PAN-OS 8.0.18 Addressed Issues
PAN-OS® 8.0.18 addressed issues
Fixed an issue on WF-500 appliances where the cluster service took longer than expected to start due to a large number of queued sample data.
Fixed an issue where a non-functioning CLI command was removed from WF-500 appliances.
Fixed a rare issue on WF-500 appliances where the firewall did not respond after you upgraded the appliance from a PAN-OS 8.0.1 release to a PAN-OS 8.0.10 or later release. With this fix, you can run the new debug software raidfixup auto CLI command to recover the RAID controller.
Fixed an issue where users were unable to open an app in their browser after they logged in to GlobalProtect™ Clientless VPN until they closed any and all tabs associated with that app and then opened the app a second time. This issue occurred only when an administrator configured a Source User for the Clientless VPN Security policy rule (PoliciesSecurity<GP-VPN-Security-policy-rule>User).
Fixed an issue where the firewall dropped UpdatePDPContext response packets and displayed the following GTP log event: 122113.
A security-related fix was made to address a use-after-free (UAF) vulnerability in the Linux kernel (PAN-SA-2019-0017 / CVE-2019-8912).
Fixed an issue where a race condition caused a process (mgmtsrvr) to restart with an error message: Connectingto management server failed.
Fixed an issue where an out-of-memory condition caused all IPSec tunnels (which includes IKEv1, IKEv2, and NAT-T) to stop responding.
Fixed an issue on PA-7000 Series firewalls where invalid filters caused the device management server to stop responding when you generated a database (DB) report from a remote firewall.
Fixed an issue where the firewall and Panorama™ web interface did not present HSTS headers to your web browser.
Fixed an intermittent issue where the firewall dropped packets when the policy rule was set to allow but denied the packets during a commit or high availability (HA) sync.
Fixed an issue where group-based policy match stopped responding after User-ID™ restarted.
A security-related fix was made to address an issue where you were unable to retrieve GlobalProtect cloud service threat packet captures from the Logging Service on Panorama M-Series and virtual appliances.
Fixed an intermittent issue on a Panorama virtual appliance where you were unable to generate a tech support file (PanoramaSupportGenerate Tech Support File).
Fixed an issue on a firewall where custom reports did not generate during intermittent times and were not sent to your email address.
Fixed an issue where a process (routed) stopped responding when an incomplete command ran in the XML API.
Fixed an issue where the Panorama web interface took longer than expected to update Managed Collectors (PanoramaManaged Collectors) status.
Fixed an issue where the Panorama management server stopped responding when you upgraded from PAN-OS 8.0.9 to PAN-OS 8.1.3.
Fixed an issue on an M-100 appliance in an HA configuration where administrators could not reestablish access to the appliance after a session ended unexpectedly.
Fixed an issue where an invalid Captive Portal authentication policy was successfully pushed to managed firewalls, which caused autocommits to fail.
Fixed an issue where simultaneous management access allowed only one user to log in at a time.
A security-related fix was made to address the LazyFP state restore vulnerability (CVE-2018-3665 / PAN-SA-2019-0017).
Fixed an issue on a firewall where the (show runningresource-monitor ingress-backlogs) CLI command displayed invalid session IDs.
Fixed an issue where a process (configd) exceeded the virtual memory usage limit and caused the firewall to restart. With this fix, you can run the following commands to avoid this unexpected restart:
Fixed an issue where a firewall configured with a regular expression data pattern (ObjectsCustom ObjectsData Patterns<profile-name>Pattern Type) did not match patterns, which caused a memory leak and the firewall to stop responding.
Fixed an issue where commits failed when a Panorama appliance running a PAN-OS 8.0 release pushed a template to a firewall running a PAN-OS 7.1 release due to file size limits.