PAN-OS 8.0.16 Addressed Issues

PAN-OS® 8.0.16 addressed issues
Issue ID
Description
WF500-4397
Fixed an issue in a WF-500 appliance cluster where the controller backup node was stuck in global-db-service: WaitingforLeaderReady status when you tried to add nodes to the cluster.
WF500-4220
Fixed an issue on WF-500 appliances where the process (rsyncd) logs depleted root partition disk usage.
PAN-111866
Fixed an issue where the push scope selection on the Panorama web interface displayed incorrectly even though the commit scope displayed as expected. This issue occurred when one administrator made configuration changes to separate device groups or templates that affected multiple firewalls and a different administrator attempted to push those changes.
PAN-110341
Fixed an issue where the firewall sent RIP updates more frequently than expected.
PAN-110293
Fixed an issue where GTP-U traffic dropped due to GTP TEID not updating properly during a GTP-C update.
PAN-109594
Fixed an issue where the dataplane restarted when an IPsec rekey event occurred and caused a tunnel process (tund) failure when one--but not both--HA peers is running PAN-OS 8.0.14 or PAN-OS 8.1.5.
PAN-109506
Fixed an issue on a firewall where a process (useridd) stopped responding due to excessive Security Assertion Markup Language (SAML) requests received.
PAN-107989
Fixed an issue on a firewall where the Strict IP Address Check incorrectly triggered when you enabled ECMP (NetworkVirtual RoutersAddRouter settingsECMP).
PAN-107895
Fixed an issue where PDP Delete Response packet did not match the GTPv1-C tunnel session, which caused the generated GTP log to display incorrect session data.
PAN-107636
(Panorama M-Series and virtual appliances only) Fixed a rare issue where the web interface did not display new logs as expected because Elasticsearch (ES) stopped working when the Raid drives reached maximum capacity and the purge script to remove old ES indices failed to execute and make room for new indices. However, this issue also resulted in creation of new ES indices that were empty because the appliance could not read or write to them. With this fix, old indices are purged as expected; however, empty ES indices created before you upgraded to this release with this fix are not removed as expected (see known issue PAN-114041).
PAN-107144
Fixed an issue where you were unable to push to managed firewalls because the Push Scope field (PanoramaManaged CollectorsCommitPush to Devices) did not display the managed firewalls.
PAN-107120
Fixed an issue on a firewall where the process (all_pktproc) failed, which caused the dataplane to restart.
PAN-106922
A security-related fix was made to address a denial of service (DoS) vulnerability in PAN-OS SNMP (CVE-2018-18065 / PAN-SA-2019-0007).
PAN-106857
Fixed an issue where the dataplane restarted due to an internal path monitoring failure due to large SSL decrypted file transfer sessions.
PAN-106253
Fixed an issue where the GTP Message Type Modify Bearer Response and GTP Event Code 124223 were denied due to failed stateful inspections.
PAN-106251
Fixed an issue where the list of Panorama Managed Devices did not display (PanoramaDevice DeploymentLicenses).
PAN-105966
A security-related fix was made to address the Linux Kernel Local Privilege Escalation vulnerability (CVE-2018-14634 / PAN-SA-2019-0006).
PAN-105103
Fixed an intermittent issue where GTP logs did not display due to GTP packets with an APN > 14 bytes caused the traffic log to reach the limit and stopped generating logs.
PAN-104466
Fixed an issue on a VM-50 firewall where an out of memory event caused the firewall to restart.
PAN-104361
Fixed an issue on a firewall in an HA active/passive configuration where a process (all_task) failed due to a (bad_gtp_header) code on the passive firewall after upgrading from PAN-OS 8.0.12.
PAN-103225
Fixed an issue on Panorama M-Series and virtual appliances where after you push a configuration to a firewall, the Task Manager did not display the progress.
PAN-103023
Fixed an intermittent issue where a content install (content) caused a firewall configuration failure and the firewall to stop responding.
PAN-102745
Fixed an issue on a firewall where a commit and FQDN refresh took longer than expected.
PAN-101451
Fixed an issue where SNMP queries displayed incorrect values.
PAN-101401
Fixed an issue where a DNS App-ID™ security policy allowed non-DNS traffic to flow through.
PAN-101365
Fixed an intermittent issue where the session ID did not clear when the session ID is set to 0.
PAN-100761
A security-related fix was made to address a development configuration file issue.
PAN-98861
Fixed an issue where shadowed rule warnings did not display during commits.
PAN-97879
Fixed an issue on Panorama management server in an HA active/passive configuration where a Commit (CommitCommit to Panorama) caused the firewalls to restart.
PAN-97743
Fixed an issue where the firewall did not recognize the small form-factor pluggable (SFP) port, which caused the dataplane to restart when the path monitor process stopped responding.
To ensure a successful upgrade to PAN-OS 8.0.16 for this fix, re-seat all connected SFP transceivers and then follow the upgrade path described in the PAN-OS 8.0 upgrade procedure (PAN-OS 8.0 New Features Guide).
PAN-97634
Fixed an issue where the firewall rebooted when the management (MGT) interface was connected to a network that contained a network loop, which caused excessive traffic flow on the interface. This issue was observed only on a PA-220 firewall.
PAN-96344
Fixed an issue on a firewall where TCP reset packets were sent even after you set the vulnerability profile action to drop the packets.
PAN-96038
(PA-200, PA-220, and PA-220R firewalls only) Fixed an issue with the Ethernet driver that caused the firewall to reboot when experiencing heavy broadcast traffic on the management interface.
PAN-91059
Fixed an issue where GTP log query filters did not work when you filtered based on a value of unknown for the message type or GTP interface fields (MonitorLogsGTP).
PAN-89849
Fixed an issue where the antivirus/anti-spyware block page did not display.
PAN-86319
Fixed an intermittent issue on M-100 appliances where the firewall became unresponsive when multiple users are logged in at the same time.
PAN-79090
Fixed an issue where HIP-related objects were missing transformation logic for OPSWAT on firewalls running a PAN-OS 8.0 release managed by a Panorama instance that was running a PAN-OS 8.1 release.
PAN-78262
Fixed an issue where the firewall did not display a shadow rule warning for security policy rules when a more broad rule is configured above a more specific rule.
PAN-73686
Fixed an issue where Security Assertion Markup Language (SAML) single sign-on (SSO) responses truncated group information when the field size exceeded 128 bytes, which caused the allow list check to fail.

Related Documentation