PAN-OS 8.1.10 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
End-of-Life (EoL)
PAN-OS 8.1.10 Addressed Issues
PAN-OS® 8.1.10 addressed issues
Issue ID | Description |
---|---|
PAN-120548 | Fixed an issue where the Captive Portal
request limit was ignored when you configured the Captive Portal
authentication method to browser-challenge. |
PAN-120409 | (PA-7000 Series firewalls only)
Fixed an issue where firewalls running a 20G Network Processing
Card (NPC) or a 20GQ NPC dropped stream control transmission protocol
(SCTP) connections due to incorrect session handling. |
PAN-119257 | Fixed an issue where the firewall could
not establish an IKEv2 connection with SHA256 certificates. |
PAN-119030 | Fixed an issue on Panorama™ M-Series and
virtual appliances where bootstrapped managed firewalls were disconnected
after you performed a partial revert if you did not first perform
a manual commit. With this fix, the manual commit is not required. |
PAN-118656 | Fixed an issue where the ifAdminStatus object
identifier (OID) for dedicated high availability (HA) interfaces
incorrectly displayed as up when interfaces
were not used in an HA configuration. |
PAN-118423 | Fixed an intermittent issue with local HA
status changes where the mprelay process failed to
commit changes to the HA state. |
PAN-118411 | Fixed an issue where ARP entries took longer
than expected to age out in a single run. |
PAN-118351 | (PAN-OS 8.1.7, 8.1.8, and 8.1.9 only)
Fixed an issue where log forwarding stopped responding when you
configured a second log collector to the collector group. |
PAN-118008 | (PA-3000 Series firewalls only)
Fixed an intermittent issue where a low memory condition prevented
decoders from loading, which led to traffic inspection issues related
to the impacted decoder(s). |
PAN-117921 | Fixed an issue where you were unable to
create GTP inner sessions, which caused the firewall to drop GTP-U
data packets when the firewall was deployed on S1-U and S-11 interfaces. |
PAN-117916 | Fixed an issue where the dataplane stopped
responding when you pushed permitted IP addresses from Panorama
to managed firewalls. |
PAN-117818 | (PA-5200 Series firewalls only)
Fixed a rare issue where an initialization delay with a process
(brdagent) caused the dataplane to stop responding. |
PAN-116969 | Fixed an issue where authentication failed
when you configured a User Principal Name (UPN) and included a group
in the profile. |
PAN-116807 | (PA-7000, PA-5200, and PA-3200 Series
firewalls only) Fixed an issue where the firewall dropped ICMP
error messages when the security policy was configured to allow
ICMP |
PAN-116218 | Fixed an issue where test routing bgp virtual-router default restart peer <peer-ID> CLI
command did not execute the operational request and returned the
following error message: op command for client routed timed out as client is not available. |
PAN-115856 | Fixed an issue where Dynamic IP and Port
(DIPP) NAT pools did not release used ports after all sessions were
removed. |
PAN-115852 | Fixed an issue on VM-Series firewalls on
AWS where you could not change maximum transmission unit (MTU) values
from the web interface and displayed the following error message: Malformed Request. |
PAN-115812 | Fixed an issue where the child session did
not inherit policy-base forwarding information when the parent session
is allocated to separate dataplanes. |
PAN-115748 | Fixed an intermittent issue on Panorama
M-Series and virtual appliances where a memory issue caused the
firewall to reboot. |
PAN-115695 | Fixed an intermittent issue where a large
number of packets were received before acknowledgments were complete,
which depleted descriptor queue entries and resulted in high latency
during data transfers even though CPU usage looked normal. |
PAN-115354 | Fixed an issue on Panorama M-Series and
virtual appliances where renaming a device group followed by a partial
commit did not change the device group hierarchy as expected. |
PAN-115219 | Fixed an issue on Panorama M-Series and
virtual appliances where Global Find caused the web interface to
stop responding when you searched for common English words. |
PAN-115186 | Fixed an issue where SaaS reports were not
generated due to report definitions not getting pushed to the log
collector. |
PAN-115160 | Fixed an issue where a UDP packet without
a payload did not trigger the multi-factor authentication (MFA)
and was not discarded based on the authentication policy. |
PAN-115012 | Fixed an issue where a process (appweb)
stopped responding, which caused the web interface to stop responding. |
PAN-114958 | Fixed an issue where the User-ID™ (useridd) process
consumed more CPU cycles than expected when you configured User-ID
redistribution. |
PAN-114855 | Fixed an issue where the firewall dropped
syslog packets after you upgraded to PAN-OS® 8.1.6. |
PAN-114844 | Fixed an issue on Panorama M-Series and
virtual appliances where malformed API calls caused the appliance
to reboot. |
PAN-114779 | Fixed an issue where log purging took longer
than expected, which prevented the firewall from capturing traffic
logs. |
PAN-114695 | Fixed an issue where a daemon (authd)
stopped responding when you configured a GlobalProtect™ portal and
gateway with Security Assertion Markup Language (SAML) authentication. |
PAN-114567 | Fixed an issue where a system query (Eventideq globalprotectportal-config-succ)
caused the management server (mgmtsrvr) process to
stop responding. |
PAN-114533 | Fixed an issue where traffic was blocked
by safe search enforcement before matching the intended allow rule. |
PAN-114526 | Fixed an issue where larger than expected
number of packets sent over a GTP-U tunnel caused packet captures
to fill the files faster than expected. With this fix, you can run
the debug dataplane packet-diag set capture gtpu-lvl[1-30] command
to ensure GTP-U traffic are captured. |
PAN-114475 | Fixed an issue where Panorama in FIPS mode
defaulted to FIPS-CC mode instead of Normal mode. |
PAN-114395 | Fixed an issue on a VM-Series firewall where
a process (all_task) stopped responding, which caused
the firewall to reboot. |
PAN-114264 | Fixed an issue where sessions were offloaded
as the application identification was performed when you configured
a custom application with Continue scanning for other application. |
PAN-114222 | Fixed an issue where the firewall dropped
traffic logs due to a negative log counter reading. |
PAN-114160 | Fixed an issue where you were unable to
download ZIP files greater than 3GB through a GlobalProtect Clientless
VPN application. |
PAN-114105 | Fixed an issue on a Panorama M-Series appliance
where the Summary (PanoramaManaged DevicesSummary)
web interface refreshes every 10 seconds when set to manually refresh. |
PAN-114090 | Fixed an issue on a Panorama virtual appliance
in Legacy mode and in an HA active/passive configuration where logs
were forwarded only to the active HA peer. |
PAN-114002 | Fixed an issue where you were unable to
import variable CSV files when variable names contained a character
space. |
PAN-113930 | Fixed an issue on VM-Series firewalls where
CPU loads were uneven across cores when more than 8 cores were allocated
to the dataplane. |
PAN-113912 | Fixed an issue where a process (ikemgr)
stopped responding and caused the firewall to reboot. |
PAN-113887 | Fixed an issue where loading custom app
tags did not complete successfully, which prevented subsequent requests
(such as commits, content installs, and FQDN refreshes) from executing
as expected. |
PAN-113870 | Fixed an issue where Security policies were
not evaluated in sequential order when the policy was based on URL
categories. |
PAN-113796 | Fixed an issue where GlobalProtect configured
with the pre-logon then on-demand connect
method was unable to authenticate during pre-logon when you configured
the portal and gateway with an Authentication Override and without
a certification profile. |
PAN-113767 | Fixed an issue where the firewall silently
dropped packets when Security profiles were attached and FPGA enabled
AHO and DFA. |
PAN-113501 | Fixed an issue where the Panorama management
server returned a Security Copy (SCP) server connection error after
you created an SCP Scheduled Config Export profile (PanoramaScheduled Config Export)
due to the SCP server password exceeding 15 characters in length. |
PAN-113356 | Fixed an issue where the web interface did
not populate the Virtual System Name column (MonitorManage Custom Reports <monitor-name>Run Now) when you generated
reports from the application statistics database. |
PAN-113229 | Fixed an issue on Panorama M-Series and
virtual appliances in an HA active/passive configuration where the
passive HA peer displayed an out-of-sync shared policy status when
you edited the Device Group. |
PAN-113185 | Fixed an issue where the passive firewall
in an HA active/passive configuration was processing traffic. |
PAN-113096 | Fixed an issue where incorrect serial numbers
were generated when you created VM-Series firewalls on AWS and swapped
the interface with the mgmt-interface-swap=enable CLI command. |
PAN-112988 | Fixed an issue where a process (useridd)
leaked memory, which caused the firewall to drop traffic and display
the following error message: Out-of-memory condition detected, kill process. |
PAN-112972 | Fixed an issue where scheduled reports were
not generated as expected when you added groups in a query builder. |
PAN-112566 | Fixed an issue where the GlobalProtect Client
was unable to download files from a web interface and sessions went
into DISCARD state and displayed the following message: Packet dropped, control plane service not allowed. |
PAN-112529 | Fixed an issue on a firewall in an HA active/passive
configuration where the passive firewall incorrectly received several
alerts. |
PAN-112467 | Fixed an issue where obsolete IPv6 Neighbor
Discovery (ND) entries did not clear as expected, which caused the
IPv6 table to reach full capacity and caused new IPv6 ND entries
to fail. |
PAN-112308 | Fixed an issue where hardware security module
(HSM) accounts were locked out after three attempts when you ran
the show hsm ha-status CLI command. |
PAN-112293 | Fixed an issue where the connection between
the firewall and Log Collector flapped. |
PAN-112016 | Fixed an issue on VM-Series firewalls where
the physical port counters on the dataplane interfaces did not increase
on KVM when you disabled DPDK. |
PAN-111660 | Fixed an issue where an incorrect SSH key
initialization caused a process (pan_comm) to stop
responding every 15 minutes when you configured an SSH proxy on
the firewall. |
PAN-111380 | (PA-3200, PA-5200, and PA-7000 Series
firewalls with 100Gbps cards only) Fixed an issue where the show qos interface ae1 throughput 0 CLI
command incorrectly displayed the active data stream only and QoS
was not working as expected on the first subinterface. |
PAN-110990 | Fixed an issue where a logical operation not configured
with receive_time in the traffic log filter
did not respond as expected. |
PAN-110960 | Fixed an issue on Panorama M-Series and
virtual appliances where commits failed when you configured an address
group object in the Include List (NetworkZone<zone-name>Include List). |
PAN-110839 | Fixed a rare issue where a commit pushed
from Panorama failed, which caused a process (routed)
to stop responding. |
PAN-110304 | Fixed an issue where the dataplane restarted
due to a callback function, which caused a deadlock condition. |
PAN-110234 | Fixed an issue where administrators with
a Superuser (read-only) role was able to initiate a commit through
the CLI. |
PAN-109861 | Fixed an issue where BGP route attributes
were processed from BGP updates, which caused the firewall to stop
responding. |
PAN-109457 | Fixed an issue where the firewall duplicated
address objects when you imported a configuration to Panorama. |
PAN-109270 | Fixed an issue on a firewall in an HA active/passive
configuration where the passive firewall processed a high rate of
packets. |
PAN-107786 | Fixed an issue where you were unable to
import variable CSV files when the external gateway was configured
with a source region of Any. |
PAN-107779 | Fixed an issue where Wildfire® signature
version information was no longer displayed after you activated
a GlobalProtect client. |
PAN-106628 | Fixed an issue where the firewall did not
generate a system log when the firewall detected a RAM issue. |
PAN-106449 | Fixed an issue when you connected to an
internal GlobalProtect gateway on a firewall in an HA active/passive
configuration and authenticated with multi-factor authentication
(MFA) to access a resource where the first and second authentication
factors succeeded but you would not be redirected to the actual
resource. |
PAN-105286 | Fixed an issue where the firewall did not
record email header information in Data Filtering logs when you
triggered a test mail that contained a data leak prevention (DLP)
pattern. |
PAN-104808 | Fixed an issue where scheduled SaaS reports
generated and emailed empty PDF reports. |
PAN-104454 | Fixed a memory leak issue with the User-ID (useridd)
process when you enabled VM Monitoring. |
PAN-103865 | Fixed an issue where the firewall did not
detect user credentials when the number of users exceeded 60,000.
To leverage this fix, you must upgrade Windows agents to User-ID
agent 8.1.11 or a later User-ID agent 8.1 release. |
PAN-104251 | Fixed an issue where the syslog server TCP
keep-alive parameter caused the connection to unexpectedly age out. |
PAN-101613 | (PA-800 Series firewalls only)
Fixed an intermittent congestion condition caused by paused frames
on firewalls where flow control was enabled on adjacent firewalls.
To leverage this fix, run the set system setting hol-system enable CLI command
to enable head-of-line (HOL) system mode. |
PAN-98974 | Fixed an issue where the export function (PanoramaManaged DevicesSummaryManage)
was not available for managed devices. |
PAN-50031 | Fixed an issue where the show wildfire local statistics CLI
command incorrectly returned samples pending analysis when there
were no actual samples pending. |