PAN-OS 8.0.6 Addressed Issues

PAN-OS® 8.0.6 addressed issues
Issue ID
Description
WF500-4490
Fixed an issue where the WF-500 appliance failed to synchronize verdicts when more than 500 SHA-256 hash values required verdict checks.
WF500-4471
Fixed an issue where a WildFire® two-node high availability (HA) cluster failed to recover from a split-brain condition.
WF500-4333
Fixed an issue where WF-500 appliances running a PAN-OS® 8.0 release incorrectly allowed telnet access to the CLI on vm-interface, eth2, and eth3.
WF500-3868
Fixed an issue on a WildFire appliance cluster with two controller nodes in an HA configuration where, under certain circumstances, synchronizing the controller node running configurations caused a validation error that prevented the configuration from committing on the peer controller.
When you ran the request high-availability sync-to-remote running-configuration command on one controller node, it overwrote the candidate configuration on the peer controller and committed the new (synchronized) configuration. However, if you then changed the configuration on the peer controller and committed the change, the commit failed and returned the following error: Validation Error: template unexpected here.
PAN-87749
Fixed an issue where the firewall generated too many GTP state failure logs.
PAN-86534
Fixed an issue where the log memory process (logd) stopped responding when Panorama received logs that were more than one week old.
PAN-86353
Fixed an issue on the Panorama management server where combinations of reports and log queries intermittently produced a slow memory leak that causes memory-related errors such as commit failures.
PAN-86061
Fixed an issue on firewalls in an active/active HA configuration where the firewall dataplane restarted after the all_pktproc process stopped responding due to an invalid ingress interface.
PAN-85907
Fixed an issue on Panorama appliances in Panorama or Log Collector mode where an out-of-memory condition occurred because a memory leak in the reportd process raised CPU usage and swap memory.
PAN-85703
Fixed an issue where firewalls in an HA configuration intermittently dropped DHCP packets.
PAN-85674
Fixed a kernel issue that caused the firewall to reboot.
PAN-85458
Fixed an issue where the firewall listed dynamic updates with a Type set to Unknown (DeviceDynamic Updates and PanoramaDynamic Updates).
PAN-85201
Fixed an issue on firewalls in an active/passive HA configuration where PAN-OS sent an unnecessary BGP withdrawn message to the BGP peer after the active firewall changed to a suspended HA state.
PAN-85170
Fixed an issue on firewalls that authorized virtual system administrators through RADIUS Vendor-Specific Attributes (VSAs), including the PaloAlto-Admin-Access-Domain VSA, where the following error message displayed after administrators accessed MonitorLogs in the web interface: syntax error at end of input.
PAN-85006
Fixed an issue where PA-5200 Series firewalls did not populate the next-hop table based on your configured policy rules (PoliciesPolicy Based Forwarding).
PAN-84927
Fixed an issue on PA-5200 Series firewalls where the Link Speed and Link Duplex settings of copper RJ-45 ports displayed as Unknown. With this fix, the settings correctly display as auto (automatic negotiation), which is the only available option for copper ports.
PAN-84707
Fixed an issue where the firewall web service stopped responding after you configured credential phishing prevention (ObjectsSecurity ProfilesURL FilteringUser Credential Detection).
PAN-84704
Fixed an issue where the firewall web service stopped responding after you configured credential phishing prevention (ObjectsSecurity ProfilesURL FilteringUser Credential Detection).
PAN-84545
Fixed an issue where PA-800 Series firewalls became unresponsive until you rebooted them, and the firewalls generated no logs from when they stopped responding to when they finished rebooting.
PAN-84267
Fixed an issue where firewalls in an active/passive HA configuration stopped passing traffic when OSPF hello packets contained a duplicate router ID or when the passive peer leaked packets during a reboot.
PAN-84224
Fixed an issue where the web portal landing page for GlobalProtect Clientless VPN became unresponsive due to a race condition between one user logging in to the GlobalProtect portal and another user requesting an update.
PAN-84142
Fixed an issue on a VM-Series firewall on Azure where upgrading the PAN-OS version caused a process (vm_agent) to stop responding due to a bug in the Azure Linux Agent library (waagentlib) package.
PAN-84087
Fixed an issue where users could not authenticate when you configured an authentication sequence containing an authentication profile based on RADIUS with challenge-response authentication.
PAN-84044
Fixed an issue where VM-Series firewalls in an HA configuration experienced HA path monitoring failures and (in active/passive deployments) HA failover. This fix applies only to firewalls with Data Plane Development Kit (DPDK) disabled; the bug remains unresolved when DPDK is enabled (see PAN-84045 in the Known Issues).
PAN-83826
Fixed an issue on the Panorama management server in an HA configuration where the passive HA peer did not display managed firewalls that you added to the active HA peer.
PAN-83754
Fixed an issue where a process (vm_agent) on a VM-Series firewall on Azure stopped responding after an update was applied on Azure.
PAN-83520
Fixed an issue where Panorama rebooted when receiving logs that contained non-UTF-8 characters.
PAN-83308
Fixed an issue on firewalls in an active/passive HA configuration where, after HA failover, the dataplane restarted on the newly active firewall while processing GlobalProtect Clientless VPN traffic.
PAN-83229
Fixed an issue on firewalls in an active/passive HA configuration where a link-monitoring failure caused a network outage after you enabled OSPF routing.
PAN-83113
Fixed an issue where the log receiver (logrcvr) process randomly restarted during a content update while the firewall was forwarding logs.
PAN-82957
Fixed an issue where firewalls didn't send queries for updated user mappings to User-ID agents; instead, the firewalls waited until the agents learned and forwarded new user mappings. By default with this fix, the firewall sends queries to the User-ID agents for unknown users. You can turn off the queries by running the persistent CLI command debug user-id query-unknown-ip off.
PAN-82879
Fixed an issue on VM-Series firewalls where the dataplane restarted after you configured User-ID to collect IP address-to-username mappings from Active Directory servers.
PAN-82830
Fixed an issue where PA-5000 Series and PA-3000 Series firewalls that were running low on memory briefly became unresponsive, stopped processing traffic, and stopped generating logs.
PAN-82638
Fixed an issue where the Panorama management server did not push authentication enforcement objects to managed firewalls.
PAN-82637
Fixed an issue where the Panorama management server stopped responding after you used a PAN-OS XML API call to rename a policy rule or object and you accidentally used its old name as the new name. With this fix, Panorama stops you from renaming a rule or object with its old name and displays an error message indicating this is not allowed.
PAN-82548
Fixed an issue where the firewall incorrectly blocked URLs and generated false positives when users entered non-corporate passwords to access websites after you configured a URL Filtering profile to Use Domain Credential Filter (ObjectsSecurity ProfilesURL Filtering<URL_Filtering_profile>User Credential Detection).
PAN-82399
Fixed an issue where connection flapping between Log Collectors and firewalls running PAN-OS 8.0 prevented the firewalls from forwarding logs to the Log Collectors.
PAN-82339
Fixed an issue where PA-7000 Series, PA-5200 Series, PA-5000 Series, PA-3060, and PA-3050 firewalls dropped ARP updates after a flood of exception messages.
PAN-82329
Fixed an issue where a BFD link temporarily went down when you selected to Generate Tech Support File (DeviceSupport) or run the show running appinfo2ip CLI command while the appinfo2ip cache was full (the cache stores application-specific IP address mapping information).
PAN-82277
Fixed an issue where a firewall configured for route-monitoring sent ICMP messages with a ping ID of 0, which caused the firewall to drop the ping replies when you enabled zone protection.
PAN-82273
Fixed an issue where blocking proxy sessions to enforce Decryption policy rules caused packet buffer depletion, which eventually resulted in packet loss.
PAN-82227
Fixed an issue where the firewall intermittently categorized most URLs as unknown and dropped SSL ClientHello packets after you upgraded the firewall to a PAN-OS 8.0 release.
PAN-82197
Fixed an issue where a Denial of Service (DoS) attack resulted in high CPU utilization on the firewall because it centralized session distribution on a single core instead of over all the cores.
PAN-82159
Fixed an issue where, after you upgraded a Panorama management server and firewalls to PAN-OS 8.0, the firewalls ignored changes to IPSec tunnel configurations that Panorama pushed, and didn't display the Panorama template icons (gear icons) for those configurations.
PAN-82151
Fixed an issue where the Panorama virtual appliance in Legacy mode intermittently stopped processing logs, which caused its firewall connections to flap.
PAN-82100
Fixed an issue where the PA-850 firewall couldn't establish an IPSec tunnel because IKE phase 2 negotiation failed on a network with latency.
PAN-82095
Fixed an issue on PA-3000 Series, PA-800 Series, PA-500, PA-220, PA-200, and VM-Series firewalls where QoS throughput dropped on interfaces configured to use a QoS profile with an Egress Max set to 0Mbps or more than 1,143Mbps (NetworkNetwork ProfilesQoS Profile).
PAN-82085
Fixed an issue where the Panorama management server restarted in maintenance mode after you configured an incomplete Admin Role profile through the CLI and then performed a Panorama commit.
PAN-82043
Fixed an issue where the Panorama virtual appliance could not mount NFS storage because PAN-OS prepended an additional forward slash character to the configured NFS path, which made the path invalid (starting with //).
PAN-82030
Fixed an issue on PA-5200 Series and PA-3000 Series firewalls where the dataplane restarted frequently because the all_pktproc process stopped responding in environments with a large amount of fragmented multicast traffic.
PAN-81979
Fixed an issue where firewalls in a Layer 2 deployment with an HA configuration did not synchronize the media access control (MAC) address table between HA peers.
PAN-81939
Fixed an issue where memory corruption caused the correlation engine process to restart.
PAN-81935
Fixed an issue on a firewall configured to perform path monitoring for a static route on a VLAN subinterface where the firewall displayed the static route as down even though the destination IP address was reachable.
PAN-81828
Fixed an issue on the Panorama management server where CommitCommit and Push operations failed because the configd process was coring.
PAN-81820
Fixed an issue on PA-7000 Series and PA-5200 Series firewalls where packet captures (pcaps) didn't include packets that matched predict sessions.
PAN-81682
Fixed an issue where the firewall dataplane restarted while processing traffic after you enabled SSL Inbound Inspection but not SSL Forward Proxy decryption.
PAN-81661
Fixed an issue where PA-7000 Series and PA-5200 Series firewalls in a hairpin virtual wire deployment dropped traffic when predict sessions were created. In a hairpin deployment, traffic crosses a firewall twice, in both directions, across the same virtual wire(s) in the same zones.
PAN-81626
Fixed an issue on VM-Series firewalls where the all_task process stopped responding.
PAN-81585
Fixed an issue on the Panorama management server where, after you renamed an object in a device group, a commit error occurred because policies in the child device groups still referenced the object by its old name.
PAN-81583
Fixed an issue where BGP sessions between a gateway and a satellite in an LSVPN configuration started flapping after you upgraded the satellite to a PAN-OS 8.0 release.
PAN-81475
Fixed an issue where pushing configurations from a Panorama management server running PAN-OS 8.0 or 7.1 to PA-7000 Series firewalls running PAN-OS 7.1 or 7.0 caused memory leaks.
PAN-81457
Fixed an issue where the firewall stopped submitting samples to WildFire for analysis until you ran the debug wildfire reset dp-receiver CLI command.
PAN-81321
Fixed an issue where IPSec tunnel phase 2 negotiations failed when attempting to connect to a remote peer when /32 traffic selectors were included in the configuration on the remote peer.
PAN-81312
Fixed an issue where the delete admin-sessions username CLI command did not delete sessions for the specified user.
PAN-81100
Fixed an issue on the firewall and Panorama management server where a memory leak caused several operations to fail, such as commits, FQDN refreshes, and content updates.
PAN-81022
Fixed an issue where a PA-500 firewall remained in a booting loop when you tried to access maintenance mode.
PAN-80994
A security-related fix was made to prevent remote code execution through the firewall Management (MGT) interface (CVE-2017-15944).
PAN-80892
Fixed an issue where PA-5200 Series firewalls performed slowly for traffic involving session offloading because the firewalls populated the next hop table incorrectly after receiving incorrect source MAC (SMAC) addresses in incoming packets.
PAN-80835
Fixed an issue where PA-3020 firewalls intermittently dropped sessions and displayed resources-unavailable in Traffic logs when a high volume of threat traffic depleted memory. With this fix, PA-3020 firewalls have more memory for processing threat traffic.
PAN-80831
Fixed an issue where connections that the firewall handles as an Application Level Gateway (ALG) service were disconnected when destination NAT and decryption were enabled. This fix applies only when the ALG service does not change packet lengths before and after NAT translation.
PAN-80687
Fixed an issue where the firewall dataplane restarted because the all_pktproc process suddenly started losing heartbeats.
PAN-80660
Fixed an issue where the firewall flooded System logs with the following message: Traffic and logging are resumed since traffic-stop-on-logdb-full feature has been disabled.
PAN-80638
Fixed an issue where the Panorama management server incorrectly displayed the job status as failed for a successful installation of a PAN-OS software update on firewalls.
PAN-80600
Fixed an issue on the PA-820 firewall where the dataplane restarted while processing HTTPS traffic after you configured a URL Filtering profile to Use Domain Credential Filter (ObjectsSecurity ProfilesURL Filtering<URL_Filtering_profile>User Credential Detection).
PAN-80598
Fixed an issue where, on PA-7000 Series and PA-5200 Series firewalls that had NAT policy rules with the Translation Type set to Dynamic IP (PoliciesNAT<policy_rule >Translated Packet), sessions were stuck in an OPENING state for fragmented packets.
PAN-80571
Fixed an issue on M-Series appliances where the Panorama web interface didn't display logs in the Monitor tab after you updated the appliances to PAN-OS 8.0.3 or a later 8.0 release.
PAN-80566
Fixed an issue where PA-7000 Series and PA-5200 Series firewalls restarted after you set the source interface to an invalid option (Any, Use default, or MGT) for a NetFlow service route (DeviceSetupServicesService Route Configuration). With this fix, the firewall displays a commit error to indicate you cannot set the source interface to an invalid option.
PAN-80511
Fixed an issue where firewalls intermittently failed to forward logs to Panorama after you configured Panorama as a log forwarding destination.
PAN-80447
Fixed an issue where, after a PAN-OS upgrade, packet buffer and descriptor utilization spiked and caused latency in network traffic.
PAN-80246
Fixed an issue where, after using a Panorama management server running PAN-OS 8.0 to Force Template Values when pushing configurations to firewalls running an earlier PAN-OS release, FQDN refreshes failed on the firewalls.
PAN-80149
Fixed an issue where the Panorama management server took longer than expected to populate source or destination address objects when you configured Security policy rules.
PAN-80099
Fixed an issue on the Panorama management server where the Deploy Content dialog listed Log Collectors, not just firewalls, when the update Type was Apps and Threats (PanoramaDevice DeploymentDynamic Updates), even though Log Collectors can receive only Apps updates.
PAN-80055
Fixed an issue where using the PAN-OS XML API to collect User-ID mappings caused slow responsiveness in the firewall web interface and CLI.
PAN-79945
Fixed an issue where the Panorama management server could not deploy antivirus or WildFire updates to firewalls that already had later versions of the updates.
PAN-79782
Fixed an issue where the firewall web interface displayed a down status for IKE phase 1 and phase 2 of an IPSec VPN tunnel that was up and passing traffic.
PAN-79721
Fixed an issue where only administrators with the superuser dynamic role could run the show logging-status CLI command. With this fix, the command is available to administrators with dynamic or custom roles that have the permissions associated with the following role types: superuser, superreader, deviceadmin, devicereader (DeviceAdmin Roles<admin_role_profile>Command Line).
PAN-79569
Fixed an issue where a commit failed after an application name was moved to a container application.
PAN-79468
Fixed an issue on a firewall with multiple GlobalProtect portal connections where the dataplane restarted after proxy_flow_alloc process failures occurred.
PAN-79412
Fixed an issue where managed firewalls disconnected from an M-500 appliance after a partial commit and temporarily disappeared from the PanoramaManaged Devices list.
PAN-79378
Fixed an issue on the Panorama management server where dynamic address groups defined in child device groups didn't include matching address objects defined in the parent device groups.
PAN-79284
Fixed an issue where a firewall acting as an OSPF area border router (ABR) and configured to suppress subnetworks learned in one area from advertising in another area still advertised those subnetworks.
PAN-79182
Fixed an issue on firewalls in an active/passive HA configuration where, after you manually suspended an active HA firewall, it continued sending route withdrawn messages to BGP peers.
PAN-79063
Fixed an issue where the Panorama ACC tab and custom reports displayed data as expected for all device groups when viewed simultaneously but displayed no data when you selected and tried to view data for only a specific device group.
PAN-79044
Fixed an issue where the dataplane restarted after you enabled automatically-generated C2 signature matching (ObjectsSecurity ProfilesAnti-Spyware).
PAN-79037
Fixed an issue where the firewall failed to download a WF-Private content update and displayed the following error: Invalid content image, Failed to download file.
PAN-79026
Fixed an issue where the firewall Reset both client and server after you set the Antivirus profile to default in a Security policy rule even though all WildFire actions in the default profile are set to allow (PoliciesSecurity<security_rule>Actions).
PAN-79000
Fixed an issue where, after using a Panorama management server running PAN-OS 8.0 to push threat exceptions from ObjectsSecurity Profiles to firewalls running a release earlier than PAN-OS 8.0, the firewalls received invalid threat exceptions that were renamed to unknown and that retained the unique threat IDs from PAN-OS 8.0 instead of changing to the legacy threat IDs of the earlier PAN-OS release.
PAN-78936
Fixed an issue where Panorama Log Collectors didn't receive logs from firewalls because the vldmgr process did not come up.
PAN-78856
Fixed an issue where PA-800 Series firewalls displayed only the auto-negotiation option for the Link Speed and Link Duplex (transmission mode) of copper ports (NetworkInterfaces<interface>Advanced). With this fix, the firewalls display all the options for copper ports: 10Mbps/half duplex, 10Mbps/full duplex, 100Mbps/half duplex, 100Mbps/full duplex.
PAN-78838
Fixed an issue where the Panorama management server generated Configuration logs that stored the passwords for VMware NSX plugins as plaintext. With this fix, Panorama encrypts the stored passwords.
PAN-78784
Fixed an issue on the Panorama management server and firewalls with multiple virtual systems where the Add button in PanoramaMonitorManaged Custom Reports and DeviceMonitorManaged Custom Reports became unresponsive after you changed the Access Domain.
PAN-78718
Fixed an issue where a PA-7000 Series firewall running PAN-OS 8.0.6 or an earlier PAN-OS 8.0 release stopped saving and displaying new logs due to a memory leak after a Panorama management server running a PAN-OS 8.0 or later release pushed a predefined report that specified a field that is unrecognized by the firewall running the earlier PAN-OS release (MonitorReportsMobile Network Reports).
PAN-78670
Fixed an issue on the Panorama management server where the output of the show logging status device <serial-number> CLI command did not display any data.
PAN-78638
Fixed an issue where the User-ID process (useridd) stopped responding due to initialization errors.
PAN-78617
Fixed an issue on the Panorama management server where PanoramaManaged Devices displayed the Shared Policy as Out of Sync for firewalls on which shared policy was actually in sync with Panorama.
PAN-78566
Fixed an issue where the firewall failed to export certificates that included certain special characters ($, ', &, ", ;, and |) in PKCS12 format.
PAN-78492
Fixed an issue in PAN-OS 8.0.2 to 8.0.5 releases where the firewall took longer than expected to Check Now for software or content updates (DeviceSoftware/Dynamic Updates).
PAN-78442
Fixed an issue where PAN-OS did not generate a System log to record which administrators ran the request restart system CLI command.
PAN-78431
Fixed an issue where firewalls in an active/passive HA configuration with OSPF or BGP graceful restart enabled took longer than expected to fail over.
PAN-78397
Fixed an issue with custom URL filtering where some characters in the URL that was accessed were transformed incorrectly when the URL was displayed on the Continue and Override response page. With this fix, ampersand and other special characters are transformed using percent-encoding (for example, & = %26).
PAN-78341
Fixed an issue where the root partition ran out of space duringgeneration of a tech support file when the output of the show user user-ids command was extremely large. With this fix, the data saved to the tech support file is modified to show only statistics instead of raw output, which prevents the output from this command from being so large that it fills up all available disk space.
PAN-78323
Fixed an issue on Panorama M-Series and virtual appliances where commits failed when virtual memory was exceeded while Panorama was attempting to copy a large number of shared nodes and simultaneously generating device group-specific configurations.
PAN-78253
Fixed an issue where incorrect IP addresses were added to the hardware block table when using a DoS Protection profile on zones with names longer than 15 characters.
PAN-78127
A security-related fix was made to prevent the firewall Management (MGT) interface from becoming unavailable for legitimate use (CVE-2017-15942).
PAN-78100
Fixed an issue where the PAN-OS XML API query for show session distribution policy resulted in an error message (An error occurred).
PAN-78034
Fixed an issue where the Threat logs that Zone Protection profiles triggered for packet-type events did not record IMSI and IMEI values.
PAN-77974
Fixed an issue where the firewall could not establish BGP connections using a loopback interface over a large-scale VPN tunnel between a GlobalProtect satellite and gateway.
PAN-77963
Fixed an issue where a firewall that had a dynamic IP address for the Management (MGT) interface sent the IP address of the internal loopback address instead of the MGT interface as the network access server (NAS) IP address in RADIUS access requests.
PAN-77908
Fixed an issue where you could not Enable or Disable correlation objects (MonitorAutomated Correlation EngineCorrelation Objects) on a firewall for which you did not enable Multiple Virtual Systems Capability (DeviceSetupManagement).
PAN-77788
Fixed an issue where policy rules ignored changes to the risk factor in ObjectsApplication Filters after you upgraded the firewall to PAN-OS 8.0.
PAN-77748
Added debug enhancements to capture more details about IKE when third-party VPN clients use the X-AUTH feature.
PAN-77706
Fixed an issue on PA-7000 Series firewalls where packet capture intermittently failed.
PAN-77501
As an enhancement to the BGP fast failover feature, you can now use the set system setting fast-fail-over enable no CLI command to disable the feature (it's enabled by default) for the rare cases when it causes flapping on an unstable interface. When you disable the feature, the firewall automatically ends the BGP session with any adjacent external BGP peer immediately after the link fails (instead of waiting for the BGP hold timer to expire). With this fix, you can also re-enable the feature through the set system setting fast-fail-over enable yes CLI command.
PAN-77384
Fixed an issue where tunnel-bound traffic was incorrectly routed through an ECMP route instead of a PBF route as expected.
PAN-77292
Fixed an issue where firewalls in an HA active/passive configuration did not always synchronize sessions.
PAN-77063
Fixed an issue where SSL Forward Proxy decryption failed for SSL/TLS websites that had unused certificate chains containing algorithms that PAN-OS did not support. With this fix, the firewall verifies only the certificate chains that the websites use.
PAN-77055
Fixed an issue where, after logging in to GlobalProtect, end users could access the Firewall PAN-OS XML API without additional authentication.
PAN-76848
Fixed an issue where a Panorama management server that is running low on memory loses some logs, processes log forwarding slowly, and loses connections to firewalls.
PAN-76505
Fixed an issue where the mprelay process stopped responding when processing IPv6 neighbor discovery updates.
PAN-76358
Fixed an issue on firewalls in an active/passive HA configuration where rebooting the passive HA peer caused its interfaces to flap.
PAN-76075
Fixed an issue where the User-ID process stopped responding when a virtual system that didn’t have NTLM configured received NTLM requests.
PAN-75705
Fixed an issue where administrators could download a tech support file (DeviceSupport) even when their administrative roles did not have the corresponding privilege enabled.
PAN-75474
Fixed an issue where a firewall with a disk full condition could not connect to WildFire or the PAN-DB cloud after a management process restarted. The show wildfire status CLI command displayed the following message: Unable to authenticate remote CA certificate.
PAN-75438
Fixed an issue where the Panorama web interface displayed an error when you tried to create a new SSL/TLS server profile while configuring a Log Collector (PanoramaManaged Collectors<Log_Collector>Communication).
PAN-75264
Fixed an issue where SSL decryption failed when the destination server provided a large certificate chain such that the firewall had to process a request exceeding 8,188 bytes. With this fix, the firewall has a larger buffer to accommodate requests containing large certificate chains.
PAN-75028
Fixed an issue on PA-5200 Series firewalls where you could not configure QoS on a subinterface because subinterfaces didn't display in the Source Interface drop-down (NetworkQoS<QoS_interface>Clear Text Traffic).
PAN-74285
Fixed an issue where the Panorama management server took longer than expected to display Traffic logs for specific device groups.
PAN-74074
Fixed an issue in an HA active/passive configuration where the HA sync task did not completely remove the configuration for an ethernet1/x node on one peer firewall when ethernet1/x on the second peer firewall was empty (not configured) and that second peer firewall initiated the HA sync.
PAN-74054
Fixed an issue on firewalls in an active/passive HA configuration where a link-monitoring failure caused a delay in OSPF convergence on the firewall that became active after HA failover.
PAN-73333
Fixed an issue where the firewall did not record the sender or recipient in WildFire Submission logs for emails in which the header had no white space character between the display name and the email address.
PAN-73118
As an enhancement for generating reports that span multiple days, PAN-OS now generates such reports quicker and compresses them in storage so that you can save more reports.
PAN-70181
Fixed an issue where PA-7000 Series firewalls that ran a large number of scheduled daily reports (near 1,000 or more) eventually experienced a memory issue that caused CLI commands to fail and ultimately caused SSH connection attempts to the management IP address to fail also.
PAN-68256
Fixed an issue on PA-7000 Series firewalls in an HA configuration where the HA data link (HSCI) interfaces intermittently failed to initialize properly during bootup.
PAN-64589
Fixed an issue where administrators with custom roles could not perform packet captures or download and install software and content updates.
PAN-50641
Fixed an issue where enabling or disabling BFD for BGP, or changing a BFD profile that a BGP peer used, caused the connection to the BGP peer to flap.

Related Documentation