Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Content 571 Customer Advisory

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content 571 Customer Advisory

L4 Transporter

Application and Threat Content version 571 was removed from the Palo Alto Networks support site at approximately 0230 PM PST on 24-MAR-2016, after discovering an issue with this content update and Panorama stability related to the Correlation Objects feature. In the interim, customers who have installed content version 571 and use Panorama for device management are advised to roll back to content 570 or disable the "Beacon Detection - Dynamic DNS” (ID-6007) and “Beacon Detection - Heuristics” (ID-6005) correlation objects on the Monitor—>Correlations objects page. Correlation Objects work specifically on the PA-3000, PA-5000, PA-7000 series and PAN-OS 7.0+ and VM or M-Series Panorama 7.0+.

 

Palo Alto Networks is working to resolve this, and will issue a notification when a remediated version of Application and Threat Content is made available. Please subscribe to this document to receive updates.

 

 

Unknown.png

13 REPLIES 13

L4 Transporter

FYI, it says it was removed in 2015.

Does is cause just Panorama instability or can cause firewalls to stop processing traffic?

In our case it caused Panorama to power cycle until it was placed in maintenance mode due to repeated crashing. There were no  firewall/ enforcement gateway side effects.

I have 5050's and running 6.1.5...do I have to roll back?

Nope, just follow the mitigation listed in the URL below. I have a feeling this bug will be fixed in 7.0.7, at least I hope so. The work around below will work in the mean time.

 

Thanks,

Dave


Palo Alto Customer Notice on 571:

https://live.paloaltonetworks.com/t5/General-Topics/Content-571-Customer-Advisory/m-p/75230/thread-i...

 

L1 Bithead

Does one need to disable the two Corr. Objects only on Panorama, or on all the firewalls, too?

Only on Panorama. Our behavior was Panorama would crash due to logd and reboot every 10 minutes or so. Made committing changes to managed devices hard but outside of that caused no issues. Our PAs were at 571 with no issues.

Andy is correct only on Panorama, the gateways are not affected by this due to explanation provided by Andy.

L1 Bithead

Glad to see this one has a definite answer.  Was seriously worried we were being DDOSd in some nasty way that the gateways weren't picking up on 😕

 

Panorama M100s in HA here - once again no issues on gateways, just the Panorama box logd service causing constant restarts.  

L0 Member

There appears to be some confusion regaring which platforms require a rollback to 570. I think the question has been answered by the community but I suggest Palo Alto use a more clear format for notices like these. A simple table listing the platforms requiring the rollback would have reduced confusion for us.

L4 Transporter

Hi ,

I don't have correlation object  feature enabled, still need to toll back?

Thanks

If it is not enabled than no, disabling it is a mitigation against the bug condition.

@LeptonThanks for the feedback here. We'll take this into consideration for future communications. 

  • 23111 Views
  • 13 replies
  • 3 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!