44 • PAN-OS 6.1 Release Notes Palo Alto Networks
PAN-OS 6.1.0 Addressed Issues
67182
External Block Lists (EBLs) were not properly parsed during the initial load. This
caused the load to fail if Windows formatted files were used, where <CR><LF> line
feeds were used instead of standard UNIX <LF>. Comments were also not properly
supported on the same line as the IP, IP-RANGE, and IP-MASK. After fixing the
issues, both types of line feeds and comments are now supported.
66953
The maximum number of tags that PAN-OS and Panorama support for each virtual
system and device group (including the Shared group) is now 2,500 instead of 1,000.
66924
When logging in to the Panorama web interface with two-factor RADIUS
authentication, Panorama would successfully authenticate the user but then
immediately log the user out of the web interface. With this fix, Panorama no longer
logs the user out of the web interface following a successful authentication.
66918
Memory corruption issues related to SSL decryption caused the data plane to restart
and resulted in a flapping condition between firewalls in an HA cluster.
66862
If the certificate name length had more than 31 characters and it was used in a
decryption policy for SSL inbound inspection, a commit would fail. With this fix,
validation fails when the certificate used in an SSL inbound inspection decryption
policy has more than 31 characters inside the certificate name field.
66826
Due to SSL errors caused by the way the serial number is generated in the device
certificate, you could not manage multiple WF-500 WildFire™ appliances from the
same browser.
66761
To accommodate large quantities of scheduled reports with long reporting periods, the
M-100 appliance now supports increased storage capacity.
66711
The passive device in a HA cluster triggers DOS alerts about a session limit reached
for a classified DOS profile. After the fix, the passive device no longer receives the
DOS logs since it is not processing any traffic.
66701
You can now increase the capacity of the Address Resolution Protocol (ARP) table and
the MAC address table on PA-3020 and PA-3050 devices using the
debug system
arp-mac-capacity increased
command. On the PA-3020 platform, running this
command increases the maximum number of table entries from 1500 to 3000. On the
PA-3050 platform, running this command increases the maximum number of table
entries from 2500 to 5000.
66693
When a Port Address Translation (PAT) rule was configured to only change the
destination port but not IP address for that host, Address Resolution Protocol (ARP)
was not learned from a destination host on a connected network. With this fix, ARP
resolves correctly.
66635
Enabling SSL Forward Proxy decryption with a self-signed certificate could sometimes
cause the certificate presented to the client to have a negative serial number.
66520
An update has been made so that when you commit with an IP address/Netmask
configured but do not select an HA port in HA settings, PAN-OS shows additional
details on the commit fail error message that indicate the specific incomplete HA
settings.
Issue Identifier Issue Description
(104 strony)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji