PAN-OS 9.0.2 Addressed Issues

PAN-OS® 9.0.2 addressed issues.
Issue ID
Description
WF500-5023
Fixed an issue on WF-500 appliances where the cluster service took longer than expected to start due to a large number of queued sample data.
WF500-5022
Fixed an issue where a non-functioning CLI command was removed from WF-500 appliances.
WF500-4974
Fixed an issue on a WF-500 appliance where the static analysis results displayed in the PDF report but did not display in the WildFire® analysis summary of the web interface.
WF500-4844
Fixed an issue on WildFire appliance clusters where the passive-controller responded with the incorrect Common Name (CN) in the certificate, which caused the registration to fail.
WF500-4838
Fixed an intermittent issue on a WF-500 appliance where WildFire reports took longer than expected to generate, which caused the task to automatically timeout.
WF500-4784
Fixed an issue on a WF-500 appliance where during a reboot, the following error message displayed:
FATAL: module nbd not found
.
WF500-4743
Fixed an intermittent issue on a WF-500 appliance where the CLI command
debug wildfire reset global-database fix
became unresponsive.
PAN-118065
(
M-Series Panorama™ management servers in Management Only mode
) When you delete the local Log Collector (
Panorama
Managed Collectors
), it disables the 1/1 ethernet interface in the Panorama configuration as expected but the interface still displays as Up when you execute the
show interface all
command in the CLI after you commit.
Workaround:
Disable the 1/1 ethernet interface before you delete the local log collector and then commit the configuration change.
PAN-116919
(
Microsoft Azure only
) Fixed an issue where the firewall dropped packets passing through IPSec tunnels if you enabled jumbo frames (
Device
Setup
Session
Session Settings
).
PAN-116658
Fixed a rare issue where the firewall sent HTTP/2 DATA frames with incorrect padding byte lengths, which caused software buffer corruption and a process (
all_pktproc
) to stop responding.
PAN-116316
Fixed an issue where RTP and RTCP predict sessions failed, which caused the firewall to stop processing RTSP-based video streaming.
PAN-116084
Fixed an issue where a VM-Series firewall on Microsoft Azure deployed using MMAP dropped traffic when the firewall was experiencing heavy traffic.
PAN-115592
Fixed an issue where the firewall rebooted due to a plugin memory leak.
PAN-115591
Fixed an issue where the snmpd process was leaking memory when polling for global counters.
PAN-114984
Fixed OpenSSL vulnerability CVE-2019-1559, see PAN-SA-2019-0039 for details.
PAN-114893
Fixed an issue where a context switch from Panorama to a firewall did not respond as expected when a web browser was used.
PAN-114804
Fixed an issue where a configuration change resets to "default" when you conducted a search in the Categories (
Objects
URL Filtering
Categories
) web interface.
PAN-114601
Fixed an issue where the Allow List (
Device
Setup
Authentication Setting
<authentication profile - name>
Authentication
) did not update after you added new users to a group in the Active Directory.
PAN-114255
Fixed an issue where Bidirectional Forwarding Detection (BFD) went down temporarily during a commit or EDL refresh if you configured a large value for the BFD Hold Time.
PAN-114003
Fixed an issue on a Panorama management server running PAN-OS 9.0 where a context switch to firewalls did not respond.
PAN-113829
Fixed an issue where, after you upgraded the firewall to PAN-OS® 9.0, a firewall configured from "none" to "allow" in the custom URL category reverted to "none" after a commit.
PAN-113692
Fixed an intermittent issue on a firewall in a high availability (HA) active/passive configuration where five minutes after a failover test IP routes disappeared, which caused traffic interruptions.
PAN-113608
Fixed an issue on a firewall with packet capture (pcap) enabled where the log receiver stopped responding when larger than expected packets were received.
PAN-113414
Fixed an issue where the User-ID™ (
useridd
) process stopped responding.
PAN-112815
Fixed an issue on a firewall in an HA active/passive configuration where a process (
useridd
) did not respond to the alternate user attribute (
Device
User Identification
Group Mapping Settings
<group mapping-name>
User and Group Attributes
) on the passive firewall during a restart.
PAN-112814
Fixed an issue where H.323-based calls lost audio because the predicted H.245 session was not converted to Active status, which caused the firewall to drop the H.245 traffic.
PAN-112729
Fixed an issue on Panorama M-Series and virtual appliances where Decrypted Sessions Info (
Panorama
Managed Devices
Health
All Devices
<device-name>
Sessions
) did not display as expected for VM-Series firewalls.
PAN-112699
(
VM-Series firewall on AWS running on a C5 or M5 instance only
) Fixed an issue where you were unable use the
mgmt-interface-swap
command to swap the interfaces for deploying a VM-Series firewall behind a web load balancer (such as AWS ALB or Classic ELB).
PAN-112626
Fixed an issue where a new DNS Security subscription was not available on your VM-Series firewall after you upgraded to a PAN-OS 9.0
®
release with a PAYG Bundle 2 license.
PAN-112445
Fixed an issue on a firewall in an HA active/passive configuration where a race condition caused the firewall to stop responding after an HA1 link flap.
PAN-112340
Fixed an issue with performance, including high CPU usage, that occurred when you enabled URL Filtering without enabling Threat Prevention in an environment that processes a large number (thousands) of URL look-ups per second per dataplane.
PAN-112194
Fixed an issue where packet buffers did not release GlobalProtect™ clientless VPN packets, which caused the firewall to stop responding.
PAN-111679
Fixed an issue where URL filtering profiles were being incorrectly applied to security policies during a commit.
PAN-111553
Fixed an issue on the Panorama management server where the
Include Device and Network Templates
setting (
Commit
Push to Devices
Edit Selections
or
Commit
Commit and Push
Edit Selections
) was disabled by default and caused your push attempts to fail. With this fix, your push will
Include Device and Network Templates
by default.
PAN-111540
Fixed an issue on PA-5200 Series firewalls where the dataplane stopped responding when the session table was full.
PAN-111251
Fixed an issue where administrators were unable to use the CLI to enable or disable DNS Rewrite under a Destination NAT policy rule (they were able to execute the command but the firewall did not implement the change).
PAN-110390
Fixed an issue on PA-7000 Series firewalls where invalid filters caused the device management server to stop responding when you generated a database (DB) report from a remote firewall.
PAN-110273
Fixed an issue where you were unable to establish OSPF neighborship when an OSPF routing protocol was configured with MD5 authentication and one of the firewalls was restarted.
PAN-109672
Fixed an issue on a VM-Series firewall in an HA active/passive configuration where the passive firewall received buffered packets while in an idle state when the data plane development kit (DPDK) is enabled.
PAN-109344
Fixed an issue where service objects did not import into Panorama when you configured them identically but with different names.
PAN-108374
Fixed an issue on GlobalProtect where you were unable to authenticate when the domain name included the ampersand ( "&" ) character.
PAN-106518
Fixed an issue on Panorama M-Series and virtual appliances where predefined DHCP options did not accept template variables when you configured a DHCP server for a template.
PAN-101341
Fixed an issue where administrators configured with
Device Group and Template Admin
type were unable to perform a global search and returned the following message:
Unauthorized request.

Recommended For You