PAN-OS 9.0.8 Addressed Issues
PAN-OS® 9.0.8 addressed issues.
Fixed an issue where performing private data resets during custom Amazon Machine Image (AMI) creation removed CloudWatch directories and caused the CloudWatch plugin to fail.
Added additional debugging to periodically collect the
debug dataplane internal pdt bcm counters graphicalCLI command's output in the Tech Support File (TSF).
PA-7050 firewalls running on PA-7000 100G NPCs only) Fixed an issue where the PA-7000 100G NPC Native Implemented Function (NIF) initialization took longer than expected, which caused internal path monitoring failure and sent the firewall into a non-functional state while rebooting.
Fixed an issue where after upgrading the passive firewall, the outer UDP sessions synced from the active firewall did not retain the rule information and after failover, GPRS tunneling protocol (GTP) inspection did not work.
Fixed an issue where an FQDN update that resolved to the same IP address of another FQDN across different policies caused the other FQDN to be deleted due to missing FQDN aggregation.
Fixed an issue where fragmented packets leaked, which caused the depletion of Work Query Entry (WQE) pools.
Fixed an issue where a process (all_pktproc) restarted while processing packets with 0.0.0.0 and destination protocol 251 that internally mapped to GTP-C traffic, which caused the dataplane to restart.
Fixed an issue where dataplane interfaces remained down after active firewall bootup or a high availability (HA) failover.
Fixed an issue where connections to the web interface were abruptly interrupted due to a double free condition (gPanUiPhpGlobal_secure_config_reset), which led to unexpected process restarts.
Fixed an issue where DNS security incorrectly set bits to zero on compressed DNS packets, which caused DNS malformation.
Fixed an issue where the passive firewall in an active/passive HA configuration deleted BGP-learned routes synchronized from the active firewall if the BGP configuration included the redistribution of the learned routes.
Fixed an issue with Security Assertion Markup Language (SAML) authentication where the firewall used old
authd_idvalues, which resulted in failed authentication.
Fixed an issue where improper parsing of the URL database caused high device-server CPU usage.
Fixed an intermittent issue where logs were missing with
log_indexdebug messages due to merging of the index.
Fixed an issue where packet buffer use was at 99% and tunnel monitoring failed, which caused tunnel flaps and LDAP authentication failures.
Fixed an issue where the certificate was not automatically pushed to the firewall until you manually fetched the certificate from the firewall.
Fixed an issue where commit failed on the firewall after disabling
Pre-Defined Reportsfrom Panorama.
Fixed an issue where packet descriptor (on-chip) usage reached 100% even though buffers, throughput, and session counts were not elevated.
Fixed an issue where export failed for a large running-config.xml file using the XML API.
Fixed an issue where the response for the XML API call for the
show object registered-ip alloperational CLI command included extra appended content.
Fixed an issue where SNMPv3 monitoring of the firewall failed from the Zabbix server after a firewall reboot or SNMP daemon restart on the firewall.
Fixed an issue where the firewall intermittently dropped DNS A or AAAA queries received over IPSec tunnels due to a session installation failure.
Fixed an issue where role-based administrators were unable to import certificate private keys onto firewalls.
Fixed an issue in Panorama where logs couldn't be viewed when an additional log collector was configured in the existing log collector group.
Fixed an issue on Panorama where a commit failed when bootstrapping a firewall to a configuration with a serial number of "unknown." The commit failed with the following error message:
mgt-config -> devices -> unknown unknown is invalid.
Fixed an issue where a role-based administrator with CLI access was not able to successfully execute the
commit-partialCLI command to commit only changes made by themselves.
Fixed an issue where packets tagged with IP protocol 252 were incorrectly treated as GPRS tunneling protocol (GTP) traffic, which caused the packet processor to terminate.
PA-5200 Series and PA-7000 Series firewalls only) Fixed an issue where firewalls experienced high packet descriptor (on-chip) usage during uploads to the WildFire Cloud or WF-500 appliance.
Fixed an issue where a new GPRS tunneling protocol version 2 control plane (GTPv2-C) session reused GTP-C tunnel parameters within two seconds after deleting the old GTP-C session, which caused a session conflict on the firewall.
PA-3200 Series firewalls only) Fixed an issue where configuring 1G small form-factor pluggable (SFP) ports on a firewall with forced speed mode (of 1G) enabled made the link unusable when forced speed mode (of 1G) was also enabled on the peer firewall.
PA-7000b Series firewalls with LFC cards only) Fixed an issue where the system logs would continuously report a failure to connect to the proxy for WildFire even when the connectivity was working properly.
Fixed an issue in an HA configuration where the dataplane restarted due to internal packet path monitoring failure on the passive firewall.
Fixed an issue in Panorama where the
show system search-engine-quotaCLI command, the
show log-collector serial-number <log-collector_SN>CLI command, and
Panorama > Managed Collectors > Statistics) showed incorrect log retention data.
Fixed an issue where the connection between the firewall and Cortex Data Lake flapped if connections decreased.
Fixed a rare issue where a URL update caused the dataplane to restart.
Recommended For You
Recommended videos not found.