PAN-OS 8.1.14 Addressed Issues
PAN-OS® 8.1.14 addressed issues.
PA-7000 Series firewalls do not support the PAN-OS 8.1.14 release.
WF-500 appliances only) Fixed an issue where inadequate rotation of log files caused unusually high disk usage.
Added debugging task to periodically collect output (in the Tech Support File (TSF) from the
debug dataplane internal pdt bcm counters graphicalCLI command.
Fixed an issue in a high availability (HA) configuration where, after upgrading the passive firewall, the outer UDP sessions synced from the active firewall did not retain rule information and GPRS tunneling protocol (GTP) inspection failed after failover.
Fixed an issue where an HA failover occurred after the firewall reported the following error message in the System log:
Dataplane down: controlplane exit failure.
Fixed an issue where connections to the web interface were abruptly interrupted due to a double free condition (gPanUiPhpGlobal_secure_config_reset), which led to unexpected process restarts.
Fixed an issue with log collectors on Panorama where large indexes caused higher than expected CPU usage when disk space usage was high.
Fixed an issue where a commit took longer than expected after upgrading when
Negatewas enabled for addresses in a rule.
Fixed an issue where the passive firewall in an active/passive HA configuration deleted BGP-learned routes that were synchronized from the active firewall when the BGP configuration included the redistribution of the learned routes.
Fixed an issue with Security Assertion Markup Language (SAML) authentication where the firewall used old
authd_idvalues, which resulted in failed authentication.
Fixed an issue where improper parsing of the URL database caused high device-server CPU usage.
Fixed an intermittent issue where logs were missing with
log_indexdebug messages due to merging of the index.
Fixed an issue where the dataplane restarted during file transfer due to one or more content updates being installed at the same time.
Fixed an issue where the certificate was not automatically pushed to the firewall until you manually fetched the certificate from the firewall.
Fixed an issue where a commit failed on the firewall after disabling
Pre-Defined Reportsfrom Panorama.
Fixed an issue where packet descriptor (on-chip) usage reached 100% even though buffers, throughput, and session counts were not elevated.
Fixed an issue where export failed for a large running-config.xml file using the XML API.
Fixed an issue where the response for the XML API call for the
show object registered-ip alloperational CLI command included extra appended content.
Fixed an issue where SNMPv3 monitoring of the firewall failed from the Zabbix server after a firewall reboot or SNMP process restart on the firewall.
Fixed an issue where images displayed through the Clientless VPN were corrupted.
A fix was made to address an OS command line injection vulnerability in the PAN-OS management server where authenticated users were able to inject arbitrary shell commands with root privileges (CVE-2020-2014).
Fixed an issue where Security Assertion Markup Language (SAML) response validation failed with a certificate mismatch error even when the firewall had the same certificate on the identity provider.
A fix was made to address a command injection vulnerability in the PAN-OS management interface where an authenticated administrator was able to execute arbitrary OS commands with root privileges (CVE-2020-2010).
Fixed an issue where role-based administrators were unable to import certificate private keys onto firewalls.
Fixed an issue on Panorama where a commit failed when bootstrapping a firewall to a configuration with a serial number of "unknown." The commit failed with the following error message:
mgt-config -> devices -> unknown unknown is invalid.
PA-7000 Series firewalls only) Fixed an issue where auto-tagging failed for log forwarding.
Fixed an issue where a role-based adminstrator with CLI access was unable to successfully execute the
commit-partialCLI command to commit only changes made by themselves.
Fixed an issue where packets tagged with IP protocol 252 were incorrectly treated as GPRS tunneling protocol (GTP) traffic, which caused the packet processor to terminate.
PA-5200 Series and PA-7000 Series firewalls only) Fixed an issue where firewalls experienced high packet descriptor (on-chip) usage during uploads to the WildFire Cloud or WF-500 appliance.
Fixed an issue where a new GPRS tunneling protocol version 2 control plane (GTPv2-C) session reused GTP-C tunnel parameters within two seconds after deleting the old GTP-C session, which caused a session conflict on the firewall.
PA-3200 Series firewalls only) Fixed an issue where configuring 1G small form-factor pluggable (SFP) ports on a firewall with forced speed mode (of 1G) enabled made the link unusable when forced speed mode (of 1G) was also enabled on the peer firewall.
Fixed an issue where the firewall failed to correctly read the virtual system (vsys), which eventually resulted in a management server process restart.
PA-3200 Series firewalls only) Fixed an intermittent issue where firewalls dropped packets, which caused issues such as traffic latency, slow file transfers, reduced throughput, internal path monitoring failures, and application failures.
Fixed an issue where the dataplane restarted due to internal packet path monitoring failure.
Fixed an issue in Panorama where the
show system search-engine-quotaCLI command, the
show log-collector serial-number <log-collector_SN>CLI command, and
Panorama > Managed Collectors > Statistics) showed incorrect log retention data.
Fixed an issue where Session Initiation Protocol (SIP) calls failed and displayed the following error message:
end-reason : resources-unavailable.
A fix was made to address an OS command injection vulnerability in the management component of PAN-OS where an authenticated user was able to potentially execute arbitrary commands with root privileges (CVE-2020-2007).
A fix was made to address a stack-based buffer overflow vulnerability in the management server component of PAN-OS where an authenticated user was able to execute arbitrary code with root privileges (CVE-2020-2006).
PA-200 firewalls only) Fixed an issue where the User-ID™ process caused an out-of-memory (OOM) condition when the number of IP address tags monitored from Amazon Web Services (AWS) VM Monitoring was greater than the maximum supported number.
Fixed an issue on a firewall in a high availability (HA) active/passive configuration where the User-ID™ process stopped responding on the passive firewall when the system was managing a high number of (more than 30,000) active users.
Fixed an issue in the web interface where the language preference reverted to English after logging out from a session that was authenticated by Security Assertion Language Markup (SAML) single sign-on (SSO).
Fixed a rare issue where a URL update caused the dataplane to restart.
Fixed an issue on Panorama where the
ACCtab did not show data for the period before the daylight saving time (DST) change.
Recommended For You
Recommended videos not found.