PAN-OS 8.1.10 Addressed Issues

PAN-OS® 8.1.10 addressed issues
Issue ID
Description
PAN-120548
Fixed an issue where the Captive Portal request limit was ignored when you configured the Captive Portal authentication method to
browser-challenge
.
PAN-120409
(
PA-7000 Series firewalls only
) Fixed an issue where firewalls running a 20G Network Processing Card (NPC) or a 20GQ NPC dropped stream control transmission protocol (SCTP) connections due to incorrect session handling.
PAN-119257
Fixed an issue where the firewall could not establish an IKEv2 connection with SHA256 certificates.
PAN-119030
Fixed an issue on Panorama™ M-Series and virtual appliances where bootstrapped managed firewalls were disconnected after you performed a partial revert if you did not first perform a manual commit. With this fix, the manual commit is not required.
PAN-118656
Fixed an issue where the
ifAdminStatus
object identifier (OID) for dedicated high availability (HA) interfaces incorrectly displayed as
up
when interfaces were not used in an HA configuration.
PAN-118423
Fixed an intermittent issue with local HA status changes where the
mprelay
process failed to commit changes to the HA state.
PAN-118411
Fixed an issue where ARP entries took longer than expected to age out in a single run.
PAN-118351
(
PAN-OS 8.1.7, 8.1.8, and 8.1.9 only
) Fixed an issue where log forwarding stopped responding when you configured a second log collector to the collector group.
PAN-117921
Fixed an issue where you were unable to create GTP inner sessions, which caused the firewall to drop GTP-U data packets when the firewall was deployed on S1-U and S-11 interfaces.
PAN-117916
Fixed an issue where the dataplane stopped responding when you pushed permitted IP addresses from Panorama to managed firewalls.
PAN-117818
(
PA-5200 Series firewalls only
) Fixed a rare issue where an initialization delay with a process (
brdagent
) caused the dataplane to stop responding.
PAN-116969
Fixed an issue where authentication failed when you configured a User Principal Name (UPN) and included a group in the profile.
PAN-116807
(
PA-7000, PA-5200, and PA-3200 Series firewalls only
) Fixed an issue where the firewall dropped ICMP error messages when the security policy was configured to allow ICMP
PAN-116218
Fixed an issue where
test routing bgp virtual-router default restart peer <
peer-ID
>
CLI command did not execute the operational request and returned the following error message:
op command for client routed timed out as client is not available
.
PAN-115856
Fixed an issue where Dynamic IP and Port (DIPP) NAT pools did not release used ports after all sessions were removed.
PAN-115852
Fixed an issue on VM-Series firewalls on AWS where you could not change maximum transmission unit (MTU) values from the web interface and displayed the following error message:
Malformed Request
.
PAN-115812
Fixed an issue where the child session did not inherit policy-base forwarding information when the parent session is allocated to separate dataplanes.
PAN-115748
Fixed an intermittent issue on Panorama M-Series and virtual appliances where a memory issue caused the firewall to reboot.
PAN-115695
Fixed an intermittent issue where a large number of packets were received before acknowledgments were complete, which depleted descriptor queue entries and resulted in high latency during data transfers even though CPU usage looked normal.
PAN-115354
Fixed an issue on Panorama M-Series and virtual appliances where renaming a device group followed by a partial commit did not change the device group hierarchy as expected.
PAN-115219
Fixed an issue on Panorama M-Series and virtual appliances where Global Find caused the web interface to stop responding when you searched for common English words.
PAN-115186
Fixed an issue where SaaS reports were not generated due to report definitions not getting pushed to the log collector.
PAN-115160
Fixed an issue where a UDP packet without a payload did not trigger the multi-factor authentication (MFA) and was not discarded based on the authentication policy.
PAN-115012
Fixed an issue where a process (
appweb
) stopped responding, which caused the web interface to stop responding.
PAN-114958
Fixed an issue where the User-ID™ (
useridd
) process consumed more CPU cycles than expected when you configured User-ID redistribution.
PAN-114855
Fixed an issue where the firewall dropped syslog packets after you upgraded to PAN-OS® 8.1.6.
PAN-114844
Fixed an issue on Panorama M-Series and virtual appliances where malformed API calls caused the appliance to reboot.
PAN-114779
Fixed an issue where log purging took longer than expected, which prevented the firewall from capturing traffic logs.
PAN-114695
Fixed an issue where a daemon (
authd
) stopped responding when you configured a GlobalProtect™ portal and gateway with Security Assertion Markup Language (SAML) authentication.
PAN-114567
Fixed an issue where a system query (
Eventideq globalprotectportal-config-succ
) caused the management server (
mgmtsrvr
) process to stop responding.
PAN-114533
Fixed an issue where traffic was blocked by safe search enforcement before matching the intended allow rule.
PAN-114526
Fixed an issue where larger than expected number of packets sent over a GTP-U tunnel caused packet captures to fill the files faster than expected. With this fix, you can run the
debug dataplane packet-diag set capture gtpu-lvl[1-30]
command to ensure GTP-U traffic are captured.
PAN-114475
Fixed an issue where Panorama in FIPS mode defaulted to FIPS-CC mode instead of Normal mode.
PAN-114395
Fixed an issue on a VM-Series firewall where a process (
all_task
) stopped responding, which caused the firewall to reboot.
PAN-114264
Fixed an issue where sessions were offloaded as the application identification was performed when you configured a custom application with
Continue scanning for other application
.
PAN-114222
Fixed an issue where the firewall dropped traffic logs due to a negative log counter reading.
PAN-114160
Fixed an issue where you were unable to download ZIP files greater than 3GB through a GlobalProtect Clientless VPN application.
PAN-114105
Fixed an issue on a Panorama M-Series appliance where the Summary (
Panorama
Managed Devices
Summary
) web interface refreshes every 10 seconds when set to manually refresh.
PAN-114090
Fixed an issue on a Panorama virtual appliance in Legacy mode and in an HA active/passive configuration where logs were forwarded only to the active HA peer.
PAN-114002
Fixed an issue where you were unable to import variable CSV files when variable names contained a character space.
PAN-113930
Fixed an issue on VM-Series firewalls where CPU loads were uneven across cores when more than 8 cores were allocated to the dataplane.
PAN-113912
Fixed an issue where a process (
ikemgr
) stopped responding and caused the firewall to reboot.
PAN-113887
Fixed an issue where loading custom app tags did not complete successfully, which prevented subsequent requests (such as commits, content installs, and FQDN refreshes) from executing as expected.
PAN-113870
Fixed an issue where Security policies were not evaluated in sequential order when the policy was based on URL categories.
PAN-113796
Fixed an issue where GlobalProtect configured with the
pre-logon then on-demand
connect method was unable to authenticate during pre-logon when you configured the portal and gateway with an Authentication Override and without a certification profile.
PAN-113767
Fixed an issue where the firewall silently dropped packets when Security profiles were attached and FPGA enabled AHO and DFA.
PAN-113501
Fixed an issue where the Panorama management server returned a Security Copy (SCP) server connection error after you created an SCP Scheduled Config Export profile (
Panorama
Scheduled Config Export
) due to the SCP server password exceeding 15 characters in length.
PAN-113356
Fixed an issue where the web interface did not populate the Virtual System Name column (
Monitor
Manage Custom Reports
<monitor-name>
Run Now
) when you generated reports from the application statistics database.
PAN-113229
Fixed an issue on Panorama M-Series and virtual appliances in an HA active/passive configuration where the passive HA peer displayed an out-of-sync shared policy status when you edited the Device Group.
PAN-113185
Fixed an issue where the passive firewall in an HA active/passive configuration was processing traffic.
PAN-113096
Fixed an issue where incorrect serial numbers were generated when you created VM-Series firewalls on AWS and swapped the interface with the
mgmt-interface-swap=enable
CLI command.
PAN-112988
Fixed an issue where a process (
useridd
) leaked memory, which caused the firewall to drop traffic and display the following error message:
Out-of-memory condition detected, kill process
.
PAN-112972
Fixed an issue where scheduled reports were not generated as expected when you added groups in a query builder.
PAN-112566
Fixed an issue where the GlobalProtect Client was unable to download files from a web interface and sessions went into DISCARD state and displayed the following message:
Packet dropped, control plane service not allowed.
PAN-112529
Fixed an issue on a firewall in an HA active/passive configuration where the passive firewall incorrectly received several alerts.
PAN-112467
Fixed an issue where obsolete IPv6 Neighbor Discovery (ND) entries did not clear as expected, which caused the IPv6 table to reach full capacity and caused new IPv6 ND entries to fail.
PAN-112308
Fixed an issue where hardware security module (HSM) accounts were locked out after three attempts when you ran the
show hsm ha-status
CLI command.
PAN-112293
Fixed an issue where the connection between the firewall and Log Collector flapped.
PAN-112016
Fixed an issue on VM-Series firewalls where the physical port counters on the dataplane interfaces did not increase on KVM when you disabled DPDK.
PAN-111660
Fixed an issue where an incorrect SSH key initialization caused a process (
pan_comm
) to stop responding every 15 minutes when you configured an SSH proxy on the firewall.
PAN-111380
(
PA-3200, PA-5200, and PA-7000 Series firewalls with 100Gbps cards only
) Fixed an issue where the
show qos interface ae1 throughput 0
CLI command incorrectly displayed the active data stream only and QoS was not working as expected on the first subinterface.
PAN-110990
Fixed an issue where a logical operation
not
configured with
receive_time
in the traffic log filter did not respond as expected.
PAN-110960
Fixed an issue on Panorama M-Series and virtual appliances where commits failed when you configured an address group object in the Include List (
Network
Zone
<zone-name>
Include List
).
PAN-110839
Fixed a rare issue where a commit pushed from Panorama failed, which caused a process (
routed
) to stop responding.
PAN-110304
Fixed an issue where the dataplane restarted due to a callback function, which caused a deadlock condition.
PAN-110234
Fixed an issue where administrators with a Superuser (read-only) role was able to initiate a commit through the CLI.
PAN-109861
Fixed an issue where BGP route attributes were processed from BGP updates, which caused the firewall to stop responding.
PAN-109457
Fixed an issue where the firewall duplicated address objects when you imported a configuration to Panorama.
PAN-109270
Fixed an issue on a firewall in an HA active/passive configuration where the passive firewall processed a high rate of packets.
PAN-107786
Fixed an issue where you were unable to import variable CSV files when the external gateway was configured with a source region of
Any
.
PAN-107779
Fixed an issue where Wildfire® signature version information was no longer displayed after you activated a GlobalProtect client.
PAN-106628
Fixed an issue where the firewall did not generate a system log when the firewall detected a RAM issue.
PAN-106449
Fixed an issue when you connected to an internal GlobalProtect gateway on a firewall in an HA active/passive configuration and authenticated with multi-factor authentication (MFA) to access a resource where the first and second authentication factors succeeded but you would not be redirected to the actual resource.
PAN-105286
Fixed an issue where the firewall did not record email header information in Data Filtering logs when you triggered a test mail that contained a data leak prevention (DLP) pattern.
PAN-104808
Fixed an issue where scheduled SaaS reports generated and emailed empty PDF reports.
PAN-104454
Fixed a memory leak issue with the User-ID (
useridd
) process when you enabled VM Monitoring.
PAN-103865
Fixed an issue where the firewall did not detect user credentials when the number of users exceeded 60,000. To leverage this fix, you must upgrade Windows agents to User-ID agent 8.1.11 or a later User-ID agent 8.1 release.
PAN-104251
Fixed an issue where the syslog server TCP keep-alive parameter caused the connection to unexpectedly age out.
PAN-101613
(
PA-800 Series firewalls only
) Fixed an intermittent congestion condition caused by paused frames on firewalls where flow control was enabled on adjacent firewalls. To leverage this fix, run the
set system setting hol-system enable
CLI command to enable head-of-line (HOL) system mode.
PAN-98974
Fixed an issue where the export function (
Panorama
Managed Devices
Summary
Manage
) was not available for managed devices.
PAN-50031
Fixed an issue where the
show wildfire local statistics
CLI command incorrectly returned samples pending analysis when there were no actual samples pending.

Recommended For You