PAN-OS 9.0.2 Addressed Issues
PAN-OS® 9.0.2 addressed issues.
Fixed an issue on WF-500 appliances where the cluster service took longer than expected to start due to a large number of queued sample data.
Fixed an issue where a non-functioning CLI command was removed from WF-500 appliances.
Fixed an issue on a WF-500 appliance where the static analysis results displayed in the PDF report but did not display in the WildFire® analysis summary of the web interface.
Fixed an issue on WildFire appliance clusters where the passive-controller responded with the incorrect Common Name (CN) in the certificate, which caused the registration to fail.
Fixed an intermittent issue on a WF-500 appliance where WildFire reports took longer than expected to generate, which caused the task to automatically timeout.
Fixed an issue on a WF-500 appliance where during a reboot, the following error message displayed:
FATAL: module nbd not found.
Fixed an intermittent issue on a WF-500 appliance where the CLI command
debug wildfire reset global-database fixbecame unresponsive.
M-Series Panorama™ management servers in Management Only mode) When you delete the local Log Collector (
), it disables the 1/1 ethernet interface in the Panorama configuration as expected but the interface still displays as Up when you execute the
show interface allcommand in the CLI after you commit.
Workaround:Disable the 1/1 ethernet interface before you delete the local log collector and then commit the configuration change.
Microsoft Azure only) Fixed an issue where the firewall dropped packets passing through IPSec tunnels if you enabled jumbo frames (
Fixed a rare issue where the firewall sent HTTP/2 DATA frames with incorrect padding byte lengths, which caused software buffer corruption and a process (
all_pktproc) to stop responding.
Fixed an issue where RTP and RTCP predict sessions failed, which caused the firewall to stop processing RTSP-based video streaming.
Fixed an issue where a VM-Series firewall on Microsoft Azure deployed using MMAP dropped traffic when the firewall was experiencing heavy traffic.
Fixed an issue where the firewall rebooted due to a plugin memory leak.
Fixed an issue where the snmpd process was leaking memory when polling for global counters.
Fixed an issue where a context switch from Panorama to a firewall did not respond as expected when a web browser was used.
Fixed an issue where a configuration change resets to "default" when you conducted a search in the Categories (
) web interface.
Fixed an issue where the Allow List (
) did not update after you added new users to a group in the Active Directory.
<authentication profile - name>
Fixed an issue where Bidirectional Forwarding Detection (BFD) went down temporarily during a commit or EDL refresh if you configured a large value for the BFD Hold Time.
Fixed an issue on a Panorama management server running PAN-OS 9.0 where a context switch to firewalls did not respond.
Fixed an issue where, after you upgraded the firewall to PAN-OS® 9.0, a firewall configured from "none" to "allow" in the custom URL category reverted to "none" after a commit.
Fixed an intermittent issue on a firewall in a high availability (HA) active/passive configuration where five minutes after a failover test IP routes disappeared, which caused traffic interruptions.
Fixed an issue on a firewall with packet capture (pcap) enabled where the log receiver stopped responding when larger than expected packets were received.
Fixed an issue where the User-ID™ (
useridd) process stopped responding.
Fixed an issue on a firewall in an HA active/passive configuration where a process (
useridd) did not respond to the alternate user attribute (
) on the passive firewall during a restart.
Group Mapping Settings
User and Group Attributes
Fixed an issue where H.323-based calls lost audio because the predicted H.245 session was not converted to Active status, which caused the firewall to drop the H.245 traffic.
Fixed an issue on Panorama M-Series and virtual appliances where Decrypted Sessions Info (
) did not display as expected for VM-Series firewalls.
VM-Series firewall on AWS running on a C5 or M5 instance only) Fixed an issue where you were unable use the
mgmt-interface-swapcommand to swap the interfaces for deploying a VM-Series firewall behind a web load balancer (such as AWS ALB or Classic ELB).
Fixed an issue where a new DNS Security subscription was not available on your VM-Series firewall after you upgraded to a PAN-OS 9.0
®release with a PAYG Bundle 2 license.
Fixed an issue on a firewall in an HA active/passive configuration where a race condition caused the firewall to stop responding after an HA1 link flap.
Fixed an issue with performance, including high CPU usage, that occurred when you enabled URL Filtering without enabling Threat Prevention in an environment that processes a large number (thousands) of URL look-ups per second per dataplane.
Fixed an issue where packet buffers did not release GlobalProtect™ clientless VPN packets, which caused the firewall to stop responding.
Fixed an issue where URL filtering profiles were being incorrectly applied to security policies during a commit.
Fixed an issue on the Panorama management server where the
Include Device and Network Templatessetting (
Push to Devices
) was disabled by default and caused your push attempts to fail. With this fix, your push will
Commit and Push
Include Device and Network Templatesby default.
Fixed an issue on PA-5200 Series firewalls where the dataplane stopped responding when the session table was full.
Fixed an issue where administrators were unable to use the CLI to enable or disable DNS Rewrite under a Destination NAT policy rule (they were able to execute the command but the firewall did not implement the change).
Fixed an issue on PA-7000 Series firewalls where invalid filters caused the device management server to stop responding when you generated a database (DB) report from a remote firewall.
Fixed an issue where you were unable to establish OSPF neighborship when an OSPF routing protocol was configured with MD5 authentication and one of the firewalls was restarted.
Fixed an issue on a VM-Series firewall in an HA active/passive configuration where the passive firewall received buffered packets while in an idle state when the data plane development kit (DPDK) is enabled.
Fixed an issue where service objects did not import into Panorama when you configured them identically but with different names.
Fixed an issue on GlobalProtect where you were unable to authenticate when the domain name included the ampersand ( "&" ) character.
Fixed an issue on Panorama M-Series and virtual appliances where predefined DHCP options did not accept template variables when you configured a DHCP server for a template.
Fixed an issue where administrators configured with
Device Group and Template Admintype were unable to perform a global search and returned the following message:
Recommended For You
Recommended videos not found.