PAN-OS 9.1.13 Addressed Issues

PAN-OS® 9.1.13 addressed issues.
Issue ID
Fixed an issue where cloud queries failed, which generated system logs. The issue occurred because a hash was not found in the cloud.
Fixed an issue where, after upgrading Panorama, when
Share Unused Address and Service Objects with Devices
was unchecked, address objects using tags to dynamic address groups were removed after a full commit.
Fixed an issue where a memory utilization condition resulted in the web interface responding more slowly than expected and management server restarting.
Fixed an issue where Panorama was inaccessible due to the configd process not responding.
Fixed an issue where the CTD loop count wasn't accurately incremented.
Fixed an issue on high availability configurations where, after upgrading to PAN-OS 9.1.10, PAN-OS 10.0.6, or PAN-OS 10.1.0, the high availability (HA1) and HA1-Backup link stayed down. This issue occurred when the peer firewall IP address was in a different subnet.
Fixed an issue where a web-proxy port number was added to the destination URL when captive portal authentication was run.
Fixed an issue where, after rebooting the firewall, FQDN address objects referred in rules in a virtual system (vsys) did not resolve when the vsys used a custom DNS proxy.
A fix was made to address a vulnerability that enabled an authenticated network-based administrator to upload a specifically created configuration that disrupted system processes and was able to execute arbitrary code with root privileges when the configuration was committed (CVE-2022-0024).
Fixed an intermittent issue where users did not have access to resources due to a host information profile (HIP) check failure that was caused by the HIP data not being synced between the management plane and the dataplane.
PA-5200 Series firewalls only
) Fixed an issue where the firewall was unable to monitor AUX1 and AUX2 interfaces through SNMP.
Fixed a memory leak issue in the (mgmtsrvr) process.
Fixed an issue where the firewall did not send an SMTP 541 error message to the email client after detecting a malicious file attachment.
Fixed an out-of-memory (OOM) condition that occurred due to multiple parallel jobs being created by the scheduled log export feature.
Fixed an issue where a sudden increase in URL data approached the maximum cache capacity of the firewall.
Fixed an intermittent issue where websites were blocked and categorized as not resolved.
VM-Series firewalls in NSX-T deployments only
) Fixed an issue where deployments dropped packets with the counter
pan_netx_send_pkt error
Fixed an intermittent issue where the firewall didn't generate block URL logs for URLs even though the websites were blocked in the client device.
Fixed an issue where a HIP database cache loop caused high CPU utilization on a process (useridd) and caused IP address-to-user mapping redistribution failure.
Fixed an issue where NetFlow traffic triggered a packet buffer leak.
VM-Series firewalls only
) The logging rate limit was improved to prevent log loss.
Fixed an issue where FQDN service routes were not installed after a system reboot.
Fixed script issues that caused diagnostic data to not be collected after path monitor failure.
Fixed an issue where information level logs caused configd logs to fill.
Fixed an issue where DNS signatures did not trigger.
Fixed an issue where, after installing Cloud Services plugin 2.0, the
Plugin cloud_services
status (
Dashboard > High Availability
) displayed as
Fixed an issue where restarting the devsrvr process caused new GlobalProtect connections to fail with the error message
required client certificate not found
. This issue occurred due to a key mismatch between the dataplane and the management plane.
Fixed an interoperability issue with other vendors when IKEv2 used SHA2-based certificate authentication.
Fixed an issue where the following error message displayed in the system log after restarting the firewall:
dns-signature initialization from file storage failed, start with empty cache
Fixed an issue where scheduled configuration export files saved in the /tmp folder weren't periodically purged, which caused the root partition to fill up.
Fixed an issue where a .txt file was corrupted, which caused the web interface to not display the requested information.
Fixed an issue where timed-out DNS Security queries produced incorrect system log entries indicating
cloud service connection refused
. With this fix, timed-out queries are correctly logged as
cloud query timeout
Fixed an OOM condition on the dataplane on FIPS-mode firewall decryption that used DHE ciphers.
Fixed an issue where SMB sessions were discarded with the following error message:
ctd out of resource
Fixed an issue where the following error message appeared:
Error: pan_tdb_load_sml_dfa_serialize(pan_tdb_ser.c:2424): pan_util_file_to_buf /opt/pancfg/mgmt/content//cache/common//sml_dfa.cache.ser error
, even though the cache file got regenerated if it was missing.
Fixed an issue where Panorama did not show warnings of the last commit job.
PA-3200 Series firewalls only
) Fixed an issue where the firewall stopped recording dataplane diagnostic data in dp-monitor.log after a few hours of uptime.

Recommended For You