46 • PAN-OS 6.1 Release Notes Palo Alto Networks
PAN-OS 6.1.0 Addressed Issues
65294
In syslog and devsrv.log output, a message about the last known update from the
PAN-DB cloud was labeled as seconds instead of minutes. The description of the log
pattern now displays the correct label.
65220
With SSH proxy enabled, traffic to some SSH servers failed. With this fix, traffic to the
SSH servers no longer fails when SSH proxy is enabled.
65174
Resolved an issue where an Invalid IP Address error was shown when creating a
redistribution profile from within the Export Rules in OSPF or Redistribution Rules
in BGP.
65031
During a high availability (HA) active/passive failover, a timing issue delayed the
reestablishment of end-to-end connectivity for OSPF interfaces. The graceful restart
hello delay timer now allows you to configure the length of time during which the
firewall sends grace LSA packets. From the CLI, use the
gr-delay option to specify
the graceful restart delay on OSPF interfaces.
64759
Fixed an issue where a high availability (HA) failover occurred due to insufficient
kernel memory on a PA-5000 Series firewall that was attempting to handle unusually
heavy network and system traffic. With this fix, the kernel memory on PA-5000 Series
firewalls is increased to ensure sufficient kernel memory is avail-able for ping requests
and keep-alive messages even when under an unusually heavy load.
64751
Addressed an issue where SNMPv3 traps sent from the firewall for the EngineBoots
and EngineTime variables were incorrectly set in the SNMP header.
64713
Removed the RC4-MD5 cipher from management and GlobalProtect SSL interfaces.
64606
When navigating to the GlobalProtect portal using a browser that had Transport Layer
Security (TLS) 1.2 enabled, and when using a client certificate for authentication, the
SSL connection failed due to issues with the fallback to a lower TLS version. With this
fix, the fallback succeeds with Google Chrome and Mozilla Firefox. This specific
behavior of Internet Explorer still exhibits issues.
64600
When a dynamic block list was configured on the firewall to be updated according to
a list on a configured proxy server, the firewall was unable to access the proxy server.
This issue has been resolved so that the firewall can correctly access the list on the
proxy server to update the dynamic block list.
64439
When you configured QoS on an interface that was saturated with traffic from QoS
classes without bandwidth guarantees, traffic from QoS classes with guaranteed
bandwidth experienced traffic loss. This was due to rounding errors, which caused the
total calculated interface bandwidth to exceed the actual bandwidth. With this fix, the
bandwidth limits are properly calculated and no traffic loss is observed.
64389
In certain situations, when performing an HA failover, GlobalProtect clients
connecting to the gateway using IPSec were disconnected and did not reconnect after
the failover of the gateway. This issue has been fixed, and the GlobalProtect client
reconnects to the new active gateway.
Issue Identifier Issue Description
(104 Seiten)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern