PAN-OS 9.1.1 Addressed Issues

PAN-OS® 9.1.1 addressed issues.
Issue ID
WF-500 Series only
) Fixed an issue where high disk use was observed due to an inadequate rotation of log files.
Fixed an issue where the
show wildfire global last-device-registration all
CLI command incorrectly returned an error message:
, even when you registered the firewall correctly.
Fixed an issue where uploads for custom logos failed.
Fixed an issue on Panorama where when viewing
Rule Usage in Policy Optimizer, devices without a hit count had the incorrect date and time instead of displaying no values. Now, if the rule has not been used, the dates and times are displayed with a hyphen (-).
PA-5200 and PA-7000 Series only
) Fixed an issue where traffic was processed asymmetrically when using Internet Protocol (IP) classifiers on virtual wire (vwire) subinterfaces.
Fixed an issue on WF-500 where a VM-Series firewall controller crashed, which caused the WF-500 to stop file analysis.
Fixed an issue where the pan_task process crashed when debug was set as
debug dataplane packet-diag set log counter flow_fwd_drop_noxmit
Fixed a rare issue where 200 OK messages were dropped during the offload of traffic for App-ID inspection.
Fixed an issue where VM-Series firewalls on Microsoft Azure experienced traffic latency due to an incompatible driver.
Fixed an issue where GTP inspection stopped functioning after unrelated changes in policy and a commit followed by a high availability (HA) failover.
PA-5250, PA-5260, and PA-5280 firewalls with 100GB AOC cables only
) Fixed an issue where after you upgraded the first peer in a high availability (HA) configuration to a PAN-OS 9.0 release, the High Speed Chassis Interconnect (HSCI) port did not come up due to an FEC mismatch until after you finished upgrading the second peer.
A fix was made to address a cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS and Panorama that disclosed an authenticated PAN-OS administrator's PAN-OS session cookie (CVE-2020-2013).
Fixed an issue where DHCP configuration was overriding the maximum transmission unit (MTU) information set on the management interface by the user.
Fixed an issue where an Address Resolution Protocol (ARP) broadcast storm potentially overloaded the Log Processing Card (LPC) and caused the device to reboot.
Fixed an issue where email header information intermittently was not present in threat logs.
Fixed an issue where application dependency warnings were displayed after a commit when the policy rules containing the dependent applications used different sources (one used user and the other used groups).
Fixed an issue with Panorama on AWS where the configuration of the high availability (HA) pair became out of sync due to different plugin versions being detected even though the same versions were installed on both peers.
Fixed an issue where the connection between the firewall and Cortex Data Lake flapped if connections decreased.
A fix was made to address an improper authorization vulnerability in PAN-OS (CVE-2020-1998).
A fix was made to address a buffer flow vulnerability in the PAN-OS management interface where authenticated users were able to crash system processes or execute arbitrary code with root privileges (CVE-2020-2015).
A fix was made to address an external control of filename vulnerability in the command processing of PAN-OS (CVE-2020-2003).

Recommended For You