PAN-OS 9.1.14 Addressed Issues
PAN-OS® 9.1.14 addressed issues.
FIPS-CC enabled firewalls only) Fixed an issue where the firewall was unable to connect to log collectors after an upgrade due to missing cipher suites.
Fixed an issue where sessions were dropped with the message
resource-unavailabledue to the content inspection queue filling up.
Fixed an issue where tunnel-monitoring interface was incorrectly shown as up instead of down.
Fixed an issue where the firewall dropped packets decrypted using the SSL Decryption feature and Encapsulating Security Payload (ESP) IPSec packets that originated from the same firewall. This occurred when
Strict IP Address Checkwas enabled in the zone protection profile (
Packet Based Attack > IP Drop) and the packet's source IP address was the same as the egress interface address.
Fixed an issue where the firewall sent fewer logs to the system log server than expected. With this fix, the firewall accommodates a larger send queue for syslog forwarding to TCP syslog receivers.
Fixed an issue on FIPS-enabled devices where modifying any configuration of an existing GlobalProtect portal failed with the following error message:
Operation failed : Malformed request.
PA-5220 firewalls only) Fixed an issue where the firewall generated pause frames, which caused network latency.
Fixed an issue where, after clicking
WildFire Analysis Report, the web interface failed to display the report with the following error message:
refused to connect.
Fixed an issue with SCEP certificate enrollment where the incorrect Registration Authority (RA) certificate was chosen to encrypt the enrollment request.
Panorama appliances in HA configurations only) Fixed an issue where, when using Prisma Access multitenancy, the passive appliance didn't correctly update the tenant information after the tenant was deleted on the active appliance.
Fixed an issue with DNS cache depletion that caused continuous DNS retries.
Fixed an issue where the
brdagent_stdout.log-<datestamp>files filled up the root disk space.
Fixed an issue where, when SIP traffic traversing the firewall was sent with a high Quality of Service (QoS) differentiated service code (DSCP) value, the DSCP value was reset to the default setting (CS0) for the first data packet.
Fixed an issue where decrypting large packets introduced congestion during content inspection, which caused processes to stop responding due to missed heartbeats.
Firewalls in HA configurations only) Fixed an issue where the HA1 heartbeat backup flapped with the following error message:
Unable to send icmp packet:(errno: 105) No buffer space available.
Fixed an issue that occurred after upgrading to a PAN-OS 9.0 or later release where commits to the firewall configuration failed with the following error message:
statistics-service is invalid.
PA-3200 Series firewalls only) Fixed an issue where multiple processes stopped responding, which caused the firewall to reboot.
Fixed an issue where the following operational mode commands were not reboot persistent:
Fixed an issue where PDF summary reports were empty when they were generated by a user in a custom admin role.
M-200 and M-500 appliances only) Fixed a capacity issue that was caused by high operational activity and large configurations. This fix increases the virtual memory limit on the configd process to 32GB.
PA-220 Series firewalls only) Fixed an issue where the `runtime-state` parameter was missing in the CLI command `request high-availability sync-to-remote`.
Fixed an issue on Panorama where a commit push to managed firewalls failed with
sctp-init is invaliderror even though SCTP settings were not configured in the corresponding template.
Fixed an issue on Panorama where long FQDN queries did not resolve due to the character limit being 64 characters.
Fixed an issue where a commit-all or push to the firewall from Panorama failed with the following error message:
client routed requesting last config in the middle of a commit/validate. Aborting current commit/validate.
Firewalls in active/passive high availability configurations only) Fixed a routing table mis-sync issue where routes were missing on the passive firewall when GRE tunnels with keepalives were configured.
Fixed an issue where the session browser did not display results when filtered for IPv6 addresses with more than 31 characters.
Recommended For You
Recommended videos not found.