>
    Strata Copilot
    PAN-OS 11.1.13-h1 Addressed Issues
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. PAN-OS 11.1.13 Known and Addressed Issues
    4. PAN-OS 11.1.13-h1 Addressed Issues
    Download PDF

    PAN-OS 11.1.13-h1 Addressed Issues

    Table of Contents

    PAN-OS 11.1.13-h1 Addressed Issues

    PAN-OS® 11.1.13-h1 addressed issues.
    Issue ID
    Description
    PAN-309392
    Fixed an issue where the scroll bar did not appear when editing Destination Addresses for Policy Based forwarding policy rules.
    PAN-309379
    Fixed an issue where the logrcvr process stopped responding on DPCs, which prevented logs from being forwarded.
    PAN-308085
    (VM-Series firewalls in Microsoft Azure environments only) Fixed an issue where, after resizing the VM, the HA2 link became unstable. Frequent keep-alive failures occurred, and HA2 keep-alive packets were simultaneously transmitted to multiple destination MAC addresses and the peer firewall's interface MAC). This issue occurred on firewalls with Accelerated Networking enabled.
    PAN-308060
    (Firewalls in active/active HA configurations only) Fixed an issue where the BFD session went down and did not recover even though the BGP remained in an established state, which caused the firewall to cease route learning and advertisement with the peer, even though BGP keep-alives were exchanged correctly.
    PAN-307901
    Fixed an issue where a leak in decryption counters caused resource exhaustion, which led to a GlobalProtect service outage.
    PAN-307795
    Fixed an issue where Panorama incorrectly generated system logs indicating a lost connection to its peer after an upgrade even when High Availability was not configured.
    PAN-305835
    Fixed an issue where firewalls with Memory Integrity Checking Architecture enabled rebooted unexpectedly due to accessing an invalid memory address. This occurred because the forwarding data structure index exceeded its designed limit.
    PAN-305412
    Fixed an issue where the Logging Service License Status displays a license failure when the license status transitions from valid to expired and then back to valid even when the connection to the Security Logging Service (SLS) was working.
    PAN-305411
    Fixed an issue where, after creating a logical interface with an assigned IP address and adding it to a virtual router, the connected route for the interface did not appear in the show routing route CLI command output. This occurred even when the interface was up and learning ARP entries.
    PAN-305301
    Fixed an issue where the timing of GlobalProtect lifetime expiry or inactivity logout notifications used for GlobalProtect SSL tunnels could cause the pan_task process to stop responding and the dataplane to restart.
    PAN-304756
    Fixed an issue on Panorama where, after you disabled the shared optimization feature, a full configuration push to multi-vsys devices caused a validation error.
    PAN-304636
    Fixed an issue where BGP aggregate routes were not created and discard routes were not installed in the routing table.
    PAN-304075
    Fixed an issue where the firewall did not detect evasions due to TCP checksum offloading not being enabled.
    PAN-303959
    Fixed an issue where traffic was incorrectly identified as unknown-tcp/unknown-udp due to App-ID resource leak and eventually dropped.
    PAN-303954
    Fixed an issue where, when configuring Safenet HSMs in HA and authentication HSM manually, the second HSM server failed to authenticate due to the firewall overwriting the first HSM server's certificate with the second HSM server's certificate.
    PAN-303627
    Fixed an issue where, after committing a configuration change, the firewall experienced traffic issues, pan_task crashes, and LACP interface failures.
    PAN-303559
    Fixed an issue where, after manually creating a device telemetry bundle, the hour_cli_output.txt file within the bundle had a file size of 0 bytes. This occurred when checking the bundle content after enabling device telemetry and setting the device telemetry upload endpoint.
    PAN-302983
    Fixed an issue where, after committing changes on Panorama, a shared post-rule moved to the end of the post shared rulebase on the managed device instead of remaining at the top.
    PAN-302551
    Fixed an issue where the firewall displayed as disconnected in the SLS due to the serial number not being retrieved
    PAN-302428
    Fixed an issue on Panorama where daily scheduled report emails for custom reports were delivered with no content and instead incorrectly displayed the message No matching data found. With this fix, the content is displayed correctly.
    PAN-302085
    Fixed an issue where network values were not displayed in Panorama with the error message There is no value for the selected item. This was due to the device group passing vsysName in Panorama.
    PAN-301975
    (Firewalls in HA configurations only) Fixed an issue where the passive firewall incorrectly triggered PBP alerts even with low packet rates.
    PAN-301937
    Fixed an issue where Microsoft Defender for Cloud detected cleartext SSH private keys in the /var/appweb and /etc/appweb directories on PA-VM firewalls deployed in Azure.
    PAN-301912
    Fixed an issue where Panorama stopped responding when deploying dynamic updates to managed devices.
    PAN-301600
    Fixed an issue on the firewall where, after upgrading Panorama, OSPF adjacencies remained in the exchange start state, which resulted in an incomplete routing table.
    PAN-301456
    Fixed an issue on Panorama where the debug system reset-ztp CLI command was unavailable.
    PAN-301409
    Fixed an issue where Panorama failed to perform a selective push to a managed device when device tags were added or modified on the policy rules. The selective push failed with the error message Failed to generate selective push configuration. Schema validation failed. Please try a full push.
    PAN-300837
    Fixed an issue where firewalls experienced multiple reboots due to the pan_task process restarting with a SIGSEGV signal. This occurred because the client-to-firewall side assumed TLS 1.3 for the firewall-server side.
    PAN-300671
    Fixed an issue where traffic reports that were generated with destination/source and destination/source hostnames were not displayed in IPv4 format.
    PAN-299751
    Fixed an issue where the firewall was unable to connect to the Subscription License Service (SLS) due to a public and private key pair mismatch with the device certificate.
    PAN-299622
    Fixed an issue where the MFA timestamp was not redistributed between standalone firewalls behind an Azure load balancer after upgrading, which resulted in users being prompted to reauthenticate multiple times.
    PAN-297263
    (PA-5220 firewalls only) Fixed an issue where the ikemgr process stopped responding intermittently, which caused IPSec tunnels to go down randomly. With this fix, the IKE Security association data structures are accessed in a thread-safe manner, and the ikemgr process does not reference an invalid memory pointer during teardown operations.
    PAN-299622
    Fixed an issue where the MFA timestamp was not redistributed between standalone firewalls behind an Azure load balancer after upgrading, which resulted in users being prompted to reauthenticate multiple times.
    PAN-295796
    Fixed an issue where the firewall intermittently failed to forward VXLAN GARP packets, which led to connectivity issues for wireless clients in environments that used VXLAN tunnels for wireless access points.
    PAN-292447
    Fixed an issue where Panorama did not display data in the Feature Adoption tab in Strata Cloud Manager due to the system creating and deleting a CLI user for each interval instead of reusing a permanent CLI user for telemetry.
    PAN-291945
    Fixed an issue on PA-5220 firewalls where denied traffic logs incorrectly displayed a byte count of 0. This occurred because the bytes_sent value was stored in the most significant bits of u_bytes_sent, resulting in a zero value when a small value was assigned to u_bytes_sent.
    PAN-285208
    Fixed an issue where the firewall did not automatically recover after a machine check exception (MCE) occurred.
    PAN-283237
    Fixed an issue where traffic logs incorrectly displayed the action as allow for traffic matching a Security policy rule configured with the action set to deny. This issue occurred due to the child session being used for policy rule lookup when a configuration update triggered a rematch if the FTP-data application was not in the rule.
    PAN-281588
    Fixed an issue where packet buffer depletion occurred due to the a high number of tcp_pkt_queued packets when Jumbo was enabled.
    PAN-269535
    Fixed an issue where the mib ID returned an incorrect value via SNMP.
    PAN-263691
    Fixed an issue where the firewall rebooted unexpectedly due to a memory leak in the all_task process.
    PAN-262831
    (PA-5400f Series firewalls only) Fixed an intermittent issue where the all_task process stopped responding, which caused the firewall to restart.
    PAN-241694
    Fixed an issue where memory leaks related to the devsrvr process occurred when downloading and pushing updates from the App-ID Cloud Engine to the dataplane.
    PAN-185731
    Fixed an issue where the firewall was unable to parse the URL path and host when the host header was located in a different packet, which resulted in the firewall not logging the URL path in the first packet. The fix is disabled by default. The following CLI commands can be used to enable/disable the feature:
    • set system setting ctd url-crosspkt-host-path-caching enable
    • set system setting ctd url-crosspkt-host-path-caching disable
    • set system setting ctd url-crosspkt-host-path-caching default

    © 2026 Palo Alto Networks, Inc. All rights reserved.