End-of-Life (EoL)
PAN-OS 8.0.3 Addressed Issues
PAN-OS® 8.0.3 addressed issues
Issue ID | Description |
---|---|
WF500-4291 | Fixed an issue where the WF-500 appliance
returned false positives for known, benign Portable Executable (PE)
files. |
PAN-78448 | Fixed an issue where the firewall dropped
some logs that it was configured to forward to syslog servers. |
PAN-77849 | Fixed an issue where the Captive Portal
web form did not display to end users after you pushed device group
configurations from a Panorama management server running Panorama
8.0 to a firewall running PAN-OS 7.1. |
PAN-77802 | Fixed an issue where every commit cleared
tunnel flow sessions such as GRE and IPSec ESP/AH sessions. |
PAN-77520 | Fixed an issue on PA-7000 Series firewalls
with AMC hard drives, model ST1000NX0423, where the firewalls rebuilt
Disk Pair B in the LPC card after a reboot. |
PAN-77516 | A security-related fix was made to address
a Remote Code Execution (RCE) vulnerability when the PAN-OS DNS
Proxy service resolved FQDNs (CVE-2017-8390). |
PAN-77400 | Fixed an issue on a firewall running PAN-OS
8.0.1 or 8.0.2 where you could not log in to the web interface after
performing a private data reset. |
PAN-77339 | Fixed an issue where the SafeNet Client
6.2.2 did not support the necessary MAC algorithm (HMAC-SHA1) to
work with Palo Alto Networks firewalls that ran in FIPS-CC mode. |
PAN-77290 | Fixed an issue where Panorama displayed
a missing vsys error message when you tried
to update dynamic address groups through PAN-OS XML API calls, even
if you specified a virtual system. |
PAN-77250 | Fixed an issue where the firewall lost offloaded
sessions on a subinterface that belonged to an aggregate interface
group and that had QoS enabled. |
PAN-77173 | A security-related fix was made to prevent
remote code execution within the Linux kernel that the firewall
management plane uses (CVE-2016-10229). |
PAN-77127 | Fixed an issue where the firewall reduced
the range of local and remote IKEv2 traffic selectors in a way that
disrupted traffic in a VPN tunnel that a Cisco Adaptive Security
Appliance (ASA) initiated. |
PAN-77033 | Fixed an issue where using a Panorama management
server running PAN-OS 8.0 to generate a report that queried an unsupported
log field from a PA-7050 firewall running PAN-OS 7.1 slowed the
performance of Panorama because the mgmtsrvr process
stopped responding. |
PAN-76964 | Fixed an issue where interfaces went down
due to packet buffers being overwhelmed after the firewall tried
to close the connection to a rogue client that ignored the URL Filtering
block page. |
PAN-76890 | Fixed an issue where traffic that included
a ZIP file caused the all_task process to restart and
the firewall dropped packets while waiting for that process to resume. |
PAN-76746 | Fixed an issue on the PA-7080 firewall where
authentication traffic from a wireless controller to a RADIUS server
failed due to buffer depletion on the firewall. |
PAN-76651 | Fixed an issue where VM-Series firewalls
dropped multicast traffic if you enabled Data Plane Development
Kit (DPDK) on VMXNET3 interfaces. |
PAN-76650 | Fixed an issue where renaming a shared object
on Panorama that Panorama has pushed to firewalls caused a commit
failure if the firewalls referenced that object in local policies. |
PAN-76615 | Fixed an issue where Panorama failed to Generate Tech
Support File (Panorama Support |
PAN-76565 | Fixed an issue where dynamic content updates
failed on the firewall when DNS response times were slow. |
PAN-76454 | Fixed an issue on PA-7000 Series and PA-5200
Series firewalls where Generic Routing Encapsulation (GRE) session
creation failed when the firewalls received GRE packets with a Point-to-Point
Protocol (PPP) payload. |
PAN-76330 | Fixed an issue where the pan_task process stopped,
which caused a loss of service and interruption to OSPF. |
PAN-76271 | Fixed an issue where you could not access
the Panorama web interface or CLI because the configd process
stopped after a Preview Changes operation (Commit Commit to Panorama |
PAN-76184 | Fixed an issue on PA-7000 Series and PA-5200
Series firewalls where disabling the option to Turn on
QoS feature on this interface (Network QoS |
PAN-76162 | Fixed an issue where Panorama 8.0 did not
display logs from PA-7000 Series firewalls running PAN-OS 7.0 or
PAN-OS 7.1. |
PAN-76158 | Fixed an issue where the firewall, when
processing heavy traffic, did not properly identify and block the
Psiphon application when the Psiphon client was configured to use
a specific source country. |
PAN-76153 | Fixed an issue where PA-5000 Series firewalls
dropped traffic because predict sessions incorrectly matched Policy-Based
Forwarding (PBF) policy rules for non-related sessions. |
PAN-76144 | Fixed an issue where throughput was reduced
on PA-5000 Series firewalls that used a single UDP session on one
dataplane to process high rates of tunneled traffic. With this fix,
you can use the set session filter-ip-proc-cpu CLI
command to use multiple dataplanes to process traffic for up to
32 destination server IP addresses. This setting persists after
reboots and upgrades. |
PAN-76032 | Fixed an issue where the firewall web interface
displayed a misspelling in the tooltip that opened when you hovered
over Commit when no configuration changes
were pending. |
PAN-76003 | A security-related fix was made to prevent
cross-site scripting (XSS) attacks through the GlobalProtect external
interface (CVE-2017-12416). |
PAN-75977 | Fixed an issue where users failed to authenticate
through a Ucopia LDAP server. |
PAN-75617 | Fixed an issue where the firewall performed
the default signature action for threat vulnerability exceptions
instead of performing the Action you set
in the Vulnerability Protection profile (Objects Security Profiles Vulnerability Protection Exceptions |
PAN-75580 | Fixed an issue where a PAN-OS XML API query
to fetch all dynamic address groups failed with an Openingand ending tag mismatch error
due to command buffer limitation. |
PAN-75512 | Fixed an issue where the firewall failed
to decrypt VPN traffic for packets of certain sizes if you set the Encryption algorithm
to aes-256-gcm in the IPSec Crypto profile
used for the VPN tunnel (Network Network Profiles IPSec Crypto |
PAN-75413 | Fixed an issue where DHCP servers did not
assign IP addresses to new end users (DHCP clients) because the
firewall failed to process and relay DHCP messages between the servers
and clients after you configured a firewall interface as a DHCP
relay agent. |
PAN-75372 | Fixed an issue where Panorama dropped all
administrative users because the management-server process restarted. |
PAN-75337 | Fixed an issue where CPU usage spiked on
the firewall during Diffie-Hellman (DHE) or elliptical curve Diffie-Hellman
(ECDHE) key exchange for SSL decryption. With this fix, the firewall
has enhanced performance for DHE and ECDHE key exchange. |
PAN-75304 | Fixed an issue where the firewall populated
default values for IPSec Crypto profiles that did not have an IPSec Protocol (ESP
or AH) defined (Network Network
Profiles IPSec Crypto |
PAN-75215 | Fixed an issue where the active firewall
in an HA deployment kept sessions active for an hour instead of
discarding them after 90 seconds when the sessions matched the URL
category in a policy rule that was set to deny. |
PAN-75158 | Fixed an issue with network outages on firewalls
in a virtual wire HA configuration with HA Preemptive failback enabled
(Device High Availability General Election Settings |
PAN-75154 | Fixed an issue where the Monitor Traffic Map |
PAN-75119 | Fixed an issue where IP Address Exemptions in
Anti-Spyware profiles (Objects Security Profiles Anti-Spyware Profile |
PAN-75118 | Fixed an issue where commits failed after
you added an IPv6 peer group to a virtual router that had Border
Gateway Protocol (BGP) enabled ( Network Virtual Routers BGP Peer Group |
PAN-75029 | Fixed an issue where the PA-5060 firewall
randomly dropped packets and displayed the reason in Traffic logs
as resources unavailable . |
PAN-74938 | Fixed an issue on PA-3000 Series firewalls
where SSL sessions failed due to memory depletion in the proxy memory
pool; Traffic logs displayed the reason decrypt-error . |
PAN-74865 | Fixed an issue where Panorama could not
push address objects to managed firewalls if zones specified the
objects in the User Identification ACL include or exclude lists ( Network Zones Share Unused Address
and Service Objects with Devices (Panorama Setup Management Panorama Settings |
PAN-74639 | Fixed an issue where the root partition
on the firewall was low on disk space (requiring you to run the debug dataplane packet-diag clear log log CLI
command to free disk space) because the pan_task process
generated logs for H.225 sessions. |
PAN-74601 | Fixed an issue on Panorama where Device
Group and Template administrators who had access domains assigned
to their accounts could not edit shared security profiles ( Objects Security Profiles |
PAN-74579 | Fixed an issue where the debug dataplane internal pdt oct show-all CLI
command restarted the firewall dataplane. |
PAN-74440 | Fixed an issue where the firewall generated
System logs indicating the l3svc process stopped repeatedly
because the cryptod daemon deleted a certificate key
associated with an SSL/TLS Service Profile that
was used for the URL Admin Override feature (Device Setup Content ID Device User Identification Captive Portal Settings |
PAN-74369 | Fixed an issue where modifying the BFD profile
in a virtual router (Network Virtual Routers routed process
to stop. |
PAN-74334 | Fixed an issue on Panorama where the replace device CLI
command did not replace the serial numbers of firewalls that policy
rules referenced as targets. |
PAN-74243 | Fixed an issue where, after you used a Panorama
template to push DNS server IP addresses ( Device Setup Services |
PAN-73919 | Fixed an issue where you could not use the
web interface or CLI to configure a multicast IP address as the
Source or Destination in packet filters ( Monitor Packet Capture |
PAN-73916 | Fixed an issue where, after you logged in
to the firewall with an administrator account that does not have
a superuser role and you then tried to Disable an
application (Objects Applications <application-name> |
PAN-73707 | Fixed an issue where you could not generate
a SCEP certificate if the SCEP Challenge (password)
had a semicolon (Device Certificate
Management SCEP |
PAN-73631 | Fixed an issue where end user clients failed
on their first attempt to authenticate when you configured Captive
Portal for certificate-based authentication and the client certificates
exceeded 2,000 bytes. |
PAN-73556 | Fixed an issue where the firewall did not
delete multicast forwarding information base (FIB) entries for multicast
groups that stopped receiving traffic. |
PAN-73551 | Fixed an issue where commits failed with
the error syntax error [kmp_sa_lifetime_time ;] if
the firewall had IKE Crypto profiles without a Key Lifetime defined (Network Network Profiles IKE Crypto |
PAN-73548 | Fixed an issue where the firewall used the
global service route ( Device Setup Services Global Device Setup Services Virtual Systems Device Server Profiles |
PAN-73484 | Fixed an issue where the firewall server
process ( devsrvr ) restarted during URL updates. |
PAN-73281 | Fixed an issue where the firewall dropped
multicast traffic on an egress VLAN interface when the traffic was
offloaded. |
PAN-73254 | Fixed an issue where, after you installed
the VMware NSX plugin on Panorama in a high availability (HA) configuration,
Panorama did not automatically synchronize configuration changes
between the HA peers unless you first updated settings related to
the NSX plugin. |
PAN-73184 | Fixed an issue where successive HTTP GET
requests in a single session failed if you configured SSL Decryption
with the Strip X-Forwarded-For option enabled (Device Setup Content-ID |
PAN-72946 | Fixed an issue where HA firewalls displayed
as out of sync if an SSL/TLS
Service Profile without a certificate was assigned to
the management (MGT) interface (Device Setup Management SSL/TLS Service Profile if
it doesn't have a certificate. |
PAN-72863 | Fixed an issue where the PAN-OS integrated
User-ID agent or Windows-based User-ID agent stopped responding
because the firewall sent numerous queries |
PAN-72753 | Fixed an issue where you could not configure
the 0.0.0.0/1 subnet as a Proxy ID for IPSec VPN tunnels. |
PAN-72433 | Fixed an issue where the PA-7050 firewall
displayed incorrect information for the packet counts and number
of bytes associated with traffic on subinterfaces. With this fix,
the firewall displays the correct information in the show interface CLI command
output and in other sources of information for subinterfaces (such
as SNMP statistics and NetFlow record exports). |
PAN-72258 | Fixed an issue where pushing an ARP load-sharing
configuration ( Device High Availability Active/Active Config Virtual Address |
PAN-71922 | Fixed an issue where the firewall did not
generate Threat logs for classified DOS protection profiles that
had an Action set to SYN Cookies (Objects Security Profiles DoS Protection Flood Protection SYN Flood |
PAN-71535 | Fixed an issue on Panorama where Panorama Device Deployment Software Upload for
a software image of that release. |
PAN-71133 | Fixed an issue on where the dataplane rebooted
after multiple dataplane processes restarted due to memory corruption. |
PAN-69449 | Fixed an issue where, after a clock change
on the firewall (such as for Daylight Savings Time), the ACC did
not display information for time periods before the change. |
PAN-68808 | Fixed an issue on the PA-7050 firewall where
the mprelay process experienced a memory leak and stopped
responding, which caused slot failures and HA failover. |
PAN-68580 | Fixed an issue where HA VM-Series firewalls
displayed the wrong link state after a link-monitoring failure. |
PAN-66076 | Fixed an issue where the GlobalProtect portal
prompted end users to enter a one-time password (OTP) even after
the users entered the OTP for the GlobalProtect gateway and Authentication
Override is enabled ( Network GlobalProtect Portals <portal-configuration> Agent <agent-configuration> Authentication |
PAN-64639 | Fixed an issue where HA firewalls failed
to synchronize the PAN-DB URL database. |
PAN-62159 | Fixed an issue where the firewall did not
generate WildFire Submission logs when the number of cached logs
exceeded storage resources on the firewall. |
PAN-59372 | Fixed an issue where neither Panorama nor
the firewall generated a System log indicating a password change
after you used a Panorama template to push an administrator password
change to the firewall. |
PAN-56287 | Fixed an issue where the firewall discarded
VoIP sessions that had multicast destinations. |
PAN-46374 | Fixed an issue on PA-7000 Series firewalls
where you had to power cycle the Switch Management Card (SMC) when
it failed to come up after a soft reboot (such as after upgrading
the PAN-OS software). |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.