PAN-OS 9.0.1 Addressed Issues
PAN-OS® 9.0.1 addressed issues.
Fixed an issue on PA-5200 Series firewalls where the dataplane stopped responding due to a deadlock when you accessed the stream session table.
Fixed an issue where content installation failed and displayed the following error message:
Error: failed to handle TDB_UPDATE_BLOCK, after you upgraded to PAN-OS
A security-related fix was made to allow Online Certificate Status Protocol (OCSP) checks while disallowing HTTP calls.
Fixed an issue where the dataplane restarted when processing HTTP/2 traffic with padded DATA frames.
A security-related fix was made to address an authentication bypass vulnerability in PAN-OS Management Web Interface (CVE-2019-1572/PAN-SA-2019-0005).
Fixed an issue where an XML API response for an external dynamic list did not return invalid or ignored members after you upgraded to PAN-OS 9.0.
Fixed an issue where the firewall unintentionally generated the following system log:
Installed content package WildFire is newer than available package, skipping, when you checked for WildFire® updates.
Fixed an issue where commits to the Panorama™ configuration after you upgraded to PAN-OS 9.0 failed with the following error message:
statistics-service is invalid.
PA-7000 Series firewalls in an HA configuration only) Fixed an issue that occurred after you upgraded to PAN-OS 9.0 where some logs displayed a different rule name than the rule name associated with the universally unique identifier (UUID).
Fixed an issue on a firewall where the system log did not generate an alert for AutoFocus™ license expiry.
Fixed an issue on a firewall where the management server stopped responding when debugs were configured and you exported traffic logs (
Export to CSV
Fixed an intermittent issue where autocommits failed and Panorama stopped displaying device groups when managing a WildFire appliance that was running an earlier maintenance release of the same feature release (such as using Panorama running PAN-OS 8.1.6 to manage a WF-500 appliance that was running PAN-OS 8.1.3).
Fixed an issue where source (
) URLs, which contained double escape characters caused external dynamic list entries to display incorrect values in the policies.
Fixed an issue on Panorama M-Series and virtual appliances where a process (
configd) stopped responding when a role-based user with privacy settings disabled, viewed a scheduled report that required data anonymization.
Fixed an intermittent issue on a firewall where outbound traffic failed with an error message: (
proxy decrypt failure) when configured with HTTP Header Insertion (
HTTP Header Insertion
Fixed an issue where the tags were not set on OSPFv3 routes redistributed to BGP-3.
Fixed an issue where the firewall did not capture the number of packets in the threat packet capture (pcap) as configured in the extended packet capture length setting.
PA-3200, PA-5200, and PA-7000 Series firewalls only) Fixed an intermittent issue on a firewall configured with policy-based forwarding (PBF) and symmetric return, where traffic dropped because the ARP table did not get updated.
Fixed an issue where the external dynamic list did not update after a scheduled refresh of the list.
Fixed an issue where a firewall in a virtual wire (vwire) deployment silently dropped TCP packets when the antivirus profile was enabled.
PA-5200 Series firewall only) Fixed an intermittent issue where the internal path monitoring failed, which caused the firewall to unexpectedly restart.
Fixed an issue where the firewall sent RIP updates more frequently than expected.
PA-3000, PA-3200, PA-5000, PA-5200, and PA-7000 Series firewalls only) Fixed an issue where a process (
mpreplay) restarted and caused the offload traffic to drop.
Fixed an issue where Traps ESM logs were sent to the Log Collector but did not display in the web interface (
Fixed an issue where a process (
configd) stopped responding and displayed the following error message:
configd is down.
Fixed an issue on a firewall in a high availability (HA) active/passive configuration where scheduled dynamic updates pushed from Panorama to the managed firewalls failed.
Fixed an issue where Bidirectional Forwarding Detection (BFD) did not function on a static route for which the next hop for that route was an FQDN (instead of an IP address).
Fixed an issue where Bidirectional Forwarding Detection (BFD) did not function on a BGP peer that was identified using an FQDN (instead of an IP address).
Fixed an issue on GlobalProtect™ where Security Assertion Markup Language (SAML) authentication failed when you used a macOS operating system.
Fixed an issue where you were unable to search for service objects by destination port numbers.
Fixed an issue where the firewall did not display the full URL information in the URL Filtering log (
) after a ( '\r' ) return character.
PA-200, PA-220, and PA-800 Series firewalls only) Fixed an issue where the
Block IP Listoption, which is not supported, displayed in the administrator role profile (
Fixed an issue where the RTC battery reading exceeded the maximum threshold value.
Fixed an intermittent issue where a job type (
content) caused a firewall configuration failure and the firewall to stop responding.
Fixed an issue where BGP command output formats did not display consistently across different PAN-OS releases.
Fixed an issue where administrators were unable to configure an IP address using templates for HA2 (
) after setting the configuration to
Data Link (HA2)
Ethernetfor Panorama management servers in HA configuration.
Fixed an issue where Authentication policy rules that were based on multi-factor authentication (MFA) didn't block connections to an MFA vendor when the MFA server profile specified a Certificate Profile that had the wrong certificate authority (CA) certificate.
Recommended For You
Recommended videos not found.