About keith_whitley

https://support.paloaltonetworks.com/index.php?option=com_pan&task=view_releasenotes&vn=3.1.4&ut=sw&ct=&prod=panos&plat=2000 Of course there are known issues in 3.1.4 too, check that document.  Some of these probably impact you. Addressed Issues in 3.1.4. The following issues have been addressed in this release: • [21676] PA-2000 series devices may become unresponsive. • [21641] An admin with the device administrator role cannot create local users. • [21620] URL category does not show up properly when logs are forwarded via syslog or SNMP. • [21610] If errors occur when generating a certificate in the UI, the window must be closed and reopened to correct the issues and regenerate. • [21546] Changing the continue timeout in a URL profile does not immediately take effect. • [21544] An imported inbound inspection certificate with a long name cannot be subsequently deleted. • [21504] After a factory-reset, the default web certificate uses SHA256 which is not compatible with Internet Explorer. • [21485] System instability may occur in some environments where a high volume of Skype or P2P traffic is present. • [21481] In some cases, when doing inbound SSL decryption the eicar virus may not be detected. • [21476] Deleting the reports that have been run for custom reports with spaces in the name will fail. • [21440] If configuration synchronization between HA peers takes longer than 30 seconds then synchronization will fail and passive device will incorrectly indicate that configuration is in sync. • [21396] The IKE dead-peer detection mechanism may inappropriately detect failure, causing tunnel connections to fail. PAN-OS Release Notes, Version 3.1.4 rev A 6 • [21352] Default route metrics are advertised incorrectly in OSPF stub networks. • [21345] The auto-commit process after bootup may fail when large certificates are present in the configuration. • [21341] The source address portion of an application override rule does not take effect. • [21331] Users that get locked out of an SSL-VPN do not get displayed as locked. • [21319] When a commit is performed where the only change is to the management proxy settings, the dataplane will restart. • [21271] When the dynamic URL categorization server is not reachable, all requests needing cloud-based categorization will be delayed. • [21255] Read-only super users cannot access data filtering captures. • [21233] Only 10 QoS rules can be configured on a PA-500 device. • [21231] When using a single address object in an address group in the source translation field of a NAT rule, the resulting source address is 0.0.0.0. • [21216] BrightCloud database updates fail when traversing a proxy. • [21213] Next-hop monitoring with policy-based forwarding does not function properly when using VLAN interfaces. • [21165] Custom applications cannot be created with Panorama. • [21053] The system may improperly classify FTP traffic within a proxy session. Session statistics for these sessions may also be incorrect. These two issues are addressed. However, FTP data sessions within proxy tunnels will show up as unknown. • [21052] Occasionally user to IP mapping is corrupted and users are unnecessarily presented with a captive portal login page. • [20991] Content updates may be partially synced to an HA peer even when syncing is disabled, causing unpredictable content versions on the peer. • [20894] The text/html filetype inappropriately appears as a valid filetype within Panorama when configuring file blocking profiles. • [20893] When creating a log forwarding profile with Panorama, the setting for forwarding critical severity threat logs is not saved even though it was selected. • [20890] DHCP clients that request lease times longer than the configured maximum are granted those times. • [20829] The system is not able to properly identify SNMP sessions when an SNMP response is fragmented into more than 3 fragments. PAN-OS Release Notes, Version 3.1.4 rev A 7 • [20733] The request private-data-reset command clears out antivirus signatures even though content updates are intended to remain. • [20698] URL admin override functionality does not work properly when a certificate is configured. • [20593] Custom URL categories starting with a numeral do not show up properly in the log viewer. • [20517] HTTP long chunk responses trigger anomalous threat detections. • [20375] Probability of a passive device incorrectly becoming active is increased during a URL database update. • [20257] SSL-VPN users are not able to successfully authenticate via RADIUS in some environments. • [20239] The port field of a service object is limited to 63 characters. • [20164] The system incorrectly discards lone IPv6 fragments. • [19854] System may be unable to correctly present block pages when blocked requests exceed 100 pages per second. • [18767] SSL inbound inspection may fail when active SSL flows to the server exceeds 1000. • [18271] In some environments session rematch on a PA-4000 does not properly remove sessions when a policy is changed and committed. ... View more

A pretty good tool for searching if you are using windows and want a grep functionality is Astrogrep... it is free. http://astrogrep.sourceforge.net/ This will allow you search entire directories and multiple files within them simultaneously. ... View more