PAN-OS 9.1.2 Addressed Issues
PAN-OS® 9.1.2 addressed issues.
Fixed an issue on WF-500 that caused cloud queries to fail when the cloud verdict did not match the local verdict.
Fixed an issue where upgrading a Panorama management server deployed on Amazon Web Services (AWS) using a C5 or M5 instance type to PAN-OS 9.1.1 caused the Panorama Virtual Appliance to stop responding.
Fixed an issue where performing private data resets during custom Amazon Machine Image (AMI) creation removed CloudWatch directories and caused the CloudWatch plugin to fail.
Fixed an issue where dynamic DNS (DDNS) failed due to a Lua script error.
Fixed an issue where the
Custom URL Categorydefault action changed from
noneafter upgrading to PAN-OS 9.1.0.
Fixed an issue in Panorama where the Security policy
Targetdisplayed the serial number of the targeted device instead of the hostname.
Fixed an issue with GPRS tunneling protocol (GTP) event packet capture (pcap) where enabling
Packet Capturedid not work.
Fixed an issue where performing a private data reset using the
request system private-data-resetCLI command caused the unit to boot into maintenance mode.
PA-7000 Series with 100GB NPC only) Fixed an issue during firewall bootup where the following error message:
Bootloader upgrade failed, ret 255appeared when small form-factor pluggable (SPF) modules were installed.
Fixed an issue where clientless VPN rewrite failed due to incorrect parsing of the HTML webpage.
Fixed an issue where connections leading to the web interface were abruptly interrupted due to a double free condition (gPanUiPhpGlobal_secure_config_reset), which led to unexpected process restarts and core file generation.
PA-7000 Series firewalls only) Fixed an issue where the switch ports connected to Quad Small Form-factor Pluggable (QSFP+) interfaces were up while Network Processing Cards (NPCs) were still rebooting.
Fixed an issue where the GlobalProtect gateway was unable to parse a large list of IP addresses assigned on a local machine.
Fixed an issue where management access to a VM-Series firewall deployed in Amazon Web Services (AWS) cloud was slow due to high disk input/output (I/O) operations caused by expired Large Scale VPN (LSVPN) certificates.
PA-7000 Series firewalls running PAN-OS® 8.1.12 only) Fixed an intermittent issue where the dataplane process (all_pktproc_X) on a Network Processing Card (NPC) restarted when processing IPSec tunnel traffic.
Fixed an issue where the Log Processing Card (LPC) did not come up intermittently in a fully loaded PA-7000 Series.
Fixed an issue in Panorama where a memory leak occurred during a high availability (HA) sync commit.
Fixed an issue where
Resolvein the web interface did not work for FQDN address objects with more than 63 characters.
Fixed an issue where Safe Search was not enabled after an application change.
Fixed an issue where DNS security incorrectly set bits to zero on compressed DNS packets, which caused DNS malformation.
Fixed an issue where the passive firewall in an active/passive high availability (HA) configuration deleted BGP-learned routes synchronized from the active firewall if the BGP configuration included the redistribution of the learned routes.
Fixed an issue where connections proxied by the firewall (such as SSL Decryption, GlobalProtect portal and gateway connections, and SIP over TCP) failed due to insufficient buffer allocation. Some connections failed with the following error message:
proxy decrypt failure.
Fixed an issue where custom signatures did not properly detect the User-Agent header when the Origin header was also present.
Fixed an issue on Panorama where configuring a BGP import rule from the CLI failed with the following error message:
Server error : permission denied for the command set.
Fixed an issue where querying traffic logs based on address objects and address groups did not work.
Fixed an issue where a race condition caused "pan_task" and "pan_com" to exit unexpectedly.
Fixed an issue where RADIUS authentication failed due to an FQDN resolution failure after the VM-Series firewall rebooted.
Fixed an issue on the Panorama Virtual Appliance where the
show interface allCLI command did not list any output.
Fixed an issue on the Panorama Virtual Appliance where SNMP Object IDs (OIDs) were missing for interfaces other than the
Fixed an issue where the Authentication Portal did not work due to a large number of HTTP requests with unsupported Authorization headers.
Fixed an issue in the firewalls where some Dynamic Address Groups pushed from Panorama were missing member IP addresses.
Fixed an issue where Internet Protocol (IP) to user mappings were not synced from the HUB virtual system (vsys) to the non-hub vsys.
Fixed an issue where fragmented traffic caused high dataplane use and firewall performance issues.
Fixed an issue where after making configuration changes and selecting
Preview Changes, a 500 Internal Server Error message displayed due to a memory leak.
Fixed an issue where improper parsing of the URL database caused high device-server CPU usage.
Fixed an issue where the policy order was not maintained when moved to a different device group.
Fixed a rare issue where the
show ntpCLI command showed the status as rejected even when the NTP was synced with at least one NTP server.
PA-5200 and PA-7000 Series firewalls only) Fixed an issue where firewalls dropped certain GPRS tunneling protocol (GTP) traffic even when
gtp nodropwas enabled.
PA-7000 Series and PA-3200 Series firewalls only) Fixed an issue where when jumbo frames were enabled, the maximum transmission unit (MTU) size limit was lower than expected.
Fixed an issue in Panorama where custom region objects were not visible in the GlobalProtect Portal
Fixed an issue where a child dynamic address group was not added as a member of the parent group.
Fixed an issue where the GlobalProtect portal did not generate certificate signing requests (CSRs) due to failed Simple Certificate Enrollment Protocol (SCEP) authentication cookie validation.
Fixed an issue where a nullification method for steam control transmission protocol (SCTP) data chunks did not work.
Fixed an issue where the
ACCrisk meter displayed as zero for long time periods with a large amount of logs.
Fixed an issue on Panorama where Applications and Threats content update deployment failed due to the content version date check.
Fixed an issue where the software pool for Regex results was depleted and caused connection failures.
Fixed an issue where the firewall dropped offloaded traffic every time there was an explicit commit (
Commiton the firewall locally or
Commit All Changesin Panorama) or an implicit commit (such as an Antivirus update, Dynamic Update, or WildFire® update) on the firewall.
Fixed an issue where a process (useridd) restarted due to a buffer overflow when the time-to-live (TTL) and
Idle Timeoutvalues were set to
Never, a timing issue between user group context and a process (sysd) callback, and a group mapping issue when multiple group mappings fetched the same groups with different override domains.
Fixed an issue where the PAN-OS XML API inject was not working for IP address to user mappings or for the import of software, content, and plugins.
Fixed an issue where performing a factory reset or enabling FIPS mode would cause the VM-Series plugin to revert to the default VM-Series plugin 1.0.0.
Fixed an issue where GlobalProtect portal configuration selection based on certificate template OID failed.
Fixed an issue where the /opt/pancfg partition became full due to a large amount of botnet reports that were not automatically deleted.
PA-5200 Series and PA-7000 Series firewalls only) Fixed an issue where firewalls experienced high packet descriptor (on-chip) usage during uploads to the WildFire Cloud or WF-500 appliance.
Fixed an issue where URL information in a URL
Custom Reportwas blank when the report contained flexible size fields (such as
URL Category List).
Fixed an issue where the timer system call activated more frequently than expected, which caused higher than expected CPU usage.
PA-3200 Series firewalls only) Fixed an issue where configuring 1G small form-factor pluggable (SFP) ports on the firewall in forced speed mode (of 1G) rendered the link unusable when the peer device also had forced speed mode (of 1G) enabled.
PA-5200 Series firewalls only) Fixed an issue where the Quad Small Form-factor Pluggable (QSFP) 28 ports 21 and 22 did not respond when plugged in with a Finisar 100G AOC cable.
PA-3200 Series firewalls only) Fixed an intermittent issue where firewalls dropped packets, which caused issues such as traffic latency, slow file transfers, reduced throughput, internal path monitoring failures, and application failures.
An enhancement was made to improve subsequent loading times of device groups after the first load.
Fixed an issue where using special characters in the tag names of the Security policy rules returned the following error message when committing or pushing a configuration:
group-tag is invalid.
Fixed an issue in Panorama where the
show system search-engine-quotaCLI command, the
show log-collector serial-number <log-collector_SN>CLI command, and
Panorama > Managed Collectors > Statistics) showed incorrect log retention data.
Fixed an issue where an incorrect optimization could cause IP address-to-user mapping to not update within 60 seconds.
Fixed an issue where trunk interfaces were not working on Hyper-V.
Fixed an issue where traffic was blocked by safe search enforcement before matching the intended allow rule.
Fixed an issue on Panorama M-Series and virtual appliances where commits failed when you configured an address group object in the Include List (
Network > Zone > <zone-name> > Include List).
PA-5200 Series firewall only) Fixed an intermittent issue where the internal path monitoring failed, which caused the firewall to unexpectedly restart.
Fixed an issue where the VPN tunnel operational status incorrectly displays "up" even though the VPN tunnel is down.
Fixed an issue on an M-Series appliances in a high availability (HA) active/passive configuration where the schedules (
Device > Dynamic Updates) were unresponsive after a failover or restart of Panorama.
Fixed a rare issue where a URL update caused the dataplane to restart.
Recommended For You
Recommended videos not found.