PAN-OS 7.0.15 Addressed Issues
The following table lists issues that are addressed in the PAN-OS® 7.0.15 release. For an overview of new features introduced in PAN-OS 7.0 and other release information, including the list of known issues, see PAN-OS 7.0 Release Information. Before you upgrade or downgrade to this release, review information about how to Upgrade to PAN-OS 7.0.
Starting with PAN-OS 7.0.11, all unresolved known issues and any newly addressed issues in these release notes are identified using new issue ID numbers that include a product-specific prefix. Issues addressed in earlier releases and any associated known issue descriptions continue to use their original issue ID.
Issue ID Description
PAN-74188 Fixed an issue where conflicting next-hop entries in the egress routing table caused the firewall to incorrectly route traffic that matched Policy-Based Forwarding (PBF) policy rules configured to Enforce Symmetric Return.
PAN-73914 A security-related fix was made to address OpenSSL vulnerabilities (CVE-2017-3731).
PAN-73045 Fixed an issue where HA failover and fail-back events terminated sessions that started before the failover.
PAN-72769 A security-related fix was made to prevent brute-force attacks on the GlobalProtect external interface (CVE-2017-7945).
PAN-70674 A security-related fix was made to prevent cross-site scripting (XSS) attacks through the GlobalProtect external interface (CVE-2017-7409).
PAN-70541 A security-related fix was made to address an information disclosure issue that was caused by a firewall that did not properly validate certain permissions when administrators accessed the web interface over the management (MGT) interface (CVE-2017-7644).
PAN-69801 Fixed an issue where firewalls that had an HA active/active configuration and where the primary peer was in a tentative HA state did not synchronize session update messages between the peers, which resulted in dropped session packets after a session aged out (within 30 seconds).
PAN-62015 Fixed an issue on PA-7000 Series firewalls where, when creating the key for a GRE packet, the firewall did not use the same default values for the source and destination ports in the hardware and software, which slowed the firewall performance.
PAN-60376 Fixed an issue where the authentication process (authd) stopped responding and caused the firewall to reboot after the firewall received a stale response to an authentication request before selecting CHAP or PAP as the protocol for authenticating to a RADIUS server.
PAN-58589 Fixed an issue where the dataplane restarted when an out-of-memory condition occurred on a process (pan_comm).
PAN-57520 Fixed an issue where firewalls stopped connecting to Panorama when the root CA server certificate on Panorama expired. With this fix, Panorama replaces the original certificate with a new certificate that expires in 2024.
PAN-53116 Fixed an issue on firewalls with LACP enabled where a commit or LACP flapping caused a memory leak in the dataplane.
FPGA-232 Fixed an issue on PA-5000 Series firewalls where packets became stuck in the FPGA, which resulted in packet loss and, on HA firewalls with path monitoring configured, triggered a failover.

Related Documentation