Just a heads-up to anyone on 8.1.8. . .
There is a cosmetic bug that throws bogus dependency warnings even when the dependent apps are included in the affected rule.
It will be fixed in 8.1.9 at the end of June, per support.
Solved! Go to Solution.
Yes. Here's what they said:
1 - Initial Problem Description
After upgrading to 8.1.8 there are many application dependency warnings although the dependencies are met
- As informed this is a known issue in Software version 8.1.8 matching an existing reported issue (PAN-117729)
- Fix is targeted to be released with PAN-OS 8.1.9 and the current ETA is 6/27/19
Once you Upgrade to Software version 8.1.9 that will resolve the issue.
Thank you for this post. Had I not already have been prepaired from reading this I would have had a major panic this morning when the first commit displayed enough application dependancy warnings to see from space
Glad I could save somebody some time on this. I suspected it was a bug, but I had just completed the long path of upgrading sequentially from 7.1.x ==> 8.1x and I thought the config had become corrupted. . .
To be honest, I was surprised I was the first one to post about this since it's such a visible bug that virtually everyone on 8.1.8 would enounter after a commit.
There have been several bugs that shock me nobody noticed before the release gets out into the wild... in fact there is still one open that drops SANs from certificates renewed on the firewall, I was told that it will not be fixed anytime soon... and then there are things like this one that are so obvious I just have a hard time trying to figure out how that slipped by
The biggest surprise is that Palo's "PAN-OS Software Release Guidance" page has 8.1.8 as "Preferred release" with no Notes about this issue.
I have talked to a Palo engineer AND a Palo manager about this very bug and reminded them that the Preferred release page still says 8.1.8 without any update about this bug.
I do not consider this a cosmetic error because it spams me with over 200 false warnings, potentially hiding real warnings!
Yes it needs to be fixed but even more importantly it needs to be updated on the Preferred release page IMMEDIATELY. Palo is aware of the problem today, 6/17/19. They reconfirmed it with my case that was opened by the manager specifically for this reason so... Let's see how long it takes, or IF they care enough about their customers, to update the Preferred release page. They've know about this problem since your original post... a week ago!
Crap. I wish I had seen this or any notice anywhere before about 2 hours ago. I would have gone to 8.1.7. I only get one maintenace night a year to do these upgrades and now I'm probably stuck with this mess till next June.
I've already dealt with globalprotect tunnel warnings that IPv6 is ignored (this here), and now this. My warning list is massive.
I guess I could try and sneak in a 3am upgrade on a holiday when we're closed. Perhaps July 4th.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!