PAN-OS 8.0.15 Addressed Issues
PAN-OS® 8.0.15 addressed issues
(RADIUS server profile configurations only) Fixed an issue where the RADIUS authentication protocol was incorrectly changed to CHAP authentication when you pushed a commit from a Panorama™ appliance running a PAN-OS® 8.1 release to a WF-500 appliance running a PAN-OS® 8.0 release.
Fixed an issue on WF-500 appliances where the parsing script (sig_schedule_service) did not accurately identify specific WildFire® signatures.
Fixed an issue on a WF-500 appliance where the sample analysis failed when using FIPS-CC mode.
Fixed an intermittent issue on WF-500 appliances where the Redis command-line interface (CLI) failed to execute during master node re-balancing.
Fixed an issue where the WF-500 appliance SNMP notifications did not provide information for the eth2 and eth3 interfaces.
(WF-500 Appliances only) Fixed a rare issue that occurred after upgrading from a PAN-OS 7.1 release to a PAN-OS 8.0 release where the disk partition became full due to the amount of data on the drive and, when you tried to delete the backup database to free up space, the debug wildfire reset backup-database-for-old-samples CLI command failed and resulted in the following error: Server error : Client wf_devsrvr not ready.
Fixed an issue on a high availability (HA) active/passive configuration where GTP sessions did not properly sync to the passive firewall, which caused a failure on the passive firewall during a failover.
Fixed an issue where a Delete PDP Context Response (MonitorLogsGTP) did not correlate with a Delete PDP Context Request and appeared as a new session.
Fixed an issue where Application incorrectly displayed as unknown-udp instead of gttp-c for theGTPv1-C tunnel management message GTP Event Type.
Fixed an intermittent issue where IPSec Tunnels failed due to a race condition between the pan_task process and tund process.
Fixed an issue where a single API call failed to create a child device group under the parent device group.
A security-related fix was made to prevent cross-site scripting (XSS) attacks through the PAN-OS Management Web Interface (CVE-2019-1566).
A security-related fix was made to prevent a cross-site scripting (XSS) vulnerability in PAN-OS External Dynamic Lists (CVE-2019-1565).
Fixed an intermittent issue on Panorama M-Series and virtual appliances where an address object referenced in the address group was allowed to be deleted without a reference error which caused commits to fail.
Fixed an intermittent issue where the dataplane restarted while processing SMTP traffic.
Fixed an issue on Panorama M-Series and virtual appliances where a log migration from an old-disk pair to a new-disk pair failed with the following error message: Error restoring disks from RMAed device, which caused the (configd) process to fail.
Fixed an issue where a GTP PDP update did not update the GTP-U session which caused subsequent GTP traffic to drop.
Fixed an issue on a high availability (HA) active/active configuration where the active primary LLDP profile could not be copied to the active secondary firewall.
Fixed an issue on Panorama M-Series and virtual appliances where a partial Commit and Push for one or more administrators incorrectly sets the Push scope to all relevant firewalls as if a full Commit and Push was performed.
Fixed an issue where template administrators with the required permission made configuration changes on shared objects and the Commit failed with the following error message: No pending change to commit.
Fixed a username case sensitivity issue, which caused GlobalProtect™ Clientless VPN application lists to return empty.
Fixed an issue where routing traffic dropped due to an increased activity in global counter (flow_fpga_rcv_egr_L3_NH_NF) when an interface is moved from one virtual router to another.
Fixed an issue on Panorama M-Series and virtual appliances where the disk quota configuration exceeded a combined total of 100 percent when a Push was performed from Panorama due to value discrepancies between Panorama and the firewall.
Fixed an issue where the (configd) process depleted memory when you deleted multiple security rules with an XML API call.
Fixed an issue on a PA-500 Series firewall where SSL Forward Proxy was denied due to insufficient shared memory.
Fixed an issue on Panorama M-Series and virtual appliances where Logging Service was enabled, traffic log filters with a variable length subnet mask did not display any logs.
Fixed a rare issue where XML files with random file sizes failed to upload through API calls.
Fixed an issue where high elastic search memory load caused the firewall not to display logs and reboot
Fixed a rare issue where the traffic log did not generate data due to a negative log counter reading.
Fixed an issue on a VM-Series firewall in a high availability (HA) active/passive configuration where after a reboot, the passive firewall sent ARP packets during the initialization state, which caused a traffic conflict with the active firewall.
Fixed an issue where the GlobalProtect Clientless VPN and GlobalProtect Data options did not display as expected on Panorama (TemplateDeviceDynamic Updates).
Fixed an issue on a firewall in a high availability (HA) active/passive configuration where the scheduled antivirus content update failed due to a process (mgmtsrvr) failure.
Fixed an issue where TACACS+ authorization responded with Illegal packet version because a firewall was incorrectly sending minor version 1, which impacts TACACS+ servers and causes a failed authorization.
Fixed an issue where the firewall reported the incorrect hostname when responding to SNMP get requests.
Fixed an issue on a PA-5200 Series firewall where small form-factor pluggable (SFP) ports only linked in auto negotiation mode.
Fixed an issue on Panorama M-Series and virtual appliances where the firewall was not able to override the local device configuration and failed to apply Dynamic Updates with an interval set to none.