down during initial configuration. |
PAN-102140 | Fixed an issue where Extended Authentication
(X-Auth) clients intermittently failed to establish an IPSec tunnel
to GlobalProtect gateways. |
PAN-101182 | Fixed an issue where a system failure occurred
due to packet size exceeding the hardware limit. |
PAN-100985 | Fixed an issue with PA-5000 Series, PA-5200
Series, and PA-7000 Series firewalls where the firewall fails to
clear cache for refreshing the FQDN list, which periodically results
in an out of memory condition that forces the firewall to reboot. |
PAN-100794 | Fixed an issue where SNMP fan trays did
not initialize as expected and prevented the SNMP manager from receiving
fan tray information. |
PAN-100715 | Fixed an issue on VM-Series firewalls where
the dataplane stops processing traffic when attempting to transmit
packets larger than the firewall maximum transmission unit (MTU). |
PAN-100345 | ( PA-200, PA-220, PA-220R, PA-500, and
PA-800 Series firewall only ) Fixed an issue where a large number
of group mappings caused the firewall to display out-of-memory (OOM)
errors and restart. |
PAN-99964 | Fixed an issue on an M-100 appliance where
a bulk set of commands timed out causing configuration locks and,
while running any subsequent show commands, responded with the following
message: Server error: Timed out while getting configlock. Please try again. |
PAN-99780 | Fixed an issue where the second virtual
system (vsys) dropped TCP traffic that was out-of-order when that
second vsys controlled the proxy session in a multi-vsys configuration. |
PAN-99590 | Fixed an issue where the firewall did not
return Captive Portal response pages as expected due to depletion
of file descriptors. |
PAN-99392 | Fixed an issue where RADIUS VSA administrators
were able to login for one hour after their VSA administrator role
was removed on the RADIUS server. |
PAN-99316 | Fixed an issue where the SAP Success Factor
app failed to load because the Cipher-cloud was configuring cookies
with the “at” ( @ ) character in the cookie name but Palo Alto Networks
firewalls used the @ character as a separator for storing cookies
locally, which caused the firewall to misinterpret the cookies. |
PAN-98976 | Fixed an intermittent issue where Captive PortalMFA failed
and discarded new MFA requests. |
PAN-98635 | Fixed an issue on the Panorama™ centralized
management server where the logs related to the clear-log system
were not forwarded to the Syslog server. |
PAN-98217 | Fixed an issue where user-account group
members in subgroups ( n +1) were unnecessarily
queried when nested level was set to n . |
PAN-98189 | Fixed an issue where firewall overrides
configuration to not validate first ASN, resulting in multi-lateral
BGP connection flaps peering over an internet exchange. |
PAN-97881 | Fixed an issue where an administrator with
the CLI Device Read privilege was able to discard a session that
was revoked. |
PAN-97324 | Fixed an issue where values were missing
in the URL field in the Data Filtering logs. |
PAN-97315 | Fixed an issue on Panorama M-Series and
virtual appliances where the configuration ( configd )
process stopped responding after you entered a filter string and
tried to Add Match Criteria for any Dynamic address group
type (Objects Address
Groups |
PAN-97296 | Fixed an issue where the Panorama web interface Group
Mapping Settings took longer to load than expected when
there were multiple device groups and each group reported to a different
master device. |
PAN-97253 | Fixed an issue where audio failed for long-lived
session initiated protocol (SIP) sessions subjected to six content
updates. |
PAN-97077 | Fixed an issue on Panorama M-Series and
virtual appliances where the report-generation process stopped responding
due to a corrupt log record in the JSON query. |
PAN-97045 | Fixed an issue on PA-850 firewalls where
the session rematch option failed to execute when you added an IP
address to the External Dynamic List (EDL) block list. |
PAN-96918 | Fixed an issue where an unreachable DNS
server due to aggressive timers increased the time of PPPoE negotiation
and, in some cases, caused negotiation to fail. |
PAN-96860 | Fixed an issue where the processing of ZIP
files in the firewall dropped traffic unexpectedly and logged a
threat entry for SMTP traffic. |
PAN-96796 | Fixed an intermittent issue where session
BIND messages were dropped in a Dynamic IP configuration. |
PAN-96734 | Fixed an issue where a process ( configd )
stopped responding during a partial revert operation when reverting
an interface configuration. |
PAN-96678 | Fixed an issue on PA-800 Series firewalls
where the web interface did not display or allow you to configure
the bandwidth setting any higher than 1Gbps. |
PAN-96645 | Fixed an issue where generation of extraneous
data filtering logs for SMB protocol traffic occurred without data
filtering or file blocking securities rules in place. |
PAN-96579 | Fixed an issue where the Syslog server received
an incorrect vsys/port log message when multiple vsys systems, with
the same profile name and different port numbers, are connected
to a single syslog server. |
PAN-96477 | Fixed an issue where PA-5000 Series firewalls
did not send an IGMP query immediately after an HA failover. |
PAN-96130 | Fixed an issue on a PA-800 Series firewall
where fragmented packets caused the firewall to restart. |
PAN-95970 | Fixed an issue on a PA-500 firewall where
the dataplane tunnel content pointer entered a NULL state and caused
dataplane processes ( pan_comm and tund )
to stop responding, which caused the dataplane to restart. |
PAN-95736 | Fixed an issue where the mprelay process stopped
responding when you performed a commit while the firewall identified
flows that needed a NetFlow update. |
PAN-95486 | Fixed an issue with VM-Series firewalls
on Azure where dynamic updates failed for the GlobalProtect™ Data
File when you scheduled the updates using the management interface. |
PAN-95407 | Fixed an issue where an API call resulted
in an incorrect response. |
PAN-95331 | Fixed an issue where a temporary flap on
configured Aggregate Ethernet (AE) interfaces cleared the dataplane
debug logs. |
PAN-95265 | Fixed an issue on a PA-220 firewall where
exporting the device state from the Panorama command-line interface
(CLI) included the default bidirectional forwarding detection (BFD)
configuration, which caused a commit to fail on the firewall when
uploading the device state. |
PAN-95045 | Fixed an issue where syslog messages that
terminated with 0 prevented the firewall from identifying matching
patterns in the message. |
PAN-94654 | Fixed an issue where the published applications
page for GlobalProtect Clientless VPN displayed a blank application
icon instead of the custom Application Icon that
you specified (Network GlobalProtect Portals Clientless VPN Applications <application> <application> |
PAN-94382 | Fixed an issue on the Panorama management
server where the Task Manager displayed Completed status
immediately after you initiated a push operation to firewalls (Commit all )
even though the push operation was still in progress. |
PAN-94317 | Fixed the following LDAP authentication
issues:
|
PAN-94278 | Fixed an issue where a Panorama Collector
Group forwarded Threat and WildFire® Submission logs to the wrong
external server after you configured match list profiles with the
same name for both log types ( Panorama Collector Groups <Collector_Group> Collector Log Forwarding {Threat
| WildFire} <match_list_profile> |
PAN-94043 | Fixed an issue where, when an administrator
made and committed partial changes, the disabled address objects
used in a disabled security policy were pushed from Panorama and
retained on the firewall but were deleted when an administrator
performed a full commit from Panorama. |
PAN-93469 | Fixed an issue where the GlobalProtect login,
welcome, and help pages did not display custom logo images in any
browsers other than Internet Explorer after you upgraded to PAN-OS
8.0.8 or a later release. |
PAN-93430 | Fixed an issue where the firewall web interface
did not display Host Information Profile (HIP) information in HIP
Match logs for end users who had Microsoft-supported special characters
in their domains or usernames. |
PAN-93152 | Fixed an intermittent Panorama issue where,
after upgrading to PAN-OS 8.0 or a later release and when connected
to a WF-500 appliance, commit validations failed due to a mismatched
threat ID range on the WildFire private cloud. |
PAN-92955 | Fixed an issue on PA-5200 Series firewalls
in an HA active/active configuration where session timeouts occurred
when TCP timers did not update as expected for asymmetric flows. |
PAN-92782 | Fixed an issue where administrators with
virtual system-specific role privileges could use the PAN-OS XML
API to commit changes to shared objects on the firewall. With this
fix, only administrators with the superuser role can commit changes
to shared objects. |
PAN-92596 | Fixed an issue where the output of the show neighborndp-monitorall CLI
command was missing a space between the Interface and IPv6 Address
columns, which decreased readability. |
PAN-92553 | Fixed an issue on the Panorama management
server where filtering logs based on IPv6 sources didn't return
the expected results ( Monitor Logs <log_type> |
PAN-92489 | Fixed an issue where firewalls intermittently
forwarded logs directly to the Panorama management server instead
of to Log Collectors after you pushed a Collector Group preference
list to the Log Collectors. |
PAN-90998 | Fixed an issue on firewalls with SSL Inbound
Inspection decryption enabled where the dataplane restarted because
the firewall did not correctly handle TCP RST messages. |
PAN-90347 | Fixed an issue on a PA-5000 Series firewall
configured to use an IPSec tunnel containing multiple proxy IDs ( Network IPSec Tunnels <tunnel> Proxy IDs |
PAN-89988 | Fixed an issue where the firewall dataplane
intermittently restarted, causing traffic loss, after you attached
a NetFlow server profile to an interface for which the firewall
assigned an invalid identifier. |
PAN-89715 | Fixed an issue on PA-5200 Series firewalls
in an HA active/passive configuration where failover took a few
seconds longer than expected when it was triggered after the passive
firewall rebooted. |
PAN-89346 | Fixed an issue where an XML API call to
execute the show system raid detail CLI command returned
an error. |
PAN-88440 | Fixed an issue where a firewall configured
as a DNS proxy server ( Network DNS Proxy Got recursion not available. |
PAN-88292 | Fixed an issue on Panorama management servers
in an HA configuration where the Log Collector that ran locally
on the passive firewall did not forward logs to syslog servers. |
PAN-87969 | Fixed an issue where the firewall inserted
hard-coded double quotes ( " ) for
the $opaque macro in payloads after you configured log forwarding
to a JSON-type HTTP server. |
PAN-87867 | Fixed an issue on an M-100 appliance where,
when the interface and snapshot length (snaplen) options were enabled,
the tcpdump command failed to execute with
the following message: Unsupported number of arguments. |
PAN-87546 | Fixed an intermittent issue where the User-ID™ ( useridd )
process stopped responding and caused the firewall to restart. |
PAN-87132 | Fixed an issue on an M-100 appliance where
a restart of the correlation ( cord ) process caused
the appliance to reboot. |
PAN-86759 | Fixed an issue where the URL session information
WildFire report displayed Unknown for
sample files uploaded from firewalls running a PAN-OS 8.0 release. |
PAN-86583 | Fixed an issue where the DHCP process restarted
while you committed a configuration change to DHCP settings and,
as a result, DHCP clients could not receive IP addresses from a
firewall configured as a DHCP server ( Network DHCP |
PAN-84199 | Fixed an issue where, after you disabled
the Skip Auth on IKE Rekey option in the
GlobalProtect gateway, the firewall still applied the option: end
users with endpoints that used Extended Authentication (X-Auth)
did not have to re-authenticate when the key for establishing the
IPSec tunnel expired (Network GlobalProtect Gateways <gateway> Agent Tunnel Settings |
PAN-81553 | Fixed an issue where the M-100 appliance
used the default value of 1,000 because the maximum number of user
groups was not defined in the system configuration. |
PAN-81074 | Fixed an issue on PA-7000 Series firewalls
where the output from the REST/API version of the <show> <system> <raid> <detail> |
PAN-80505 | Fixed an issue where a firewall was able
connect to Panorama using an expired certificate. |
Recommended For You
Recommended Videos
Recommended videos not found.
