PAN-OS 9.0.8 Addressed Issues

PAN-OS® 9.0.8 addressed issues.
Issue ID
Description
PAN-140575
Fixed an issue where a process (
masterd
) did not restart another process (
logrcvr
) on the Log Forwarding Card (LFC) after the process (
logrcvr
) crashed.
PAN-140509
Fixed an issue where performing private data resets during custom Amazon Machine Image (AMI) creation removed CloudWatch directories and caused the CloudWatch plugin to fail.
PAN-140270
Added additional debugging to periodically collect the
debug dataplane internal pdt bcm counters graphical
CLI command's output in the Tech Support File (TSF).
PAN-140043
(
PA-7050 firewalls running on PA-7000 100G NPCs only
) Fixed an issue where the PA-7000 100G NPC Native Implemented Function (NIF) initialization took longer than expected, which caused internal path monitoring failure and sent the firewall into a non-functional state while rebooting.
PAN-139555
Fixed an issue where after upgrading the passive firewall, the outer UDP sessions synced from the active firewall did not retain the rule information and after failover, GPRS tunneling protocol (GTP) inspection did not work.
PAN-137673
Fixed an issue where a memory leak associated with a process (
devsrvr
) caused an out-of-memory (OOM) condition on the firewall.
PAN-136765
Fixed an issue where an FQDN update that resolved to the same IP address of another FQDN across different policies caused the other FQDN to be deleted due to missing FQDN aggregation.
PAN-136612
Fixed an issue where fragmented packets leaked, which caused the depletion of Work Query Entry (WQE) pools.
PAN-136470
Fixed an issue where a process (
all_pktproc
) restarted while processing packets with 0.0.0.0 and destination protocol 251 that internally mapped to GTP-C traffic, which caused the dataplane to restart.
PAN-136173
Fixed an issue where dataplane interfaces remained down after active firewall bootup or a high availability (HA) failover.
PAN-135909
Fixed an issue where connections to the web interface were abruptly interrupted due to a double free condition (gPanUiPhpGlobal_secure_config_reset), which led to unexpected process restarts.
PAN-134571
Fixed an issue where DNS security incorrectly set bits to zero on compressed DNS packets, which caused DNS malformation.
PAN-134547
Fixed an issue where the passive firewall in an active/passive HA configuration deleted BGP-learned routes synchronized from the active firewall if the BGP configuration included the redistribution of the learned routes.
PAN-134546
Fixed a rare issue on the firewall where a process (
flow_mgmt
) restarted due to an invalid packet received through the GlobalProtect agent or clientless VPN.
PAN-134431
Fixed an issue with Security Assertion Markup Language (SAML) authentication where the firewall used old
authd_id
values, which resulted in failed authentication.
PAN-133289
Fixed an issue where improper parsing of the URL database caused high device-server CPU usage.
PAN-132898
Fixed an intermittent issue where logs were missing with
log_index
debug messages due to merging of the index.
PAN-132651
Fixed an issue where packet buffer use was at 99% and tunnel monitoring failed, which caused tunnel flaps and LDAP authentication failures.
PAN-131922
Fixed an issue where the certificate was not automatically pushed to the firewall until you manually fetched the certificate from the firewall.
PAN-131517
Fixed an issue with a memory corruption error that caused a process (
all_pktproc
) to restart.
PAN-130750
Fixed an issue where commit failed on the firewall after disabling
Pre-Defined Reports
from Panorama.
PAN-129328
Fixed an issue where packet descriptor (on-chip) usage reached 100% even though buffers, throughput, and session counts were not elevated.
PAN-129289
Fixed an issue where export failed for a large running-config.xml file using the XML API.
PAN-128568
Fixed a rare issue on the firewalls where a process (
pan_task
) restarted due to NULL pointer exception.
PAN-128330
Fixed an issue where the response for the XML API call for the
show object registered-ip all
operational CLI command included extra appended content.
PAN-128195
Fixed an issue on Panorama where processes (
vld
) ran on high CPU when the incoming system log rate was 0.
PAN-127614
Fixed an issue where SNMPv3 monitoring of the firewall failed from the Zabbix server after a firewall reboot or SNMP daemon restart on the firewall.
PAN-127358
Fixed an issue with a memory leak in a process (
configd
) where virtual memory exceeded the limit, which caused the process to restart.
PAN-127318
Fixed an issue where the firewall intermittently dropped DNS A or AAAA queries received over IPSec tunnels due to a session installation failure.
PAN-127004
Fixed an issue where a process (
sysd
) restarted due to missing heartbeats.
PAN-126205
Fixed an issue where role-based administrators were unable to import certificate private keys onto firewalls.
PAN-126069
Fixed an issue in Panorama where logs couldn't be viewed when an additional log collector was configured in the existing log collector group.
PAN-125934
Fixed an issue on Panorama where a commit failed when bootstrapping a firewall to a configuration with a serial number of "unknown." The commit failed with the following error message:
mgt-config -> devices -> unknown unknown is invalid
.
PAN-125794
Fixed an issue where a role-based administrator with CLI access was not able to successfully execute the
commit-partial
CLI command to commit only changes made by themselves.
PAN-125730
Fixed an issue where packets tagged with IP protocol 252 were incorrectly treated as GPRS tunneling protocol (GTP) traffic, which caused the packet processor to terminate.
PAN-125534
(
PA-5200 Series and PA-7000 Series firewalls only
) Fixed an issue where firewalls experienced high packet descriptor (on-chip) usage during uploads to the WildFire Cloud or WF-500 appliance.
PAN-125410
Fixed an issue where a new GPRS tunneling protocol version 2 control plane (GTPv2-C) session reused GTP-C tunnel parameters within two seconds after deleting the old GTP-C session, which caused a session conflict on the firewall.
PAN-124893
Fixed an issue where a race condition caused the FIB entry list to form a circle, which in turn caused a process (
mprelay
) to infinitely loop.
PAN-124039
A fix was made to address an issue where the GlobalProtect Portal feature in PAN-OS did not set a new session identifier after a successful user login (CVE-2020-1993).
PAN-123637
(
PA-3200 Series firewalls only
) Fixed an issue where configuring 1G small form-factor pluggable (SFP) ports on a firewall with forced speed mode (of 1G) enabled made the link unusable when forced speed mode (of 1G) was also enabled on the peer firewall.
PAN-122408
(
PA-7000b Series firewalls with LFC cards only
) Fixed an issue where the system logs would continuously report a failure to connect to the proxy for WildFire even when the connectivity was working properly.
PAN-119806
Fixed an issue in an HA configuration where the dataplane restarted due to internal packet path monitoring failure on the passive firewall.
PAN-116480
Fixed an issue in Panorama where the
show system search-engine-quota
CLI command, the
show log-collector serial-number <log-collector_SN>
CLI command, and
Statistics
(
Panorama > Managed Collectors > Statistics
) showed incorrect log retention data.
PAN-111611
Fixed an issue where the connection between the firewall and Cortex Data Lake flapped if connections decreased.
PAN-88136
Fixed a rare issue where a URL update caused the dataplane to restart.

Recommended For You