PAN-OS 9.1.12 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 9.1 (EoL)
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
-
- Changes to Default Behavior
- Limitations
-
-
- PAN-OS 9.1.19 Known Issues
- PAN-OS 9.1.18 Known Issues
- PAN-OS 9.1.17 Known Issues
- PAN-OS 9.1.16 Known Issues
- PAN-OS 9.1.15 Known Issues
- PAN-OS 9.1.14 Known Issues
- PAN-OS 9.1.13 Known Issues
- PAN-OS 9.1.12 Known Issues
- PAN-OS 9.1.11 Known Issues
- PAN-OS 9.1.10 Known Issues
- PAN-OS 9.1.9 Known Issues
- PAN-OS 9.1.8 Known Issues
- PAN-OS 9.1.7 Known Issues
- PAN-OS 9.1.6 Known Issues
- PAN-OS 9.1.5 Known Issues
- PAN-OS 9.1.4 Known Issues
- PAN-OS 9.1.3 Known Issues
- PAN-OS 9.1.2 Known Issues
- PAN-OS 9.1.1 Known Issues
-
-
- PAN-OS 9.1.19 Addressed Issues
- PAN-OS 9.1.18 Addressed Issues
- PAN-OS 9.1.17-h1 Addressed Issues
- PAN-OS 9.1.17 Addressed Issues
- PAN-OS 9.1.16-h5 Addressed Issues
- PAN-OS 9.1.16-h4 Addressed Issues
- PAN-OS 9-1-16-h3 Addressed Issues
- PAN-OS 9.1.16 Addressed Issues
- PAN-OS 9.1.15-h1 Addressed Issues
- PAN-OS 9.1.15 Addressed Issues
- PAN-OS 9.1.14-h8 Addressed Issues
- PAN-OS 9.1.14-h7 Addressed Issues
- PAN-OS 9.1.14-h4 Addressed Issues
- PAN-OS 9.1.14-h1 Addressed Issues
- PAN-OS 9.1.14 Addressed Issues
- PAN-OS 9.1.13-h5 Addressed Issues
- PAN-OS 9.1.13-h4 Addressed Issues
- PAN-OS 9.1.13-h3 Addressed Issues
- PAN-OS 9.1.13-h1 Addressed Issues
- PAN-OS 9.1.13 Addressed Issues
- PAN-OS 9.1.12-h7 Addressed Issues
- PAN-OS 9.1.12-h6 Addressed Issues
- PAN-OS 9.1.12-h4 Addressed Issues
- PAN-OS 9.1.12-h3 Addressed Issues
- PAN-OS 9.1.12 Addressed Issues
- PAN-OS 9.1.11-h5 Addressed Issues
- PAN-OS 9.1.11-h4 Addressed Issues
- PAN-OS 9.1.11-h3 Addressed Issues
- PAN-OS 9.1.11-h2 Addressed Issues
- PAN-OS 9.1.11 Addressed Issues
- PAN-OS 9.1.10 Addressed Issues
- PAN-OS 9.1.9 Addressed Issues
- PAN-OS 9.1.8 Addressed Issues
- PAN-OS 9.1.7 Addressed Issues
- PAN-OS 9.1.6 Addressed Issues
- PAN-OS 9.1.5 Addressed Issues
- PAN-OS 9.1.4 Addressed Issues
- PAN-OS 9.1.3-h1 Addressed Issues
- PAN-OS 9.1.3 Addressed Issues
- PAN-OS 9.1.2-h1 Addressed Issues
- PAN-OS 9.1.2 Addressed Issues
- PAN-OS 9.1.1 Addressed Issues
- PAN-OS 9.1.0 Addressed Issues
End-of-Life (EoL)
PAN-OS 9.1.12 Addressed Issues
PAN-OS® 9.1.12 addressed issues.
Issue ID | Description |
|---|---|
PAN-181076 | Fixed an issue where commit failures occurred
when an External Dynamic List (EDL) that contained many IP addresses
was used in a Security policy. |
PAN-179750 | A CLI command was added to set the virtual
memory limit in dedicated log collectors. |
PAN-179581 | Fixed an issue on firewalls in high availability
configurations where a process (brdagent) stopped responding
on a suspended active peer, which caused the suspended firewall
to continue sending traffic. |
PAN-179356 | (5200-Series firewalls only) Fixed
an issue where configuration commits failed due to the dataplane
running out of memory in the policy cache. |
PAN-178953 | Fixed an issue with the GlobalProtect Clientless
VPN where, when an application sent a negative max age value on
a cookie, part of the cookie was retained by PAN-OS and used for
the subsequent connection on the user session. |
PAN-178363 | Fixed an issue where a process (mgmtsrvr) wasn't
restarted after the virtual memory limit was exceeded. |
PAN-176862 | (VM-Series firewalls only) Fixed
an issue where the firewall didn't attempt to connect to a log collector
when the management IP address used DHCP. |
PAN-176461 | Fixed an issue where a process (mdb)
stopped responding after downgrading from a PAN-OS 9.1 release to
an earlier release due to discrepancies in the mongodb process version. Note:
To utilize this fix, first install a PAN-OS 9.0 release on the web
interface, and then, prior to reboot, run the following CLI command: debug mongo clear instance mdb. |
PAN-176364 | Fixed an issue where multiple operations
(such as a commit or dynamic updates) failed due to a race condition
in the cryptod fallback mechanism. |
PAN-176131 | Fixed an issue where the Simple Network
Management Protocol (SNMP) object identifier (OID) for panSessionCps did
not show the correct session count. |
PAN-176032 | Fixed an issue where a process (authd)
process stopped responding, which caused authentication to fail. |
PAN-175934 | Fixed an issue where packed-based zone protection
settings (such as Strict IP Address Check) were not applied to return
traffic. |
PAN-175652 | Fixed an issue where SSL decryption failed
for websites when they were accessed from Google Chrome version
92 or higher. |
PAN-175307 | Fixed an issue where Panorama commits were
slower than expected and the configd process stopped
responding due to a memory leak. |
PAN-174894 | Fixed an issue where, when the time-to-live
(TTL) value for symmetric MAC entries weren't updated to other dataplanes
and HA peers, timeouts occurred for traffic using policy-based forwarding
(PBF) with symmetric returns. |
PAN-174886 | Fixed an issue where scheduled customer
reports displayed as empty when the configured destination was an
address group. |
PAN-174864 | Fixed an issue on the Panorama interface
where Deploying Master Key to low-end devices resulted
in a Failed to communicate message, even
when the new master key was updated on the end device. This issue
occurred because a master key deployment had insufficient time to
process due to a connection timeout. |
PAN-174161 | Fixed an issue in Panorama that occurred
when attempting to disable override on an
object from a child device group did not work after cloning and
renaming the object. |
PAN-174055 | Fixed an issue where SNMP readings reported
as 0 for dataplane interface packet statistics for Amazon Web Services
(AWS) m5n.4xlarge instance types. This issue occurred because the
physical port counters read from MAC addresses were reported as
0. |
PAN-173978 | Fixed an issue where the Elasticsearch process
continuously restarted if zero-length files were present. |
PAN-173893 | Fixed a memory leak issue related to the (useridd)
process that occurred when group mapping is enabled. |
PAN-173753 | Fixed an issue where a bar or point on a Network Monitor graph
had to be clicked more than once to properly redirect to the corresponding
ACC report. |
PAN-173545 | Fixed an issue where exporting a device
summary to CSV failed and displayed the following error message: Error while exporting. |
PAN-173509 | Fixed an issue where Superuser administrators
with read-only privileges (Device > Administrators and
Panorama > Administrators) were unable to view the hardware
ACL blocking setting and duration in the CLI using the following commands:
|
PAN-173157 | Fixed an issue with the HA1 monitor hold
timer where the configured value was not assigned to the HA1 backup
interface, which used the default hold timer (3000 milliseconds),
which resulted in failover events taking longer than expected. |
PAN-173076 | (Panorama appliances in FIPS mode only)
Fixed an issue where the FIPS Panorama / FIPS firewall schema didn't
prune non-FIPS options from the GlobalProtect Clientless VPN. |
PAN-172834 | Fixed a memory leak issue related to the useridd process
that occurred when processing IP-address-to-username mappings. |
PAN-172783 | Fixed an issue on an HA active/passive configuration
where old GPRS tunneling protoc0l (GTP-U) tunnel sessions did not
sync to the passive firewall during some upgrades, such as upgrading
from a PAN-OS 8.1 release version to a 9.0 release version or upgrading
from a 9.0 release version to a 9.1 release version. |
PAN-172775 | Fixed an issue in Panorama where the configd process
stopped responding due to a memory issue with memcpy bson_append. |
PAN-172748 | (VM-Series firewalls only) Fixed
an issue where a process (all_task) stopped responding. |
PAN-172396 | Fixed a memory leak issue related to the useridd process. |
PAN-172324 | Fixed an issue on the Panorama web interface
where custom vulnerability signature IDs weren't populated in the
drop-down when creating a custom combination signature. |
PAN-172316 | Fixed an issue where the internal interface
flow control that caused the monitoring process to incorrectly determine
the interface to be malfunctioning. |
PAN-172200 | Fixed an issue where a process (configd) restarted
due to memory corruption in the show dynamic-address-group CLI
command during commits, commit and push operations, and high availability
Panorama syncs. |
PAN-171696 | (PA-800 and PA-400 Series firewalls
and PA-220 firewalls only) Fixed an issue where the management
plane CPU was incorrectly reported to be high. |
PAN-171367 | Fixed an issue in active/active HA configuration
where session disconnected during an upgrade from a PAN-OS 9.0 release
to a PAN-OS 9.1 release. |
PAN-171203 | Fixed an issue in an HA configuration where,
when one firewall was active and its peer was in a suspended state,
the suspended firewall continued to send traffic, which triggered
the detection of duplicate MAC addresses. |
PAN-171159 | Fixed a memory leak on the configd process
on Panorama caused during multi-clone operations for rules. |
PAN-170936 | Fixed an issue where the firewall egressed
offloaded frames out of order after an explicit commit (Commit on
the firewall or Commit All Changes on Panorama) or
an implicit comment such as an Antivirus update, Dynamic Update,
or WildFire update. Note This issue
persists for a network-related configuration and commit. |
PAN-170595 | Fixed an issue with Content and Threat Detection
where traffic patterns created a bus error, which caused the all_pktproc process
to stop responding and the dataplane to restart. |
PAN-170466 | Fixed an memory reference issue related
to the devsrvr process that caused the process to stop responding. |
PAN-169899 | Fixed an issue on firewalls with offload
processors where the ECMP forced symmetric return feature didn't
work for CRE traffic after the session was offloaded. |
PAN-169347 | Fixed an issue where a process (authd)
stopped responding due to an invalid null pointer. |
PAN-169300 | Debug logs were added to troubleshoot WildFire
submission issues. |
PAN-169173 | Fixed an issue where, if you continuously
performed partial commits of a configuration with a high number
of Dynamic Address Groups, Panorama became unresponsive and commits
were slower than expected. |
PAN-168261 | Fixed a cosmetic issue where the WildFire
submission log displayed the sha256 of
the original email link. |
PAN-168189 | Fixed an issue where, even when there was
active multicast traffic, the firewall sent Protocol Independent
Multicast (PIM) prune messages. |
PAN-167560 | Fixed an issue where the Panorama appliance
didn't return inherited device group locations pertaining to Security
policies for REST API queries. |
PAN-167329 | Fixed an issue where Zero Touch Provisioning
(ZTP) flow did not complete. |
PAN-167115 | Fixed an issue where, after upgrading to
10.0.3, admin sessions on Panorama were not logged out after the
idle timeout expired. |
PAN-167087 | Fixed an issue where the focus was not set
on the free text field when requesting a token code on the Authentication
Portal. |
PAN-166686 | Fixed an issue where EDNS responses dropped
when the original request was DNS. |
PAN-166202 | Fixed an issue with an extra character in
HTTP Strict Transport Security (HSTS) regression tests when accessing
the GlobalProtect gateway. |
PAN-166180 | Fixed an issue with snmpv3 trap not processed
by snmptrap receiver after firewall reboot. |
PAN-166091 | Fixed an issue where the firewall dropped
policy-based forwarding (PBF) keepalive responses. |
PAN-165433 | Fixed an intermittent issue where Cortex
Data Lake failed to reconnect after a disconnect if a management
IP address used for logging had an IP address assignment type of
DHCP. |
PAN-165147 | Fixed an issue where, when there was a high
volume of traffic for sessions with Application Block
Pages enabled, other regular packets were dropped. |
PAN-162374 | Fixed an issue where the firewall rebooted
unexpectedly and displayed the following message: Reboot SYSTEM REBOOT Masterd Initiated. |
PAN-162174 | Fixed an issue where, when the firewall
received a configuration from Panorama with no URL category, it
was automatically configured as Any. |
PAN-161964 | Fixed an issue where email header from fields
in threat logs were truncated due to line folding in the original
message. |
PAN-161940 | Fixed an issue where the firewall did not
honor the peer RX interval timeout in a Bidirectional Forwarding
Detection (BFD) INIT state. |
PAN-161726 | Fixed an issue where the show high-availability all output
incorrectly displayed the VM-Series firewall license type on physical
firewalls. |
PAN-161496 | Fixed an issue when calculating the incremental
checksum after a post-NAT translation where the arguments to pan_in_cksm32_diff overflowed
the 32-bit integer. |
PAN-161031 | Fixed an issue where authentication via
LDAP server failed in FIPS-CC mode when the LDAP server profile
was configured with the root certificate chain and Verify
server certificate for SSL sessions options enabled. |
PAN-160708 | Fixed an issue where the dataplane restarted
after configuring a deny_all policy. |
PAN-158931 | Fixed an issue where the email header subject field
in the threat logs were truncated due to line folding in the original
message. |
PAN-158753 | (Panorama virtual appliances in Legacy
mode only) Fixed an issue where GlobalProtect logs were not
forwarded to the external syslog server over TCP. |
PAN-158056 | Fixed an issue where DDNS updates generated
contradictory system logs, the first displaying that the update
failed with critical severity and the second displaying that the
update was successful. |
PAN-157365 | (PA-7050 firewalls only) Fixed
an issue where a process (all_pktproc) stopped responding
after an upgrade. |
PAN-156478 | Fixed an issue where a process (allpktproc) restarted
while processing SMTP traffic. |
PAN-155448 | Fixed an issue where credential detection
didn't work in IP address-to-username mapping mode because the firewall
compared the unnormalized IP-address-to-username mapping format
to the normalized username extracted from the payload where the
username and password were submitted. |
PAN-154305 | Fixed an issue where a process (mgmtsrvr) stopped
responding when a license fetch operation was performed. |
PAN-153527 | Fixed an issue where DNS security wasn't
triggered when the DNS Security profile was incorrectly internally
duplicated to a null DNS Security profile. |
PAN-151264 | Fixed an issue where using the ampersand
(&) character in URLs submitted via XML API caused an error. |
PAN-150848 | Fixed an issue where the firewall dropped
TCP FIN traffic due to the server-to-client FIN traffic being out
of order. |
PAN-150445 | Fixed an issue where the firewall did not
translate IP addresses in Layer 7 payloads as per NAT translation
for Oracle Application Server traffic. |
PAN-149314 | Fixed an issue where lookup of a security
rule with a custom URL category on a multi-virtual system (vsys)
failed when vsys<id>+ was not in
the beginning the category name. |
PAN-148554 | Fixed an issue where the user was able to
bypass URL credential phishing by changing the username from lower
case to upper case. |
PAN-147256 | (Firewalls in HA configurations only)
Fixed an issue where connections to the SafeNet hardware security
module (HSM) were lost after upgrading to a new major PAN-OS release. |
PAN-147228 | Fixed an issue where an application's domain
name didn't resolve if the cache was disabled on the DNS Proxy object
being used in the GlobalProtect Clientless VPN. |
PAN-145833 | (PA-3200 Series firewalls only)
Fixed an issue where the firewall stopped recording dataplane diagnostic
data in dp-monitor.log after a few hours of uptime. |
PAN-144340 | (PA-7000 Series firewalls only)
Fixed an issue where some slots in the firewall did not get registered
as up in a process (useridd), which caused the process
to ignore IP address-to-user mappings to those slots. |
PAN-141454 | Fixed an issue where the output of the CLI
command show running resource-monitor ingress-backlogs displayed
an incorrect total utilization value. |
PAN-141037 | Fixed an issue where Windows-1252 encoded
filenames triggered an Unknown Binary File (52081) type signature. |
PAN-129147 | Fixed an intermittent issue on the web interface
where new threat IDs did not appear under Exception settings (Objects
> Security Profiles > Anti-Spyware > Exceptions or Objects
> Security Profiles > Vulnerability Protection > Exceptions). |
PAN-128590 | Fixed an issue where connection collisions
occurred between BGP peers. |
PAN-123935 | (PA-3200 Series firewalls only)
Fixed an issue where packets with a specific MAC address were misinterpreted
as 802.1QA tunneled packets, which resulted in incorrect VLAN tags
that caused the packets to be dropped. |
PAN-119198 | Fixed an issue where ECMP strict-source-path did
not work with IPSec. |
PAN-113046 | (PA-5200 Series firewalls only)
Fixed an issue where a process (brdagent) stopped responding,
which caused the management plane to stop responding. |
PAN-112674 | Fixed an issue where an escape ( \ ) character
was added to HTTP logs when a log contained a comma. |