PAN-OS 9.0.1 Addressed Issues

PAN-OS® 9.0.1 addressed issues.
Issue ID
Description
PAN-113911
Fixed an issue on PA-5200 Series firewalls where the dataplane stopped responding due to a deadlock when you accessed the stream session table.
PAN-113845
Fixed an issue where content installation failed and displayed the following error message:
Error: failed to handle TDB_UPDATE_BLOCK
, after you upgraded to PAN-OS
®
9.0.
PAN-113771
A security-related fix was made to allow Online Certificate Status Protocol (OCSP) checks while disallowing HTTP calls.
PAN-113682
Fixed an issue where the dataplane restarted when processing HTTP/2 traffic with padded DATA frames.
PAN-113675
A security-related fix was made to address an authentication bypass vulnerability in PAN-OS Management Web Interface (CVE-2019-1572/PAN-SA-2019-0005).
PAN-113512
Fixed an issue where an XML API response for an external dynamic list did not return invalid or ignored members after you upgraded to PAN-OS 9.0.
PAN-113446
Fixed an issue where the firewall unintentionally generated the following system log:
Installed content package WildFire is newer than available package, skipping
, when you checked for WildFire® updates.
PAN-113302
Fixed an issue where commits to the Panorama™ configuration after you upgraded to PAN-OS 9.0 failed with the following error message:
statistics-service is invalid
.
PAN-112700
(
PA-7000 Series firewalls in an HA configuration only
) Fixed an issue that occurred after you upgraded to PAN-OS 9.0 where some logs displayed a different rule name than the rule name associated with the universally unique identifier (UUID).
PAN-112592
Fixed an issue on a firewall where the system log did not generate an alert for AutoFocus™ license expiry.
PAN-112458
Fixed an issue on a firewall where the management server stopped responding when debugs were configured and you exported traffic logs (
Monitor
Traffic
<traffic-name>
Export to CSV
).
PAN-112428
Fixed an intermittent issue where autocommits failed and Panorama stopped displaying device groups when managing a WildFire appliance that was running an earlier maintenance release of the same feature release (such as using Panorama running PAN-OS 8.1.6 to manage a WF-500 appliance that was running PAN-OS 8.1.3).
PAN-112305
Fixed an issue where source (
Object
Dynamic Lists
<list-name>
Create List
) URLs, which contained double escape characters caused external dynamic list entries to display incorrect values in the policies.
PAN-112274
Fixed an issue on Panorama M-Series and virtual appliances where a process (
configd
) stopped responding when a role-based user with privacy settings disabled, viewed a scheduled report that required data anonymization.
PAN-112098
Fixed an intermittent issue on a firewall where outbound traffic failed with an error message: (
proxy decrypt failure
) when configured with HTTP Header Insertion (
Objects
Security Profiles
URL Filtering
<filter-name>
HTTP Header Insertion
).
PAN-111897
Fixed an issue where the tags were not set on OSPFv3 routes redistributed to BGP-3.
PAN-111850
Fixed an issue where the firewall did not capture the number of packets in the threat packet capture (pcap) as configured in the extended packet capture length setting.
PAN-111822
(
PA-3200, PA-5200, and PA-7000 Series firewalls only
) Fixed an intermittent issue on a firewall configured with policy-based forwarding (PBF) and symmetric return, where traffic dropped because the ARP table did not get updated.
PAN-111638
Fixed an issue where the external dynamic list did not update after a scheduled refresh of the list.
PAN-111061
A fix was made to upgrade OpenSSH software included with PAN-OS (PAN-SA-2020-0005 / CVE-2016-10012).
PAN-111052
Fixed an issue where a firewall in a virtual wire (vwire) deployment silently dropped TCP packets when the antivirus profile was enabled.
PAN-110441
(
PA-5200 Series firewall only
) Fixed an intermittent issue where the internal path monitoring failed, which caused the firewall to unexpectedly restart.
PAN-110341
Fixed an issue where the firewall sent RIP updates more frequently than expected.
PAN-110336
(
PA-3000, PA-3200, PA-5000, PA-5200, and PA-7000 Series firewalls only
) Fixed an issue where a process (
mpreplay
) restarted and caused the offload traffic to drop.
PAN-108620
Fixed an issue where Traps ESM logs were sent to the Log Collector but did not display in the web interface (
Monitor
Traps ESM
).
PAN-108575
Fixed an issue where a process (
configd
) stopped responding and displayed the following error message:
configd is down
.
PAN-108409
Fixed an issue on a firewall in a high availability (HA) active/passive configuration where scheduled dynamic updates pushed from Panorama to the managed firewalls failed.
PAN-108113
Fixed an issue where Bidirectional Forwarding Detection (BFD) did not function on a static route for which the next hop for that route was an FQDN (instead of an IP address).
PAN-108111
Fixed an issue where Bidirectional Forwarding Detection (BFD) did not function on a BGP peer that was identified using an FQDN (instead of an IP address).
PAN-107677
Fixed an issue on GlobalProtect™ where Security Assertion Markup Language (SAML) authentication failed when you used a macOS operating system.
PAN-107006
Fixed an issue where you were unable to search for service objects by destination port numbers.
PAN-106963
Fixed an issue where the firewall did not display the full URL information in the URL Filtering log (
Monitor
URL Filtering
) after a ( '\r' ) return character.
PAN-106249
(
PA-200, PA-220, and PA-800 Series firewalls only
) Fixed an issue where the
Block IP List
option, which is not supported, displayed in the administrator role profile (
Device
Admin Role
Web UI
).
PAN-104263
Fixed an issue where the RTC battery reading exceeded the maximum threshold value.
PAN-103023
Fixed an intermittent issue where a job type (
content
) caused a firewall configuration failure and the firewall to stop responding.
PAN-96827
Fixed an issue where BGP command output formats did not display consistently across different PAN-OS releases.
PAN-92155
Fixed an issue where administrators were unable to configure an IP address using templates for HA2 (
Device
High Availability
Data Link (HA2)
) after setting the configuration to
IP
or
Ethernet
for Panorama management servers in HA configuration.
PAN-85691
Fixed an issue where Authentication policy rules that were based on multi-factor authentication (MFA) didn't block connections to an MFA vendor when the MFA server profile specified a Certificate Profile that had the wrong certificate authority (CA) certificate.

Recommended For You