PAN-OS 9.1.14 Addressed Issues

PAN-OS® 9.1.14 addressed issues.
Issue ID
Description
PAN-189665
(
FIPS-CC enabled firewalls only
) Fixed an issue where the firewall was unable to connect to log collectors after an upgrade due to missing cipher suites.
PAN-189468
Fixed an issue where sessions were dropped with the message
resource-unavailable
due to the content inspection queue filling up.
PAN-189010
Fixed an issue on Panorama where a deadlock in the configd process caused both the web interface and the CLI to be inaccessible.
PAN-188336
Fixed an issue with the dnsproxyd process that caused the firewall to unexpectedly reboot.
PAN-187151
Fixed an issue where tunnel-monitoring interface was incorrectly shown as up instead of down.
PAN-186937
Fixed an issue where the firewall dropped packets decrypted using the SSL Decryption feature and Encapsulating Security Payload (ESP) IPSec packets that originated from the same firewall. This occurred when
Strict IP Address Check
was enabled in the zone protection profile (
Packet Based Attack > IP Drop
) and the packet's source IP address was the same as the egress interface address.
PAN-185616
Fixed an issue where the firewall sent fewer logs to the system log server than expected. With this fix, the firewall accommodates a larger send queue for syslog forwarding to TCP syslog receivers.
PAN-184621
Fixed an issue on FIPS-enabled devices where modifying any configuration of an existing GlobalProtect portal failed with the following error message:
Operation failed : Malformed request
.
PAN-184068
(
PA-5220 firewalls only
) Fixed an issue where the firewall generated pause frames, which caused network latency.
PAN-183826
Fixed an issue where, after clicking
WildFire Analysis Report
, the web interface failed to display the report with the following error message:
refused to connect
.
PAN-183788
Fixed an issue with SCEP certificate enrollment where the incorrect Registration Authority (RA) certificate was chosen to encrypt the enrollment request.
PAN-182173
(
Panorama appliances in HA configurations only
) Fixed an issue where, when using Prisma Access multitenancy, the passive appliance didn't correctly update the tenant information after the tenant was deleted on the active appliance.
PAN-181039
Fixed an issue with DNS cache depletion that caused continuous DNS retries.
PAN-180147
Fixed an issue where the
bcm.log
and
brdagent_stdout.log-<datestamp>
files filled up the root disk space.
PAN-177671
Fixed an issue where, when SIP traffic traversing the firewall was sent with a high Quality of Service (QoS) differentiated service code (DSCP) value, the DSCP value was reset to the default setting (CS0) for the first data packet.
PAN-177063
Fixed an issue where decrypting large packets introduced congestion during content inspection, which caused processes to stop responding due to missed heartbeats.
PAN-177133
(
Firewalls in HA configurations only
) Fixed an issue where the HA1 heartbeat backup flapped with the following error message:
Unable to send icmp packet:(errno: 105) No buffer space available
.
PAN-176703
Fixed an issue that occurred after upgrading to a PAN-OS 9.0 or later release where commits to the firewall configuration failed with the following error message:
statistics-service is invalid
.
PAN-176437
(
PA-3200 Series firewalls only
) Fixed an issue where multiple processes stopped responding, which caused the firewall to reboot.
PAN-175883
Fixed an issue where the following operational mode commands were not reboot persistent:
  • set system setting ctd pkt-proc-loop-low <value>
  • set system setting ctd pkt-proc-loop-high <value>
  • set system setting ctd max-sess-hash-limit <value>
PAN-175509
Fixed an issue where a deadlock on
CONFIG_LOCK
caused both the web interface and CLI commands to time out until the mgmtsrvr process was restarted.
PAN-175161
Fixed an issue where changing SSL connection validation settings for system logs caused the mgmtsrvr process to stop responding.
PAN-175016
Fixed an issue where PDF summary reports were empty when they were generated by a user in a custom admin role.
PAN-174998
(
M-200 and M-500 appliances only
) Fixed a capacity issue that was caused by high operational activity and large configurations. This fix increases the virtual memory limit on the configd process to 32GB.
PAN-174988
(
PA-220 Series firewalls only
) Fixed an issue where the `runtime-state` parameter was missing in the CLI command `request high-availability sync-to-remote`.
PAN-172766
Fixed an issue on Panorama where a commit push to managed firewalls failed with
sctp-init is invalid
error even though SCTP settings were not configured in the corresponding template.
PAN-171104
Fixed an issue where a race-condition check returned a false negative, which caused a process (all_task) to stop responding and generate a core file.
PAN-166368
Fixed an issue on Panorama where long FQDN queries did not resolve due to the character limit being 64 characters.
PAN-163245
Fixed an issue where a commit-all or push to the firewall from Panorama failed with the following error message:
client routed requesting last config in the middle of a commit/validate. Aborting current commit/validate
.
PAN-162047
(
Firewalls in active/passive high availability configurations only
) Fixed a routing table mis-sync issue where routes were missing on the passive firewall when GRE tunnels with keepalives were configured.
PAN-152026
Fixed an issue where the session browser did not display results when filtered for IPv6 addresses with more than 31 characters.

Recommended For You