1. Home
    2. PAN-OS
    3. PAN-OS® Release Notes
    4. PAN-OS 9.0 Addressed Issues
    5. PAN-OS 9.0.0 Addressed Issues
    End-of-Life (EoL)

    PAN-OS 9.0.0 Addressed Issues

    PAN-OS® 9.0.0 addressed issues.
    Issue ID
    Description
    WF500-4811
    Fixed an issue where WF-500 appliances displayed the wrong WildFire® content version (
    show system info
    ) after a WildFire content update.
    PAN-109668
    A security related fix was made to limit the amount of information returned from an API call error message.
    PAN-109124
    A security-related fix was made to address an issue where you were unable to retrieve GlobalProtect™ cloud service threat packet captures from the Logging Service on Panorama™ M-Series and virtual appliances.
    PAN-109096
    Fixed an issue where the firewall did not remove the
    4 Byte AS Format
     number when
    Remove Private AS
     is enabled.
    PAN-109003
    Fixed an issue on Panorama M-Series and virtual appliances where a process (configd) stopped responding during a local commit.
    PAN-107887
    Fixed an issue where an API call did not return the details of the security policy when you added a service group.
    PAN-107779
    Fixed an issue where Wildfire signature version information was no longer displayed after you activated a GlobalProtect client.
    PAN-107117
    Fixed an issue where device administrators were unable to manually upload signature files (
    Device
    Dynamic Updates
    ) and the firewall displayed the following error message:
    Youneed superuser privileges to do that.
    PAN-106784
    Fixed an issue where the firewall revealed password hashes in the web interface when changing administrator passwords.
    PAN-106721
    Fixed an intermittent issue where a processor cache memory corruption caused a reload when the firewall freed packets from the buffer.
    PAN-106695
    Fixed an issue on a firewall in a high availability (HA) active/passive configuration where the Panorama management server enabled the administrator to clone a rule on the passive firewall.
    PAN-106331
    Fixed an issue with multiple or overlapping custom URL categories where traffic matched the incorrect Security policy rule when the custom URL category was used in a Security policy rule with a URL filtering profile.
    PAN-106181
    Fixed an issue where the
    Cancel
     option was removed to prevent access when you
    Require Password Change on First Login
     (
    Device
    Setup
    Management
    ).
    PAN-106019
    Fixed an issue where a process (routed) stopped responding when an incomplete command ran in the XML API.
    PAN-105849
    A security-related fix was made to address an issue with the
    wf_curl.log
     file in WF-500 appliances (WildFire).
    PAN-105737
    Fixed an issue where AUX ports remained in Down state after you upgraded to PAN-OS
    ®
     8.1.7.
    PAN-105684
    Fixed as issue on a firewall in an HA active/passive configuration where OSPF and BGP running on an Aggregate Ethernet (AE) with LACP enabled took longer than expected after a failover.
    PAN-105040
    Fixed an issue where the dataplane processor caused memory loss in the packet buffer pool.
    PAN-104623
    Fixed an issue where a process (brdagent) printed QoS information messages in the brdagent.log file, which caused a missed heartbeat and the firewall to restart.
    PAN-104616
    Fixed an issue where certificate imports failed when you used a backslash (
    \
     ) character in a password to export certificates.
    PAN-104578
    (
    PA-800 Series firewalls only
    ) Fixed an issue on a firewall in an HA active/passive configuration where the HA failover took longer than expected.
    PAN-104572
    Fixed an issue on Panorama M-Series and virtual appliances where the configd.log file displayed schema error messages after you created an administrator role with context switch UI permissions enabled.
    PAN-104354
    Fixed an issue on a firewall in an HA active/passive configuration where the passive firewall ran a configuration out of sync after a restart.
    PAN-104078
    Fixed an issue where administrators could not successfully add conditional advertisements (
    Network
    Virtual Routers
    <virtual-router>
    BGP
    Conditional Adv
    ) for BGP routing tables (changes were lost after commit).
    PAN-103863
    Fixed an issue where the IPSec tunnel restart (
    Network
    IPSec Tunnels
    IKE Info
    ) did not display properly on the web interface.
    PAN-103857
    Fixed an issue on a firewall in an HA active/passive configuration where the suspended firewall processed traffic.
    PAN-103615
    Fixed an issue where scheduled log exports failed on nonstandard ports.
    PAN-103192
    Fixed an issue on a firewall where the Global Find for IPSec tunnels displayed incorrect search results.
    PAN-103061
    Fixed an issue where special characters contained in the CLI comment field caused the process (devsrvr) to stop responding.
    PAN-103055
    Fixed an issue where you were unable to filter Address Groups (
    Objects
    Address Groups
    ) by an address object name.
    PAN-102779
    Fixed an issue on a PA-3000 Series firewall where multiple (all_pktproc) processes failed and caused the dataplane to stop responding.
    PAN-102526
    Fixed an issue on Panorama M-Series and virtual appliances where disk quota edits failed and displayed the following error message:
    quota-settings -> disk-quota is invalid
    .
    PAN-102029
    Fixed an issue on a firewall where the DNS resolution routed through the dataplane and configured with a service route, stopped responding when the management interface was not configured.
    PAN-101821
    Fixed an issue where Referer was spelled incorrectly in the HTTP Headers section of the Detailed Log View (
    Monitor
    URL Filtering
    ).
    PAN-101451
    Fixed an issue where SNMP queries displayed incorrect values.
    PAN-101391
    Fixed an issue where the scheduled nightly custom report was not generated or emailed as expected.
    PAN-101365
    Fixed an intermittent issue where the session ID did not clear when the session ID is set to 0.
    PAN-101294
    Fixed an issue where administrators were allowed to create tunnel interfaces from the template stack.
    PAN-101068
    Fixed an issue where the object identifier (OID) ifAdminStatus incorrectly displayed
    up
     when configured to
    down
    .
    PAN-100656
    Fixed an issue Panorama M-Series and virtual appliances where duplicate entries in BGP redistribution configurations were not verified, which caused commits to fail.
    PAN-100464
    Fixed an issue where the sub-interfaces and the configurations were deleted when you tried to override the subinterface of a template stack.
    PAN-100154
    Fixed an issue where the default static route always became the active route and took precedence over a DHCP auto-created default route that was pointing to the same gateway regardless of the metrics or order of installation. With this fix, the firewall no longer installs the default static route in the FIB when the system has both a DHCP auto-created default route and a manually configured default static route pointing to the same gateway.
    PAN-100049
    Fixed an issue on Panorama M-Series and virtual appliances where Push Scope Selection (
    Commit
    Push to Devices
    ) selected firewalls not in the hierarchy of the firewall you selected.
    PAN-99945
    Fixed an issue on Panorama where the progress bar in the web interface stopped responding and did not display any status after sending a commit or activating an auth code even though the task completed successfully.
    PAN-99640
    A security-related fix was made to address a denial of service (DoS) vulnerability in PAN-OS Linux Kernel (CVE-2017-8890).
    PAN-99551
    Fixed an issue on a firewall in an HA active/passive configuration where the User-ID™ process stopped responding on the passive firewall when the system was managing a high number of (more than 30,000) active users.
    PAN-99447
    "
    Virtual and M-Series Panorama appliances and Log Collectors only
    ) Fixed an issue where a Log Collector received logs destined for closed Elasticsearch (ES) indices, which caused indices to return failure messages and, when the issue persisted for more than a few hours, caused Log Collectors to disconnect and reconnect repeatedly when attempting (and failing) to process the re-queued logs.
    PAN-98130
    Fixed an intermittent issue where the firewall allowed traffic based on an unmatched rule after a session rematch is triggered.
    PAN-98005
    Fixed an issue where adding more than eight Log Collectors to a collector group caused the configuration (configd) process to stop responding.
    PAN-97848
    Fixed an issue where if you deployed Panorama on KVM, it deployed in Legacy mode instead of Management Only mode even when meeting the minimum resource requirements for Management Only mode.
    PAN-97417
    Fixed an issue where the loopback IP address redistributed to the Local RIB table instead of the Adj-RIBs-out table.
    PAN-96344
    Fixed an issue on a firewall where TCP reset packets were sent even after you set the vulnerability profile action to drop the packets.
    PAN-96297
    Fixed an issue where a process (useridd) stopped responding due to the syslog server messages not parsing with field identifiers.
    PAN-95445
    This fix requires the VMware NSX 2.0.4 or a later plugin.
    Fixed an issue where VM-Series firewalls for NSX and firewalls in an NSX notify group (
    Panorama
    VMware NSX
    Notify Group
    ) briefly dropped traffic while receiving dynamic address updates after the primary Panorama in a high availability (HA) configuration failed over.
    PAN-94486
    Fixed an issue where the dataplane did not get a dynamic IP address assigned because the process (routed) did not release it.
    PAN-92725
    Fixed an issue on the firewall and Panorama management server where the web interface became unresponsive because the (cord) process restarted after you configured multiple log forwarding destinations in a single forwarding rule for Correlation logs (
    Device
    Log Settings
    ).
    PAN-92485
    Fixed an issue on Panorama M-Series and virtual appliances where you were unable to set the MTU (
    Network
    Interfaces
    Ethernet
    <Interface>
    Ethernet Interface
    Advanced
    Other Info
    ) value to more than 1460 bytes with Jumbo Frames enabled.
    PAN-91930
    Fixed an issue on Panorama M-Series and virtual appliances where you were unable to type in tunnel zone names in the Tunnel Source Zone (
    Policies >
    Pre Rules >
    <rule-name>
    Inspection
    Security Options
    ) field.
    PAN-91499
    Fixed an issue on a firewall where an address object FQDN resolution returned the IPv6 DNS record but did not return all associated -- IPv4 and IPv6 -- DNS records.
    PAN-91442
    Fixed an issue where an external dynamic list with an invalid IPv6 address range caused commits to fail.
    PAN-82278
    Fixed an issue where filtering did not work for Threat logs when you filtered for threat names that contained certain characters: single quotation (
    ), double quotation (
    ), back slash (
    \
    ), forward slash (
    /
    ), backspace (
    \b
    ), form feed (
    \f
    ), new line (
    \n
    ), carriage return (
    \r
    ), and tab (
    \t
    ).
    PAN-72861
    Fixed an issue where when you configured a PA-5200 Series or PA-7000 Series firewall to perform tunnel-in-tunnel inspection, which includes GRE keep-alive packets (
    Policies
    Tunnel Inspection
    <tunnel_inspection_rule>
    Inspection
    Inspect Options
    ), and ran the
    clear session all
     CLI command while traffic was traversing a tunnel, the firewall temporarily dropped tunneled packets.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo