PAN-OS 8.1.6 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 8.1 (EoL)
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
-
-
- App-ID Changes in PAN-OS 8.1
- Authentication Changes in PAN-OS 8.1
- Content Inspection Changes in PAN-OS 8.1
- GlobalProtect Changes in PAN-OS 8.1
- User-ID Changes in PAN-OS 8.1
- Panorama Changes in PAN-OS 8.1
- Networking Changes in PAN-OS 8.1
- Virtualization Changes in PAN-OS 8.1
- Appliance Changes in PAN-OS 8.1
- Associated Software and Content Versions
- Limitations
-
- PAN-OS 8.1.26-h1 Addressed Issues
- PAN-OS 8.1.26 Addressed Issues
- PAN-OS 8.1.25-h3 Addressed Issues
- PAN-OS 8.1.25-h2 Addressed Issues
- PAN-OS 8.1.25-h1 Addressed Issues
- PAN-OS 8.1.25 Addressed Issues
- PAN-OS 8.1.24-h2 Addressed Issues
- PAN-OS 8.1.24-h1 Addressed Issues
- PAN-OS 8.1.24 Addressed Issues
- PAN-OS 8.1.23-h1 Addressed Issues
- PAN-OS 8.1.23 Addressed Issues
- PAN-OS 8.1.22 Addressed Issues
- PAN-OS 8.1.21-h3 Addressed Issues
- PAN-OS 8.1.21-h2 Addressed Issues
- PAN-OS 8.1.21-h1 Addressed Issues
- PAN-OS 8.1.21 Addressed Issues
- PAN-OS 8.1.20-h1 Addressed Issues
- PAN-OS 8.1.20 Addressed Issues
- PAN-OS 8.1.19 Addressed Issues
- PAN-OS 8.1.18 Addressed Issues
- PAN-OS 8.1.17 Addressed Issues
- PAN-OS 8.1.16 Addressed Issues
- PAN-OS 8.1.15-h3 Addressed Issues
- PAN-OS 8.1.15 Addressed Issues
- PAN-OS 8.1.14-h2 Addressed Issues
- PAN-OS 8.1.14 Addressed Issues
- PAN-OS 8.1.13 Addressed Issues
- PAN-OS 8.1.12 Addressed Issues
- PAN-OS 8.1.11 Addressed Issues
- PAN-OS 8.1.10 Addressed Issues
- PAN-OS 8.1.9-h4 Addressed Issues
- PAN-OS 8.1.9 Addressed Issues
- PAN-OS 8.1.8-h5 Addressed Issues
- PAN-OS 8.1.8 Addressed Issues
- PAN-OS 8.1.7 Addressed Issues
- PAN-OS 8.1.6-h2 Addressed Issues
- PAN-OS 8.1.6 Addressed Issues
- PAN-OS 8.1.5 Addressed Issues
- PAN-OS 8.1.4-h2 Addressed Issues
- PAN-OS 8.1.4 Addressed Issues
- PAN-OS 8.1.3 Addressed Issues
- PAN-OS 8.1.2 Addressed Issues
- PAN-OS 8.1.1 Addressed Issues
- PAN-OS 8.1.0 Addressed Issues
End-of-Life (EoL)
PAN-OS 8.1.6 Addressed Issues
PAN-OS® 8.1.6 addressed issues
Issue ID | Description |
|---|---|
WF500-4901 | Fixed an issue where files sent by Traps™
to WildFire® were referenced for trusted signers in the incorrect
database, which resulted in a malicious file verdict and caused
conflicting post detection events. |
WF500-4893 | (RADIUS server profile configurations
only) Fixed an issue where the RADIUS authentication protocol
was incorrectly changed to CHAP authentication when you pushed a
commit from a Panorama™ appliance running a PAN-OS® 8.1 release
to a WF-500 appliance running a PAN-OS 8.0 release. |
WF500-4869 | Fixed an issue on a WF-500 appliance where
the sample analysis failed when using FIPS-CC mode. |
WF500-4815 | Fixed an intermittent issue on WF-500 appliances
where the Redis command line interface (CLI) failed to execute during
master node re-balancing. |
WF500-4747 | Fixed an issue on a WF-500 appliance where
the Panorama™ management server ran unrelated Logging Service threads. |
WF500-4636 | (WF-500 Appliances only) Fixed
a rare issue that occurred after upgrading from a PAN-OS 8.0 release
to a PAN-OS 8.1 release where the disk partition became full due
to the amount of data on the drive and, when you tried to delete
the backup database to free up space, the debug wildfire reset backup-database-for-old-samples CLI
command failed and resulted in the following error: Server error : Client wf_devsrvr not ready. |
PAN-111305 | Fixed an issue where you were unable to
reference certificate profiles from the External Dynamic Lists (ObjectsExternal Dynamic ListsAddCreate List)
but instead, you had to type in the certificate profile. |
PAN-110448 | Fixed an issue on PA-3200 Series firewalls
where the dataplane took longer than expected to respond or intermittently
stopped responding after a firewall reboot. |
PAN-109594 | Fixed an issue where the dataplane restarted
when an IPsec rekey event occurred and caused a tunnel process (tund) failure
when one--but not both--HA peer is running PAN-OS 8.0.14 or PAN-OS
8.1.5. |
PAN-109124 | A security-related fix was made to address
an issue where you were unable to retrieve GlobalProtect™ cloud
service threat packet captures from the Logging Service on Panorama
M-Series and virtual appliances. |
PAN-108785 | Fixed an intermittent issue on a firewall
in an HA active/passive configuration where a ping test stopped
responding on Ethernet 1/1, 1/2, and 1/4 due to input errors on
the corresponding switch port after an HA failover. |
PAN-108241 | Fixed an issue on a PA-3200 Series firewall
where multiple dataplane processes (all_pktproc, flow_mgmt,
flow_ctrl, and pktlog_forwarding) stopped responding when
overloaded with traffic. |
PAN-108165 | Fixed memory issues on Palo Alto Networks
hardware and virtual appliances that caused intermittent management
plane instability. |
PAN-108161 | Fixed an issue on an HA active/passive configuration
where GTP sessions did not properly sync to the passive firewall,
which caused a failure on the passive firewall during a failover. |
PAN-107895 | Fixed an issue where PDP Delete Response
packet did not match the GTPv1-C tunnel session, which caused the
generated GTP log to display incorrect session data. |
PAN-107893 | Fixed an issue where a Delete
PDP Context Response (MonitorLogsGTP)
did not correlate with a Delete PDP Context Request and
appeared as a new session. |
PAN-107790 | Fixed an issue where Application incorrectly
displayed as unknown-udp instead of gtp-c for
the GTPv1-C tunnel management message GTP
Event Type. |
PAN-107734 | |
PAN-107694 | Fixed an issue on Panorama M-Series and
virtual appliances where after you selected Allow with
Ticket (NetworksGlobalProtectPortals <Portal-Name>App) the web interface Generate
Ticket did not display. |
PAN-107290 | Fixed an issue where a single API call failed
to locate a Device Group node and create a device node for the Device
Group when necessary. |
PAN-107262 | A security-related fix was made to prevent
cross-site scripting (XSS) attacks through the PAN-OS Management
Web Interface (CVE-2019-1566). |
PAN-106947 | Fixed an intermittent issue where a large
number of out-of-order TCP packets caused packet buffer depletion. |
PAN-106776 | A security-related fix was made to prevent
a cross-site scripting (XSS) vulnerability in PAN-OS External Dynamic
Lists (CVE-2019-1565). |
PAN-106759 | Fixed an issue in an HA active/passive configuration
where a process (configd) restarted due to a memory error. |
PAN-106253 | Fixed an issue where the GTP Message Type Modify Bearer
Response and GTP Event Code 124223 were
denied due to failed stateful inspections. |
PAN-106251 | Fixed an issue where the list of Panorama
Managed Devices did not display (PanoramaDeviceDeploymentLicenses). |
PAN-105928 | Fixed an issue on a firewall where server
side data packets dropped after a terminated challenge ACK session
was reused. |
PAN-105759 | Fixed an issue on PA-3200 Series and PA-5200
Series firewalls in an HA active/active configuration where the
SNMP notification did not report the HA interfaces. |
PAN-105570 | (PA-3200 Series, PA-5200 Series, and
PA-7000 Series firewalls only) Fixed an issue where the QoS
profile rule did not match non-offloaded traffic as expected. |
PAN-105567 | Fixed an intermittent issue on Panorama
M-Series and virtual appliances where a cloned security or NAT policy
used the incorrect Rule order. |
PAN-105348 | Fixed an issue on Panorama M-Series and
virtual appliances where Dynamic Updates (DeviceDynamic Updates) did not allow
local overrides on an existing template. |
PAN-105281 | (PAN-OS 8.1.6 and later) Fixed
an issue where a SAML based GlobalProtect re-authentication portal
displayed an authentication error after you have previously logged
in. |
PAN-105157 | Fixed an intermittent issue on Panaoram
M-Series and virtual appliances where logs did not display due to
a file descriptor limit by the process (Elasticsearch). |
PAN-105103 | Fixed an intermittent issue where GTP logs
did not display due to GTP packets with an APN > 14 bytes caused
the traffic log to reach the limit and stopped generating logs. |
PAN-105012 | Fixed an issue on Panorama M-Series and
virtual appliances where a log migration from an old-disk pair to
a new-disk pair failed with the following error message: Error restoring disks from RMAed device,
which caused the (configd) process to fail. |
PAN-104463 | Fixed an intermittent issue where the DNS
resolution stopped responding when the firewall acted as a DNS proxy
and the DNS request volume was higher than expected. |
PAN-104361 | Fixed an issue on a firewall in an HA active/passive
configuration where a process (all_task) failed due
to a (bad_gtp_header) code on the passive firewall after
upgrading from PAN-OS 8.0.12. |
PAN-104300 | Fixed an issue on a firewall where a process (mprelay)
stopped responding while the (> debug dataplane internal pdt)
command was processed. |
PAN-104165 | Fixed an issue on a VM-Series firewall configured
to use the i40e single-root input/output virtualization (SR-IOV)
virtual function (VF) with VLAN tagging dropped Ethernet frames
exceeding 1496 bytes. |
PAN-104077 | Fixed an intermittent issue where User-ID™
stopped responding, which caused the user IP mapping to not display. |
PAN-104042 | Fixed an issue where directly connected
IPv4 routes do not display in the routing table after the firewall
was restarted. |
PAN-104041 | Fixed an issue where the web interface management
session failed to time out as expected when you set the Idle Timeout (DeviceSetupManagementAuthentication SettingsEdit)
to more than five minutes. |
PAN-103665 | Fixed an issue on an HA active/active configuration
where the active primary LLDP profile could not be copied to the
active secondary firewall. |
PAN-103224 | Fixed an issue on a VM-Series firewall where
the initialization buffer caused the firewall to stop responding
when five or more interfaces were active. |
PAN-102954 | A security-related fix was made to address
a code parameter in the clientless VPN portal. |
PAN-102625 | Fixed an issue on a firewall where traffic
stopped passing due to higher than normal duplicate TCP ACK packets
sent from the client side, which caused a spike in packet buffers
and packet descriptor usage. |
PAN-102338 | Fixed an issue where you were unable to
configure Maximum Egress (NetworkQoS)
to 10000 Mbps on a 10000 Mbps port. |
PAN-101990 | Fixed an issue on Panorama M-Series and
virtual appliances in an HA active/passive configuration where you
were unable to edit the template variables (PanoramaSummary). |
PAN-101973 | Fixed an issue where you were unable to
configure IPv6 variables (NetworkVirtual RoutersAddStaticRoutesIPv6). |
PAN-101882 | Fixed an issue on Panorama M-Series and
virtual appliances where a partial Commit and Push for one or more
administrators incorrectly sets the Push scope to all relevant firewalls
as if a full Commit and Push was performed. |
PAN-101851 | Fixed an intermittent issue on PAN-OS 8.1.3
and later releases, where downloading files from email services
were allowed when the file blocking profile was configured to block
email service file downloads. |
PAN-101800 | Fixed an issue where the parent session
stopped responding during a file transfer using a decryption enabled
FTP server with the following error message: Lost connection. |
PAN-101692 | Fixed an issue where the (show session all filter nat-rule)
command did not respond with destination NAT rules. |
PAN-101684 | Fixed an issue on Panorama M-Series and
virtual appliances where adding a threat exception for a child Device
Group caused existing rules to be removed from the Global Device
Group. |
PAN-101614 | Fixed an issue on a firewall where SSL/TLS
Service Profile (DeviceSSL/TLS
Service Profile) values failed to change
after an override. |
PAN-101607 | Fixed an issue where template administrators
with the required permission made configuration changes on shared
objects and the Commit failed with the following error message: No pending change to commit. |
PAN-101401 | Fixed an issue where a DNS App-ID™ security
policy allowed non-DNS traffic to flow through. |
PAN-101202 | Fixed an issue on a firewall where the TFC
padding parameter was set to null when negotiating
with a peer device capable of TFC padding during IKEv2 negotiations. |
PAN-101185 | Fixed an issue on Panorama M-Series and
virtual appliances where the Decrypt Mirror (NetworkInterfacesEthernetInterface Type) template setting
did not Push to a firewall. |
PAN-101031 | Fixed an issue where you were unable to
select existing certificates after you created an IKE gateway on
a template stack and changed Authentication to Certificate. |
PAN-101029 | Fixed an issue where routing traffic dropped
due to an increased activity in global counter (flow_fpga_rcv_egr_L3_NH_NF)
when an interface is moved from one virtual router to another. |
PAN-100962 | Fixed an issue on Panorama M-Series and
virtual appliances where the disk quota configuration exceeded a
combined total of 100 percent when a Push was performed from Panorama
due to value discrepancies between Panorama and the firewall. |
PAN-100717 | Fixed an issue where the (configd)
process depleted memory when you deleted multiple security rules
with an XML API call. |
PAN-100623 | Fixed an issue on a firewall in an HA active/passive
configuration where a higher than normal rate of HA session update
messages caused higher than normal CPU usage on both active and
passive nodes. |
PAN-100381 | Fixed an issue on a firewall in an HA configuration
where a path monitoring variable was not available for Destination
IP (DeviceHigh AvailabilityLink and Path MonitoringAdd Virtual
Router Path). |
PAN-100173 | Fixed an issue where H.323 based calls had
audio issues due to the predicted RTP session not following the
policy-based forwarding (PBF) rules that sends traffic from the
client to servers, which caused RTP traffic to be forwarded incorrectly
by route. |
PAN-99924 | Fixed an issue where the Panorama management
server web and CLI stopped responding after a partial configuration
load (PanoramaSetupOperations). |
PAN-99764 | Fixed an issue on VM-Series firewalls where
CPU calculations for additional vCPUs in the dataplane did not display
correctly. |
PAN-99742 | Fixed an issue on a PA-500 Series firewall
where SSL Forward Proxy was denied due to insufficient shared memory. |
PAN-99621 | Fixed an issue on a firewall where Captive
Portal sessions matched incorrect policies and were incorrectly
logged in the traffic log. |
PAN-99504 | Fixed an issue on a firewall where Group
Mapping (DeviceUser IdentificationGroup Mapping Settings) did
not display the list of LDAP server profile users when a Domino
server with an empty distinguished name (DN) was used. |
PAN-99079 | Fixed an issue on Panorama M-Series and
virtual appliances where Logging Service was enabled, traffic log
filters with a variable length subnet mask did not display any logs. |
PAN-99058 | Fixed an issue where threat log messages
(SCAN: UDP Port Scan) appeared when
the UDP port scan traffic rate was less than the Reconnaissance
Protection UDP port scan threshold. |
PAN-99002 | Fixed a rare issue where XML files with
random file sizes failed to upload through API calls. |
PAN-99000 | Fixed an issue where the packet capture
option did not display (MonitorTraffic) when administrators
switched context from Panorama to a managed firewall. |
PAN-98861 | Fixed an issue where shadowed rule warnings
did not display during commits. |
PAN-98811 | Fixed an issue on Panorama M-Series and
virtual appliances where Group Mapping Settings (ObjectSecurity ProfileURL FilteringUser Credential Detection)
did not display profile names. |
PAN-98786 | Fixed an issue where websites were not accessible
when you configured a decryption policy Action to No Decrypt and
enabled Block sessions with expired certificates. |
PAN-98625 | Fixed an issue where the Threat Category (MonitorThreat)
did not display as expected on Panorama M-Series and virtual appliances
when it received logs from PA-200, PA-220, PA-500, and PA-800 Series
firewalls. |
PAN-97898 | Fixed a rare issue where the traffic log
did not generate data due to a negative log counter reading. |
PAN-97743 | Fixed an issue where the firewall did not
recognize the small form-factor pluggable (SFP) port, which caused
the dataplane to restart when the path monitor process stopped responding. To ensure a successful upgrade to PAN-OS
8.1.6 for this fix, re-seat all connected SFP transceivers and then
follow the upgrade path described
in the PAN-OS 8.1 upgrade procedure (PAN-OS 8.1 New Features Guide). |
PAN-97672 | Fixed an issue where polled SNMP object
identifiers (OID) stopped responding after the firewall was restarted. |
PAN-97670 | Fixed an issue on a VM-Series firewall in
an HA active/passive configuration where after a reboot, the passive
firewall sent ARP packets during the initialization state, which
caused a traffic conflict with the active firewall. |
PAN-97496 | Fixed an issue on a firewall where the (show running resource-monitor ingress-backlogs)
CLI command displayed invalid session IDs. |
PAN-97298 | (PAN-OS 8.1.1 and later releases only)
Fixed an issue where Address Groups (ObjectsAddress Groups)
search results were cleared from the web interface when you switched
between tabs. |
PAN-97223 | Fixed an issue where an administrator with
superuser access was unable to remove a configuration lock from
a logged out administrator whose username contained a backslash
(" \ "). |
PAN-97139 | Fixed an issue where the GlobalProtect Data
File (DeviceDynamic
UpdatesGlobalProtect data File)
version did not update after a PAN-OS 8.1 upgrade. |
PAN-95975 | Fixed an issue on a firewall in an HA active/passive
configuration where the scheduled antivirus content update failed
due to a process (mgmtsrvr) failure. |
PAN-95121 | Fixed an issue where applications gets disabled
after you enabled them during the install or revert of application
and threat signatures. |
PAN-93112 | Fixed an issue on a PA-5200 Series firewall
where small form-factor pluggable (SFP) ports only linked in auto
negotiation mode. |
PAN-91059 | Fixed an issue where GTP log query filters
did not work when you filtered based on a value of unknown for
the message type or GTP interface fields (MonitorLogsGTP). |
PAN-90096 | Fixed an issue where Threat logs recorded
incorrect IMSI values for GTP packets when you enabled Packet
Capture in Vulnerability Protection profiles (ObjectsSecurity ProfilesVulnerability Protection<vulnerability_protection_profile>Rules). |
PAN-88461 | Fixed an issue on PA-3050 and PA-3060 firewalls
in an HA active/passive configuration with link state pass-through
enabled in virtual wire (vwire) where the Aggregate Ethernet (AE)
interface communication failed during an HA failover event. |
PAN-84292 | Fixed an issue on a firewall where the (show system state browser)
command window displayed live traffic values toggle between zero
and other incorrect values. |