Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-24-2016 07:59 PM - edited 03-24-2016 10:52 PM
Application and Threat Content version 571 was removed from the Palo Alto Networks support site at approximately 0230 PM PST on 24-MAR-2016, after discovering an issue with this content update and Panorama stability related to the Correlation Objects feature. In the interim, customers who have installed content version 571 and use Panorama for device management are advised to roll back to content 570 or disable the "Beacon Detection - Dynamic DNS” (ID-6007) and “Beacon Detection - Heuristics” (ID-6005) correlation objects on the Monitor—>Correlations objects page. Correlation Objects work specifically on the PA-3000, PA-5000, PA-7000 series and PAN-OS 7.0+ and VM or M-Series Panorama 7.0+.
Palo Alto Networks is working to resolve this, and will issue a notification when a remediated version of Application and Threat Content is made available. Please subscribe to this document to receive updates.
03-24-2016 08:14 PM
FYI, it says it was removed in 2015.
03-25-2016 12:28 AM
Does is cause just Panorama instability or can cause firewalls to stop processing traffic?
03-25-2016 06:23 AM
In our case it caused Panorama to power cycle until it was placed in maintenance mode due to repeated crashing. There were no firewall/ enforcement gateway side effects.
03-25-2016 06:51 AM
I have 5050's and running 6.1.5...do I have to roll back?
03-25-2016 06:58 AM
Nope, just follow the mitigation listed in the URL below. I have a feeling this bug will be fixed in 7.0.7, at least I hope so. The work around below will work in the mean time.
Thanks,
Dave
Palo Alto Customer Notice on 571:
03-25-2016 07:08 AM
Only on Panorama. Our behavior was Panorama would crash due to logd and reboot every 10 minutes or so. Made committing changes to managed devices hard but outside of that caused no issues. Our PAs were at 571 with no issues.
03-25-2016 07:15 AM
Andy is correct only on Panorama, the gateways are not affected by this due to explanation provided by Andy.
03-25-2016 07:30 AM
Glad to see this one has a definite answer. Was seriously worried we were being DDOSd in some nasty way that the gateways weren't picking up on 😕
Panorama M100s in HA here - once again no issues on gateways, just the Panorama box logd service causing constant restarts.
03-25-2016 10:49 AM
There appears to be some confusion regaring which platforms require a rollback to 570. I think the question has been answered by the community but I suggest Palo Alto use a more clear format for notices like these. A simple table listing the platforms requiring the rollback would have reduced confusion for us.
03-28-2016 07:56 AM
If it is not enabled than no, disabling it is a mitigation against the bug condition.
03-28-2016 08:45 AM - edited 03-28-2016 08:45 AM
@LeptonThanks for the feedback here. We'll take this into consideration for future communications.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
