PAN-OS 9.1.1 Addressed Issues

PAN-OS® 9.1.1 addressed issues.
Issue ID
Description
WF500-5185
(
WF-500 Series only
) Fixed an issue where high disk use was observed due to an inadequate rotation of log files.
WF500-5137
Fixed an issue where the
show wildfire global last-device-registration all
CLI command incorrectly returned an error message:
Failed
, even when you registered the firewall correctly.
PAN-133329
Fixed an issue on Panorama where when viewing
Unused
Rule Usage in Policy Optimizer, devices without a hit count had the incorrect date and time instead of displaying no values. Now, if the rule has not been used, the dates and times are displayed with a hyphen (-).
PAN-133048
(
PA-5200 and PA-7000 Series only
) Fixed an issue where traffic was processed asymmetrically when using Internet Protocol (IP) classifiers on virtual wire (vwire) subinterfaces.
PAN-133040
Fixed an issue on WF-500 where a VM-Series firewall controller crashed, which caused the WF-500 to stop file analysis.
PAN-132449
Fixed an issue where the
pan_task
process crashed when debug was set as
debug dataplane packet-diag set log counter flow_fwd_drop_noxmit
.
PAN-130262
Fixed a rare issue where 200 OK messages were dropped during the offload of traffic for App-ID inspection.
PAN-129692
Fixed an issue where VM-Series firewalls on Microsoft Azure experienced traffic latency due to an incompatible driver.
PAN-129658
Fixed an issue where GTP inspection stopped functioning after unrelated changes in policy and a commit followed by a high availability (HA) failover.
PAN-128269
(
PA-5250, PA-5260, and PA-5280 firewalls with 100GB AOC cables only
) Fixed an issue where after you upgraded the first peer in a high availability (HA) configuration to a PAN-OS 9.0 release, the High Speed Chassis Interconnect (HSCI) port did not come up due to an FEC mismatch until after you finished upgrading the second peer.
PAN-125122
A fix was made to address a cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS and Panorama that disclosed an authenticated PAN-OS administrator's PAN-OS session cookie (CVE-2020-2013).
PAN-124212
Fixed an issue where DHCP configuration was overriding the maximum transmission unit (MTU) information set on the management interface by the user.
PAN-120350
Fixed an issue where an Address Resolution Protocol (ARP) broadcast storm potentially overloaded the Log Processing Card (LPC) and caused the device to reboot.
PAN-120105
Fixed an issue where email header information intermittently was not present in threat logs.
PAN-118091
Fixed an issue where application dependency warnings were displayed after a commit when the policy rules containing the dependent applications used different sources (one used user and the other used groups).
PAN-116383
Fixed an issue with Panorama on AWS where the configuration of the high availability (HA) pair became out of sync due to different plugin versions being detected even though the same versions were installed on both peers.
PAN-111611
Fixed an issue where the connection between the firewall and Cortex Data Lake flapped if connections decreased.
PAN-108992
A fix was made to address an improper authorization vulnerability in PAN-OS (CVE-2020-1998).
PAN-100734
A fix was made to address a buffer flow vulnerability in the PAN-OS management interface where authenticated users were able to crash system processes or execute arbitrary code with root privileges (CVE-2020-2015).
PAN-100415
A fix was made to address an external control of filename vulnerability in the command processing of PAN-OS (CVE-2020-2003).

Recommended For You