PAN-OS 7.1.13 Addressed Issues
The following table lists the issues that are addressed in the PAN-OS® 7.1.13 release. For new features, associated software versions, known issues, and changes in default behavior, see PAN-OS 7.1 Release Information. Before you upgrade or downgrade to this release, review the information in Upgrade to PAN-OS 7.1.
Starting with PAN-OS 7.1.5, all unresolved known issues and any newly addressed issues in these release notes are identified using new issue ID numbers that include a product-specific prefix. Issues addressed in earlier releases and any associated known issue descriptions continue to use their original issue ID.
Issue ID Description
PAN-84142 Fixed an issue where a process (vm_agent) on a VM-Series firewall on Azure stopped responding after upgrading to PAN-OS 7.1.12 due to a bug in the Azure Linux Agent library (waagentlib) package.
PAN-83754 Fixed an issue where a process (vm_agent) on a VM-Series firewall on Azure stopped responding after an update was applied on Azure.
PAN-82076 Fixed an issue on PA-7000 Series firewalls where traffic delays occurred due to packet buffer congestion when the all_pktproc process stopped responding. This issue occurred when an incorrect Policy Based Forwarding (PBF) policy rule ID referenced an invalid egress interface.
PAN-82046 Fixed an issue on VM-Series firewalls for NSX where dynamic address groups had no members.
PAN-81939 Fixed an issue where memory corruption caused the correlation engine process to restart.
PAN-81661 Fixed an issue where PA-7000 Series firewalls in a hairpin virtual wire deployment dropped traffic when predict sessions were created. In a hairpin deployment, traffic crosses a firewall twice, in both directions, across the same virtual wire(s) in the same zones.
PAN-81321 Fixed an issue where IPSec tunnel phase 2 negotiations failed when attempting to connect to a remote peer when /32 traffic selectors were included in the configuration on the remote peer.
PAN-81118 Fixed an issue where client systems could use a translated IP address-and-port pair for only one connection even if you configured the Dynamic IP and Port (DIPP) NAT Oversubscription Rate to allow multiple connections ( Device > Setup > Session > Session Settings > NAT Oversubscription). This issue is fixed on all firewall models except the PA-7000 Series firewalls (see PAN-84488).
PAN-80831 Fixed an issue where connections that the firewall handles as an Application Level Gateway (ALG) service were disconnected when destination NAT and decryption were enabled. This fix applies only when the ALG service does not change packet lengths before and after NAT translation.
PAN-80660 Fixed an issue where the firewall flooded System logs with the following message: Traffic and logging are resumed since traffic-stop-on-logdb-full feature has been disabled.
PAN-80535 Fixed an issue on a firewall with multiple virtual systems where policy rules defined for a specific virtual system could not access shared EDL objects.
PAN-80447 Fixed an issue where, after a PAN-OS upgrade, packet buffer and descriptor utilization spiked and caused latency in network traffic.
PAN-79026 Fixed an issue where the firewall Reset both client and server after you set the Antivirus profile to default in a Security policy rule even though all WildFire actions in the default profile are set to allow ( Policies > Security > <security_rule> > Actions).
PAN-78718 Fixed an issue where a PA-7000 Series firewall running PAN-OS 7.1.12 or an earlier release stopped saving and displaying new logs due to a memory leak after a Panorama management server running a PAN-OS 8.0 release pushed a predefined report that specified a field that is unrecognized by the firewall running the earlier PAN-OS release ( Monitor > Reports > Mobile Network Reports).
PAN-78342 Fixed an issue where Panorama failed to export a custom report if you set the Database to Remote Device Data ( Monitor > Manage Custom Reports).
PAN-78341 Fixed an issue where the root partition ran out of space during generation of a tech support file when the output of the show user user-ids command was extremely large. With this fix, the data saved to the tech support file is modified to show only statistics instead of raw output, which prevents the output from this command from being so large that it fills up all available disk space.
PAN-78127 A security-related fix was made to prevent the firewall Management (MGT) interface from becoming unavailable for legitimate use (CVE-2017-15942).
PAN-78100 Fixed an issue where the XML API query for show session distribution policy resulted in an error message ( An error occurred ).
PAN-77939 Fixed an issue where the Panorama virtual appliance in Legacy mode purged older Traffic logs even when space was available to store more logs.
PAN-77748 Added debug enhancements to capture more details about IKE when third-party VPN clients use the X-AUTH feature.
PAN-77706 Fixed an issue on PA-7000 Series firewalls where packet capture intermittently failed.
PAN-77384 Fixed an issue where tunnel-bound traffic was incorrectly routed through an ECMP route instead of a PBF route as expected.
PAN-77292 Fixed an issue where firewalls in a high availability (HA) active/passive configuration did not always synchronize sessions.
PAN-77063 Fixed an issue where SSL Forward Proxy decryption failed for SSL/TLS websites that had unused certificate chains containing algorithms that PAN-OS did not support. With this fix, the firewall verifies only the certificate chains that the websites use.
PAN-77055 Fixed an issue where, after logging in to GlobalProtect, end users could access the Firewall PAN-OS XML API without additional authentication.
PAN-76565 Fixed an issue where dynamic content updates failed on the firewall when DNS response times were slow.
PAN-76505 Fixed an issue where the mprelay process stopped responding when processing IPv6 neighbor discovery updates.
PAN-76454 Fixed an issue on PA-7000 Series firewalls where Generic Routing Encapsulation (GRE) session creation failed when the firewalls received GRE packets with a Point-to-Point Protocol (PPP) payload.
PAN-76373 Fixed an issue on PA-5000 Series firewalls where using the web interface to display QoS Statistics ( Network > QoS) resulted in a memory leak that caused the control plane and dataplane to restart.
PAN-76263 Fixed an issue where the Panorama management server retained the Threshold value for update schedules ( Device > Dynamic Updates > <update_type_schedule>) in a template stack even after you removed the value from templates in the stack.
PAN-76075 Fixed an issue where the User-ID process stopped responding when an NTLM request was received on a vsys where NTLM was not configured
PAN-75705 Fixed an issue where administrators were able to download tech support files even when the administrators were not configured with this privilege.
PAN-75505 Fixed an issue where the firewall failed to export a report to PDF, XML, or CSV format when the report job ID was higher than 65535.
PAN-75474 Fixed an issue where a firewall with a disk full condition could not connect to WildFire or the PAN-DB cloud after a management process restarted. The show wildfire status CLI command displayed the following message: Unable to authenticate remote CA certificate.
PAN-75412 Fixed an issue where the Monitor > Botnet report displayed the wrong portion of the URL when the HTTP GET request was too long, while the Monitor > Logs > URL Filtering logs displayed the URL correctly.
PAN-74074 Fixed an issue where an HA sync resulted in an empty ethernet1/1 node on the passive peer. This issue occurred when ethernet1/1 on the active HA peer was configured as an Aggregated Ethernet (AE) interface while ethernet1/1 was not configured in the local configuration for the passive peer.
PAN-73333 Fixed an issue where the firewall did not record the sender or recipient in WildFire Submission logs for emails in which the header had no white space character between the display name and the email address.
PAN-73196 Fixed an issue on VM-Series firewalls that occurred when attempting to shut down the firewall from the VCenter Client or from a Web Client due to a VM-tools integration issue.
PAN-72495 Fixed an issue where PA-7000 Series firewalls intermittently dropped packets from GlobalProtect end users if the GlobalProtect IKE gateway used a local interface that was in a different security zone than the physical ingress interface.
PAN-71622 Fixed an issue where Panorama took longer than expected to generate reports.
PAN-71012 Fixed an issue where Panorama did not display log data in the Monitor or ACC tabs and did not display custom reports.
PAN-66675 Fixed an issue where extended packet captures consumed excessive storage space in /opt/panlogs.
PAN-64589 Fixed an issue where administrators with custom roles could not perform packet captures or download and install software and content updates.
PAN-60414 Fixed an issue where the HL7 application was not correctly identified.

Related Documentation