PAN-OS 9.1.14 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
End-of-Life (EoL)
PAN-OS 9.1.14 Addressed Issues
PAN-OS® 9.1.14 addressed issues.
Issue ID | Description |
---|---|
PAN-189665 | (FIPS-CC enabled firewalls only)
Fixed an issue where the firewall was unable to connect to log collectors
after an upgrade due to missing cipher suites. |
PAN-189468 | Fixed an issue where the firewall onboard
packet processor used by the PAN-OS content-inspection (CTD) engine
can generate high dataplane resource usage when overwhelmed by a
session with an unusually high number of packets. This can result
in resource-unavailable messages due to
the content inspection queue filling up. Factors related to the likelihood
of an occurrence include enablement of content-inspection based
features that are configured in such a way that might process thousands
of packets in rapid succession (such as SMB file transfers). This
can cause poor performance for the affected session and other sessions
using the same packet processor. PA-3000 series and VM-Series firewalls
are not impacted. |
PAN-189010 | Fixed an issue on Panorama where a deadlock
in the configd process caused both the web interface
and the CLI to be inaccessible. |
PAN-188336 | Fixed an issue with the dnsproxyd process
that caused the firewall to unexpectedly reboot. |
PAN-187151 | Fixed an issue where tunnel-monitoring interface
was incorrectly shown as up instead of down. |
PAN-186937 | Fixed an issue where the firewall dropped
packets decrypted using the SSL Decryption feature and Encapsulating
Security Payload (ESP) IPSec packets that originated from the same
firewall. This occurred when Strict IP Address Check was
enabled in the zone protection profile (Packet Based
Attack > IP Drop) and the packet's source IP address
was the same as the egress interface address. |
PAN-185616 | Fixed an issue where the firewall sent fewer
logs to the system log server than expected. With this fix, the
firewall accommodates a larger send queue for syslog forwarding
to TCP syslog receivers. |
PAN-184621 | Fixed an issue on FIPS-enabled devices where
modifying any configuration of an existing GlobalProtect portal
failed with the following error message: Operation failed : Malformed request. |
PAN-184068 | (PA-5220 firewalls only) Fixed
an issue where the firewall generated pause frames, which caused
network latency. |
PAN-183826 | Fixed an issue where, after clicking WildFire Analysis
Report, the web interface failed to display the report
with the following error message: refused to connect. |
PAN-183788 | Fixed an issue with SCEP certificate enrollment
where the incorrect Registration Authority (RA) certificate was
chosen to encrypt the enrollment request. |
PAN-182173 | (Panorama appliances in HA configurations
only) Fixed an issue where, when using Prisma Access multitenancy,
the passive appliance didn't correctly update the tenant information
after the tenant was deleted on the active appliance. |
PAN-181039 | Fixed an issue with DNS cache depletion
that caused continuous DNS retries. |
PAN-180147 | Fixed an issue where the bcm.log and brdagent_stdout.log-<datestamp> files
filled up the root disk space. |
PAN-177671 | Fixed an issue where, when SIP traffic traversing
the firewall was sent with a high Quality of Service (QoS) differentiated
service code (DSCP) value, the DSCP value was reset to the default
setting (CS0) for the first data packet. |
PAN-177063 | Fixed an issue where decrypting large packets
introduced congestion during content inspection, which caused processes
to stop responding due to missed heartbeats. |
PAN-177133 | (Firewalls in HA configurations only)
Fixed an issue where the HA1 heartbeat backup flapped with the following
error message: Unable to send icmp packet:(errno: 105) No buffer space available. |
PAN-176703 | Fixed an issue that occurred after upgrading
to a PAN-OS 9.0 or later release where commits to the firewall configuration
failed with the following error message: statistics-service is invalid. |
PAN-176437 | (PA-3200 Series firewalls only)
Fixed an issue where multiple processes stopped responding, which
caused the firewall to reboot. |
PAN-175883 | Fixed an issue where the following operational
mode commands were not reboot persistent:
|
PAN-175509 | Fixed an issue where a deadlock on CONFIG_LOCK caused
both the web interface and CLI commands to time out until the mgmtsrvr process
was restarted. |
PAN-175161 | Fixed an issue where changing SSL connection
validation settings for system logs caused the mgmtsrvr process
to stop responding. |
PAN-175016 | Fixed an issue where PDF summary reports
were empty when they were generated by a user in a custom admin
role. |
PAN-174998 | (M-200 and M-500 appliances only)
Fixed a capacity issue that was caused by high operational activity
and large configurations. This fix increases the virtual memory
limit on the configd process to 32GB. |
PAN-174988 | (PA-220 Series firewalls only)
Fixed an issue where the `runtime-state` parameter was missing in
the CLI command `request high-availability sync-to-remote`. |
PAN-172766 | Fixed an issue on Panorama where a commit
push to managed firewalls failed with sctp-init is invalid error
even though SCTP settings were not configured in the corresponding
template. |
PAN-171104 | Fixed an issue where a race-condition check
returned a false negative, which caused a process (all_task)
to stop responding and generate a core file. |
PAN-166368 | Fixed an issue on Panorama where long FQDN
queries did not resolve due to the character limit being 64 characters. |
PAN-163245 | Fixed an issue where a commit-all or push
to the firewall from Panorama failed with the following error message: client routed requesting last config in the middle of a commit/validate. Aborting current commit/validate. |
PAN-162047 | (Firewalls in active/passive high availability
configurations only) Fixed a routing table mis-sync issue where
routes were missing on the passive firewall when GRE tunnels with
keepalives were configured. |
PAN-152026 | Fixed an issue where the session browser
did not display results when filtered for IPv6 addresses with more
than 31 characters. |
PAN-130172 | Fixed an issue where Dynamic User Group
lists were missing after disabling group-mapping configurations
under that virtual system (vsys). |