Content 571 Customer Advisory

Reply
Highlighted
L4 Transporter

Content 571 Customer Advisory

Application and Threat Content version 571 was removed from the Palo Alto Networks support site at approximately 0230 PM PST on 24-MAR-2016, after discovering an issue with this content update and Panorama stability related to the Correlation Objects feature. In the interim, customers who have installed content version 571 and use Panorama for device management are advised to roll back to content 570 or disable the "Beacon Detection - Dynamic DNS” (ID-6007) and “Beacon Detection - Heuristics” (ID-6005) correlation objects on the Monitor—>Correlations objects page. Correlation Objects work specifically on the PA-3000, PA-5000, PA-7000 series and PAN-OS 7.0+ and VM or M-Series Panorama 7.0+.

 

Palo Alto Networks is working to resolve this, and will issue a notification when a remediated version of Application and Threat Content is made available. Please subscribe to this document to receive updates.

 

 

Unknown.png

L2 Linker

Re: Content 571 Customer Advisory

FYI, it says it was removed in 2015.

Re: Content 571 Customer Advisory

Does is cause just Panorama instability or can cause firewalls to stop processing traffic?

L1 Bithead

Re: Content 571 Customer Advisory

In our case it caused Panorama to power cycle until it was placed in maintenance mode due to repeated crashing. There were no  firewall/ enforcement gateway side effects.

L0 Member

Re: Content 571 Customer Advisory

I have 5050's and running 6.1.5...do I have to roll back?

L1 Bithead

Re: Content 571 Customer Advisory

Nope, just follow the mitigation listed in the URL below. I have a feeling this bug will be fixed in 7.0.7, at least I hope so. The work around below will work in the mean time.

 

Thanks,

Dave


Palo Alto Customer Notice on 571:

https://live.paloaltonetworks.com/t5/General-Topics/Content-571-Customer-Advisory/m-p/75230/thread-i...

 

L1 Bithead

Re: Content 571 Customer Advisory

Does one need to disable the two Corr. Objects only on Panorama, or on all the firewalls, too?

L1 Bithead

Re: Content 571 Customer Advisory

Only on Panorama. Our behavior was Panorama would crash due to logd and reboot every 10 minutes or so. Made committing changes to managed devices hard but outside of that caused no issues. Our PAs were at 571 with no issues.

L1 Bithead

Re: Content 571 Customer Advisory

Andy is correct only on Panorama, the gateways are not affected by this due to explanation provided by Andy.

L1 Bithead

Re: Content 571 Customer Advisory

Glad to see this one has a definite answer.  Was seriously worried we were being DDOSd in some nasty way that the gateways weren't picking up on :-/

 

Panorama M100s in HA here - once again no issues on gateways, just the Panorama box logd service causing constant restarts.  

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!