PAN-OS 9.1.2 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
End-of-Life (EoL)
PAN-OS 9.1.2 Addressed Issues
PAN-OS® 9.1.2 addressed issues.
Issue ID | Description |
---|---|
WF500-5343 | Fixed an issue on WF-500 that caused cloud
queries to fail when the cloud verdict did not match the local verdict. |
PAN-142084 | Fixed an issue where upgrading a Panorama
management server deployed on Amazon Web Services (AWS) using a
C5 or M5 instance type to PAN-OS 9.1.1 caused the Panorama Virtual
Appliance to stop responding. |
PAN-140509 | Fixed an issue where performing private
data resets during custom Amazon Machine Image (AMI) creation removed
CloudWatch directories and caused the CloudWatch plugin to fail. |
PAN-140157 | A fix was made to address a vulnerability
where the password for a configured system proxy server for a PAN-OS
appliance was displayed in cleartext when using the CLI in PAN-OS (CVE-2020-2048). |
PAN-138003 | Fixed an issue where a process (rasmgr)
exited, which caused the firewall to reboot due to a null pointer
dereference error when usr_info was
null. |
PAN-137709 | Fixed an issue where dynamic DNS (DDNS)
failed due to a Lua script error. |
PAN-137191 | Fixed an issue where the Custom
URL Category default action changed from allow to none after upgrading
to PAN-OS 9.1.0. |
PAN-136724 | Fixed an issue with a process (snmpd)
and booting errors. |
PAN-136698 | Fixed an issue where a process (all_pktproc) stopped
responding and the dataplane restarted when the firewall processed
a malformed GPRS tunneling protocol (GTP) packet. |
PAN-136696 | Fixed an issue where the dataplane restarted
due to excessive logs from the pan_comm process. |
PAN-136608 | Fixed an issue in Panorama where the Security
policy Target displayed the serial number
of the targeted device instead of the hostname. |
PAN-136607 | Fixed an issue with GPRS tunneling protocol
(GTP) event packet capture (pcap) where enabling Packet Capture did
not work. |
PAN-136453 | Fixed an issue where performing a private
data reset using the request system private-data-reset CLI
command caused the unit to boot into maintenance mode. |
PAN-136390 | (PA-7000 Series with 100GB NPC only)
Fixed an issue during firewall bootup where the following error
message: Bootloader upgrade failed, ret 255 appeared
when small form-factor pluggable (SPF) modules were installed. |
PAN-136304 | Fixed an issue where clientless VPN rewrite
failed due to incorrect parsing of the HTML webpage. |
PAN-135909 | Fixed an issue where connections leading
to the web interface were abruptly interrupted due to a double free
condition (gPanUiPhpGlobal_secure_config_reset), which led to unexpected process
restarts and core file generation. |
PAN-135703 | (PA-7000 Series firewalls only)
Fixed an issue where the switch ports connected to Quad Small Form-factor
Pluggable (QSFP+) interfaces were up while Network Processing Cards
(NPCs) were still rebooting. |
PAN-135587 | Fixed an issue where the GlobalProtect gateway
was unable to parse a large list of IP addresses assigned on a local
machine. |
PAN-135570 | Fixed an issue where management access to
a VM-Series firewall deployed in Amazon Web Services (AWS) cloud
was slow due to high disk input/output (I/O) operations caused by
expired Large Scale VPN (LSVPN) certificates. |
PAN-135452 | Fixed an issue where configuration related
to virtual machine (VM) information sources caused a process (userid)
to crash, which led to a firewall reboot. |
PAN-135260 | (PA-7000 Series firewalls running PAN-OS®
8.1.12 only) Fixed an intermittent issue where the dataplane
process (all_pktproc_X) on a Network Processing Card
(NPC) restarted when processing IPSec tunnel traffic. |
PAN-135141 | Fixed an issue where the Log Processing
Card (LPC) did not come up intermittently in a fully loaded PA-7000
Series. |
PAN-135103 | A fix was made to address a format string
vulnerability on PA-7000 Series firewalls with a Log Forwarding
Card (LFC) (CVE-2020-1992). |
PAN-135089 | Fixed an issue where the CPU for a process (ikemgr)
spiked when third-party VPN clients connected to the GlobalProtect
gateway with more than three DNS servers configured. |
PAN-135039 | Fixed an issue in Panorama where a memory
leak occurred during a high availability (HA) sync commit. |
PAN-134981 | Fixed an issue with a memory leak in a process (user-id)
due to failed LDAP over SSL (LDAPS) requests. |
PAN-134810 | Fixed an issue where Resolve in
the web interface did not work for FQDN address objects with more
than 63 characters. |
PAN-134714 | Fixed an issue where Safe Search was not
enabled after an application change. |
PAN-134571 | Fixed an issue where DNS security incorrectly
set bits to zero on compressed DNS packets, which caused DNS malformation. |
PAN-134547 | Fixed an issue where the passive firewall
in an active/passive high availability (HA) configuration deleted
BGP-learned routes synchronized from the active firewall if the
BGP configuration included the redistribution of the learned routes. |
PAN-134546 | Fixed a rare issue on the firewall where
a process (flow_mgmt) restarted due to an invalid packet received
through the GlobalProtect agent or clientless VPN. |
PAN-134488 | Fixed an issue where a process (all_pktproc) crashed
while processing Clientless VPN traffic. |
PAN-134370 | Fixed an issue where a process (mp-relay) restarted
due to missing routes or next hops. |
PAN-134309 | Fixed an issue where a process (devsrvr) restarted
when it hit the limit of the number of custom patterns available in
the allocated memory. |
PAN-134244 | Fixed an issue where connections proxied
by the firewall (such as SSL Decryption, GlobalProtect portal and
gateway connections, and SIP over TCP) failed due to insufficient
buffer allocation. Some connections failed with the following error
message: proxy decrypt failure. |
PAN-134038 | Fixed an issue where custom signatures did
not properly detect the User-Agent header when the Origin header
was also present. |
PAN-133915 | Fixed an issue on Panorama where configuring
a BGP import rule from the CLI failed with the following error message: Server error : permission denied for the command set. |
PAN-133912 | Fixed an issue where querying traffic logs
based on address objects and address groups did not work. |
PAN-133883 | Fixed an issue where a race condition caused
"pan_task" and "pan_com" to exit unexpectedly. |
PAN-133880 | Fixed an issue where RADIUS authentication
failed due to an FQDN resolution failure after the VM-Series firewall
rebooted. |
PAN-133731 | Fixed an issue on the Panorama Virtual Appliance
where the show interface all CLI command
did not list any output. |
PAN-133614 | Fixed an issue on the Panorama Virtual Appliance
where SNMP Object IDs (OIDs) were missing for interfaces other than
the Management interface. |
PAN-133609 | Fixed an issue where the Authentication
Portal did not work due to a large number of HTTP requests with
unsupported Authorization headers. |
PAN-133582 | Fixed an issue in the firewalls where some
Dynamic Address Groups pushed from Panorama were missing member
IP addresses. |
PAN-133527 | A fix was made to address a NULL pointer
dereference vulnerability in PAN-OS (CVE-2020-1995). |
PAN-133491 | Fixed an issue where Internet Protocol (IP)
to user mappings were not synced from the HUB virtual system (vsys)
to the non-hub vsys. |
PAN-133440 | Fixed an issue where fragmented traffic
caused high dataplane use and firewall performance issues. |
PAN-133411 | Fixed an issue where after making configuration
changes and selecting Preview Changes, a
500 Internal Server Error message displayed due to a memory leak. |
PAN-133378 | Fixed an issue in Panorama where a process (configd)
restarted while doing a commit using a RADIUS super admin role. |
PAN-133289 | Fixed an issue where improper parsing of
the URL database caused high device-server CPU usage. |
PAN-133288 | Fixed an issue where the API key limit in
the *HTTP server profile was 128 characters. |
PAN-133211 | Fixed an issue where the policy order was
not maintained when moved to a different device group. |
PAN-133179 | Fixed a rare issue where the show ntp CLI
command showed the status as rejected even when the NTP was synced
with at least one NTP server. |
PAN-133042 | (PA-5200 and PA-7000 Series firewalls
only) Fixed an issue where firewalls dropped certain GPRS tunneling
protocol (GTP) traffic even when gtp nodrop was enabled. |
PAN-132995 | (PA-7000 Series and PA-3200 Series firewalls
only) Fixed an issue where when jumbo frames were enabled,
the maximum transmission unit (MTU) size limit was lower than expected. |
PAN-132766 | Fixed an issue in Panorama where custom
region objects were not visible in the GlobalProtect Portal External Gateway drop-down. |
PAN-132715 | Fixed an issue where a child dynamic address
group was not added as a member of the parent group. |
PAN-132697 | Fixed an issue where the GlobalProtect portal
did not generate certificate signing requests (CSRs) due to failed
Simple Certificate Enrollment Protocol (SCEP) authentication cookie
validation. |
PAN-132658 | Fixed an issue where a nullification method
for steam control transmission protocol (SCTP) data chunks did not
work. |
PAN-131993 | Fixed an issue where a process (reportd)
would crash while running a log query. |
PAN-131501 | Fixed an issue when configuring Clientless
VPN and executing the portal-getconfig CLI
command where user groups were retrieved but were not freed, which
caused a memory leak on a process (sslvpn). |
PAN-131491 | Fixed an issue where the ACC risk
meter displayed as zero for long time periods with a large amount
of logs. |
PAN-130776 | Fixed an issue on Panorama where Applications
and Threats content update deployment failed due to the content
version date check. |
PAN-130573 | Fixed an issue where the software pool for
Regex results was depleted and caused connection failures. |
PAN-130447 | Fixed an issue where the firewall dropped
offloaded traffic every time there was an explicit commit (Commit on the
firewall locally or Commit All Changes in Panorama)
or an implicit commit (such as an Antivirus update, Dynamic Update,
or WildFire® update) on the firewall. |
PAN-129281 | Fixed an issue where a process (useridd) restarted
due to a buffer overflow when the time-to-live (TTL) and Idle
Timeout values were set to Never,
a timing issue between user group context and a process (sysd)
callback, and a group mapping issue when multiple group mappings
fetched the same groups with different override domains. |
PAN-128879 | Fixed an issue where the PAN-OS XML API
inject was not working for IP address to user mappings or for the
import of software, content, and plugins. |
PAN-128398 | Fixed an issue where performing a factory
reset or enabling FIPS mode would cause the VM-Series plugin to
revert to the default VM-Series plugin 1.0.0. |
PAN-127438 | Fixed an issue where GlobalProtect portal
configuration selection based on certificate template OID failed. |
PAN-127260 | Fixed an issue where the /opt/pancfg partition
became full due to a large amount of botnet reports that were not
automatically deleted. |
PAN-125534 | (PA-5200 Series and PA-7000 Series firewalls
only) Fixed an issue where firewalls experienced high packet
descriptor (on-chip) usage during uploads to the WildFire Cloud
or WF-500 appliance. |
PAN-125501 | Fixed an issue where URL information in
a URL Custom Report was blank when the report contained
flexible size fields (such as URL Category List). |
PAN-124658 | Fixed an issue where the timer system call
activated more frequently than expected, which caused higher than
expected CPU usage. |
PAN-123637 | (PA-3200 Series firewalls only)
Fixed an issue where configuring 1G small form-factor pluggable
(SFP) ports on the firewall in forced speed mode (of 1G) rendered
the link unusable when the peer device also had forced speed mode
(of 1G) enabled. |
PAN-122004 | (PA-5200 Series firewalls only)
Fixed an issue where the Quad Small Form-factor Pluggable (QSFP)
28 ports 21 and 22 did not respond when plugged in with a Finisar
100G AOC cable. |
PAN-121626 | (PA-3200 Series firewalls only)
Fixed an intermittent issue where firewalls dropped packets, which
caused issues such as traffic latency, slow file transfers, reduced
throughput, internal path monitoring failures, and application failures. |
PAN-119452 | An enhancement was made to improve subsequent
loading times of device groups after the first load. |
PAN-117043 | Fixed an issue where using special characters
in the tag names of the Security policy rules returned the following
error message when committing or pushing a configuration: group-tag is invalid. |
PAN-116480 | Fixed an issue in Panorama where the show system search-engine-quota CLI
command, the show log-collector serial-number <log-collector_SN> CLI
command, and Statistics (Panorama
> Managed Collectors > Statistics) showed incorrect
log retention data. |
PAN-116002 | Fixed an issue where an incorrect optimization
could cause IP address-to-user mapping to not update within 60 seconds. |
PAN-114966 | Fixed an issue where trunk interfaces were
not working on Hyper-V. |
PAN-114533 | Fixed an issue where traffic was blocked
by safe search enforcement before matching the intended allow rule. |
PAN-110960 | Fixed an issue on Panorama M-Series and
virtual appliances where commits failed when you configured an address
group object in the Include List (Network > Zone > <zone-name>
> Include List). |
PAN-110441 | (PA-5200 Series firewall only)
Fixed an intermittent issue where the internal path monitoring failed,
which caused the firewall to unexpectedly restart. |
PAN-107207 | Fixed an issue where the VPN tunnel operational
status incorrectly displays "up" even though the VPN tunnel is down. |
PAN-98933 | Fixed an issue on an M-Series appliances
in a high availability (HA) active/passive configuration where the
schedules (Device > Dynamic Updates) were unresponsive after
a failover or restart of Panorama. |
PAN-88136 | Fixed a rare issue where a URL update caused
the dataplane to restart. |