PAN-OS 8.1.9 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
End-of-Life (EoL)
PAN-OS 8.1.9 Addressed Issues
PAN-OS® 8.1.9 addressed issues
Issue ID | Description |
---|---|
WF500-4995 | Fixed an issue on Panorama™ M-Series and
WF-500 appliances where administrators were unable to run the debug software disk-usage aggressive-cleaning enable CLI command
and resulted in the following error message: Server error : Failed to execute op command. |
PAN-118949 | Fixed an issue where after you changed the
filter configuration in the user.src notin 'cns\proxy full profile the
firewall displayed the following error message: Unknown user group cns\Proxy Full. |
PAN-118407 | Fixed an issue where an internal path monitoring
failure due to a buffer leak caused the firewall to reboot. |
PAN-117729 | Fixed an issue where the firewall incorrectly
displayed application dependency warnings (PoliciesSecurity) after you initiated
a commit. |
PAN-117149 | Fixed an issue on firewalls configured with
authentication policies where sessions matching an authentication
policy did not generate traffic logs as defined in the security
policy when sessions were redirected or denied. |
PAN-116851 | Fixed an issue where users were unable to
open an app in their browser after they logged in to GlobalProtect™
Clientless VPN until they closed any and all tabs associated with
that app and then opened the app a second time. This issue occurred
only when an administrator configured a Source User for the Clientless
VPN Security policy rule (PoliciesSecurity<GP-VPN-Security-policy-rule>User). |
PAN-116848 | Fixed an issue where multiple device group
administrators simultaneously enabled configuration locks caused
a race condition. |
PAN-116828 | Fixed an issue on Panorama M-Series and
virtual appliances where the management server and a process (configd)
used higher than expected CPU and memory when you added or deleted
a larger than expected number of Security policy rules with an XML API. |
PAN-116613 | Fixed an issue on a VM-Series firewall deployed
in Microsoft Azure where packets dropped silently due to a kernel
error. |
PAN-116579 | Fixed an issue where the firewall sent truncated
URLs to the Captive Portal Redirect message when HTTPS traffic sent
through a proxy server was subjected to decryption. |
PAN-116069 | (PA-200 firewalls only) Fixed an
issue where the report generation default configuration caused an
out-of-memory condition. |
PAN-116022 | Fixed an issue where the NSX Manager passed
a blank string to Panorama, which caused a null entry into the configuration
and commits to fail. |
PAN-115526 | Fixed an issue where a dataplane process (all_pktproc)
stops responding due to a packet buffer protection feature. |
PAN-115494 | Fixed an issue where the "/opt/pancfg/"
partition became full due to a configuration preview operation not
responding. |
PAN-115450 | Fixed a rare issue where a race condition
occurred between daemons during a tunnel re-key, which caused BGP
sessions to drop from Large Scale VPN tunnels. To leverage this
fix, you must run the debug rasmgr delay-nh-update CLI command. |
PAN-115415 | Fixed an issue where a session created from
a predict session went into DISCARD state. |
PAN-115379 | Fixed an issue where you were unable to
create a custom log forwarding profile when you configured a filter
with the "in" and "not in" configurations (ObjectsLog ForwardingAddAddFilterFilter Builder)
and resulted in the following error message: Invalid filter <Log Forwarding profile name> match-list -> <match list profile-name> -> filter is invalid. |
PAN-115339 | Fixed a rare issue where a commit caused
the firewall to stop responding when you enabled flow debug and
configured a NAT policy. |
PAN-114743 | Fixed an issue on Panorama M-Series and
virtual appliances where, after you upgraded the firewall to PAN-OS®
8.1, commits failed when Panorama is configured to manage shared
gateway objects for managed firewalls. |
PAN-114607 | Fixed an issue where all the log collectors
did not get queued when you configured more than 32 collector groups. |
PAN-114548 | Fixed an issue where the firewall discarded
external dynamic lists after the list was downloaded and a server
authentication attempt failure occurred. |
PAN-114437 | Fixed an issue on Panorama M-Series and
virtual appliances where, after you upgraded the firewall from PAN-OS
8.0.8 to PAN-OS 8.1.4, commits took longer than expected when you
configured the Device Group with large group hierarchies. |
PAN-114434 | Fixed an issue where the firewall created
incorrect predict sessions, which caused flow sessions to fail for
applications. |
PAN-113971 | (PA-7000 Series firewalls only)
Fixed an issue where the High Speed Chasis Interconnect (HSCI) link
flapped after you rebooted the firewall. |
PAN-113795 | Fixed an issue on a firewall configured
with GlobalProtect Clientless VPN where a process (all_pkts)
stopped responding, which caused the dataplane to restart. |
PAN-113775 | Fixed an issue where the firewall dropped UpdatePDPContext response
packets and displayed the following GTP log event: 122113. |
PAN-113631 | A security-related fix was made to address
a use-after-free (UAF) vulnerability in the Linux kernel (PAN-SA-2019-0017 / CVE-2019-8912). |
PAN-113619 | Fixed an issue where the GlobalProtect gateway
did not assign an IP address when the local IP address was a supernet
of the GlobalProtect pool. |
PAN-113614 | Fixed an issue with a memory leak on Panorama
appliances associated with commits that eventually caused an unexpected
restart of the configuration (configd) process. |
PAN-113340 | (PA-200 firewalls only) Fixed an
issue where the management plane (MP) memory was lower than expected,
which caused the MP to restart. |
PAN-113189 | A security-related fix was made to correct
log file string-conversion errors that caused parsing issues, which
caused the User-ID (useridd) process to stop running. |
PAN-113046 | (PA-5200 Series firewalls only)
Fixed an issue where a process (brdagent) stopped responding,
which caused the management plane to stop responding. |
PAN-112674 | Fixed an issue where an escape ( \ ) character
was added to HTTP logs when a log contained a comma. |
PAN-112577 | Fixed an issue on a VM-Series firewall in
a high availability (HA) active/passive configuration where the
HA1 port flapped and caused a split-brain condition. |
PAN-112446 | Fixed an issue where a predefined report
(blocked credential post) generated
reports using the incorrect query builder (flags has credential-builder),
which caused the report to incorrectly display logs for alerts. |
PAN-112319 | Fixed an issue where a race condition caused
a process (mgmtsrvr) to restart with an error message: Connecting to management server failed. |
PAN-112274 | Fixed an issue on Panorama M-Series and
virtual appliances where a process (configd) stopped
responding when a role-based user with privacy settings disabled,
viewed a scheduled report that required data anonymization. |
PAN-112167 | Fixed an issue where IPv4 BGP routes were
missing from the routing table and FIB after a failover event. |
PAN-111976 | Fixed an issue where you were unable to
generate user activity reports when the username included the colon
( : ), ampersand ( & ), and single parenthesis ( ' ) characters. |
PAN-111930 | (PA-3200 Series firewall only)
Fixed an issue on a firewall in an HA active/active configuration
where packets looped due to a higher than expected CPU rate. |
PAN-111708 | (PA-3200 Series firewalls only)
Fixed a rare software issue that caused the dataplane to restart
unexpectedly. To leverage this fix, you must run the debug dataplane set pow no-desched yes CLI
command (increases CPU utilization). |
PAN-111553 | Fixed an issue on the Panorama management
server where the Include Device and Network Templates setting
(CommitPush to DevicesEdit Selections or CommitCommit and PushEdit Selections) was disabled
by default and caused your push attempts to fail. With this fix,
your push will Include Device and Network Templates by default. |
PAN-111540 | Fixed an issue on PA-5200 Series firewalls
where the dataplane stopped responding when the session table was
full. |
PAN-111468 | Fixed an issue where you were unable to
save host information profile (HIP) reports due to a folder permission
error. |
PAN-111308 | Fixed an issue in Panorama where you were
able to push and commit the log forwarding configuration to firewalls
that did not support it. |
PAN-111286 | Fixed an issue where you were unable to
generate a custom report (MonitorManage Custom Report<device-name>Report Setting). |
PAN-111084 | Fixed an issue where an out-of-memory condition
caused all IPSec tunnels (which includes IKEv1, IKEv2, and NAT-T)
to stop responding. |
PAN-110962 | Fixed an issue where a process (all_pktproc) stopped
responding when SSH decryption was enabled, which caused the dataplane
to restart. |
PAN-110638 | Fixed an issue where you were unable to
establish a GlobalProtect connection on IPv6 and displayed the following
error message: Packet too big due to the firewall MTU value set lower than normalon
the neighboring firewall. |
PAN-110548 | Fixed an intermittent issue where heartbeats
failed on the management plane (MP), which caused the dataplane
to stop responding and displayed the following error message: Dataplane is down: controlplane exit failure. |
PAN-110168 | Fixed an issue where the firewall and Panorama
web interface did not present HSTS headers to your web browser. |
PAN-109926 | Fixed an issue where the firewall dropped
HTTPS connections to GlobalProtect and did not send an HTTPS redirect,
which caused the web browser to timeout. |
PAN-109853 | Fixed an issue where a log collector settings
preference list without an IPv4 address defined, configured an unknown
entry and caused connections between log collectors to intermittently
bounce. |
PAN-109746 | Fixed an issue on Panorama M-Series and
virtual appliances where the Device Group Syslog server profile
template allowed a space between the IP address and URL, which caused
pushes to firewalls to fail. |
PAN-109701 | Fixed an issue on Panorama M-Series and
virtual appliances where the Task Manager web interface did not
sort the list of firewalls by name. |
PAN-109672 | Fixed an issue on a VM-Series firewall in
an HA active/passive configuration where the passive firewall received
buffered packets while in an idle state when the data plane development
kit (DPDK) was enabled. |
PAN-109663 | Fixed an intermittent issue where the firewall
dropped packets when the policy rule was set to allow during a commit
or high availability (HA) sync. |
PAN-109551 | Fixed an issue where group-based policy
match stopped responding after a process (useridd)
restarted. |
PAN-109186 | Fixed an issue where the dataplane stopped
responding and caused a failover event. |
PAN-109024 | Fixed an issue where, after you upgrade
the firewall from PAN-OS 8.0 to PAN-OS 8.1, firewalls configured
with the User-ID™ agent and group mapping incorrectly mapped users
to groups. |
PAN-107677 | Fixed an issue on GlobalProtect where Security
Assertion Markup Language (SAML) authentication failed when you
used a macOS operating system. |
PAN-107143 | Fixed an issue on Panorama M-Series and
virtual appliances where a partial commit to the running configuration
was successful but did not get applied to the configuration when
you added a new address object to an existing address group. |
PAN-107117 | Fixed an issue where device administrators
were unable to manually upload signature files (DeviceDynamic Updates)
and the firewall displayed the following error message: You need superuser privileges to do that. |
PAN-106914 | Fixed an issue on a firewall in a high availability
(HA) active/passive configuration where HA1 and HA2 links stopped
passing packets, which caused a split-brain condition after an automatic
configuration sync. |
PAN-106543 | Fixed an issue on a firewall in an HA active/active
configuration where the show vpn ipsec-sa CLI
command incorrectly returned an error message: Server error: An error occurred. See dagger.log for information.
when you ran the command on the active secondary firewall. |
PAN-106141 | Fixed an issue where a firewall was unable
to establish an SSH session to a private cloud if you used the M-500
appliance interface configuration ethernet1/1 port. |
PAN-106019 | Fixed an issue where a process (routed)
stopped responding when an incomplete command ran in the XML API. |
PAN-105737 | (PAN-OS 8.1.7 & 8.1.8 only)
Fixed an issue where AUX ports remained in Down state after you
upgraded to PAN-OS 8.1.7. |
PAN-104909 | Fixed an issue where the firewall incorrectly
forwarded traffic when you configured the ingress interface with
a QoS policy and the egress interface as a tunnel. |
PAN-104515 | Fixed an issue where the Panorama web interface
took longer than expected to update the Managed Collectors (PanoramaManaged Collectors)
status. |
PAN-104144 | Fixed an intermittent issue where the management
plane (MP) CPU on Panorama and the manged firewall experience higher
than expected usage due to the redistribution of User-ID™ and when
more than one user was mapped to a single IP address. |
PAN-103847 | Fixed a memory buffer allocation issue that
caused the Session Initiation Protocol (SIP) traffic NAT to stop
responding. |
PAN-103656 | Fixed an issue on Panorama M-Series and
virtual appliances where you were unable to export threat pcaps
generated from Prisma™ Access and the firewall displayed the following
error message: File not found. |
PAN-101598 | (Japanese language only) Fixed
an issue where the Interface Mgmt (NetworkNetwork ProfilesInterface Mgmt) and Management Interface
Settings (DeviceSetupInterfacesManagement) web interfaces
incorrectly displayed Telnet as Temperature. |
PAN-101215 | Fixed an issue where you were unable to
connect to a syslog server over SSL due to a certificate validation
error. |
PAN-100773 | (PA-7000 Series firewalls only)
Fixed an issue where the Quad Small Form-factor Pluggable (QSFP)
port on a 20GQ NPC card unexpectedly entered low power mode and
did not link up. |
PAN-99958 | Fixed an issue where the dataplane did not
receive enough keep-alive packets as expected, which caused the
Syslog server connection to age-out. |
PAN-99134 | Fixed an issue where temporary files generated
during preview changes did not get cleared, which caused disk space
issues. |
PAN-99016 | A security-related fix was made to address
the LazyFP state restore vulnerability (PAN-SA-2019-0017 / CVE-2018-3665). |
PAN-96827 | Fixed an issue where BGP command output
formats did not display consistently across different PAN-OS releases. |
PAN-96790 | Fixed an issue where the FTP data connection
was incorrectly matched to the predict session for IPv6 addresses. |
PAN-96707 | (PA-5200 Series firewalls only)
Fixed an intermittent issue where CRC errors caused traffic issues. |
PAN-96371 | Fixed an issue where you were unable to
connect to GlobalProtect when a certificate did not have a common
name. |
PAN-95534 | Fixed an issue where the firewall could
not send syslogs to the syslog server. |
PAN-95072 | Fixed a log forwarding filter issue where
the firewall incorrectly sent logs for policies that were not configured
with log forwarding to the syslog server. |
PAN-94279 | Fixed an issue where a commit with an authentication
sequence configured was pushed from Panorama to a firewall and caused
the firewall's management server to stop responding. |
PAN-94059 | Fixed an issue where the firewall did not
send a complete certificate chain when you configure the Windows
User-ID Agent as a Syslog Listener. |
PAN-91442 | Fixed an issue where an external dynamic
list with an invalid IPv6 address range caused commits to fail. |
PAN-89820 | Fixed an intermittent issue where the Data
Filtering (MonitorData Filtering)
and Threat Log (MonitorThreat)
did not display file names when you transferred multiple files into
a single session. |
PAN-88987 | Fixed an issue on the PA-5220 firewall with
Dynamic IP and Port (DIPP) NAT where the number of translated IP
addresses could not exceed 3,000 or it caused commits to fail. |
PAN-88487 | Fixed an issue where the firewall stopped
enforcing policy after you manually refreshed an External Dynamic
List (EDL) that had an invalid IP address or that resided on an
unreachable web server. |