PAN-OS 11.1.13-h1 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
PAN-OS 11.1.13-h1 Addressed Issues
PAN-OSĀ® 11.1.13-h1 addressed issues.
Issue ID | Description |
|---|---|
PAN-309392 | Fixed an issue where the scroll bar did not appear when editing Destination Addresses for Policy Based forwarding policy rules.
|
|
PAN-309379
|
Fixed an issue where the logrcvr process stopped
responding on DPCs, which prevented logs from being forwarded.
|
PAN-308085 | (VM-Series firewalls in Microsoft Azure environments only) Fixed an issue where, after resizing the VM, the HA2 link became unstable. Frequent keep-alive failures occurred, and HA2 keep-alive packets were simultaneously transmitted to multiple destination MAC addresses and the peer firewall's interface MAC). This issue occurred on firewalls with Accelerated Networking enabled.
|
PAN-308060 | (Firewalls in active/active HA configurations only) Fixed an issue where the BFD session went down and did not recover even though the BGP remained in an established state, which caused the firewall to cease route learning and advertisement with the peer, even though BGP keep-alives were exchanged correctly.
|
PAN-307901 | Fixed an issue where a leak in decryption counters caused resource exhaustion, which led to a GlobalProtect service outage.
|
|
PAN-307795
|
Fixed an issue where Panorama incorrectly generated system logs
indicating a lost connection to its peer after an upgrade even when
High Availability was not configured.
|
PAN-305835 | Fixed an issue where firewalls with Memory Integrity Checking Architecture enabled rebooted unexpectedly due to accessing an invalid memory address. This occurred because the forwarding data structure index exceeded its designed limit.
|
|
PAN-305412
|
Fixed an issue where the Logging Service License Status displays a
license failure when the license status transitions from valid to
expired and then back to valid even when the connection to the
Security Logging Service (SLS) was working.
|
PAN-305411 | Fixed an issue where, after creating a logical interface with an assigned IP address and adding it to a virtual router, the connected route for the interface did not appear in the show routing route CLI command output. This occurred even when the interface was up and learning ARP entries.
|
|
PAN-305301
|
Fixed an issue where the timing of GlobalProtect lifetime expiry or
inactivity logout notifications used for GlobalProtect SSL tunnels
could cause the pan_task process to stop responding and
the dataplane to restart.
|
PAN-304756 | Fixed an issue on Panorama where, after you disabled the shared optimization feature, a full configuration push to multi-vsys devices caused a validation error.
|
PAN-304636 | Fixed an issue where BGP aggregate routes were not created and discard routes were not installed in the routing table.
|
|
PAN-304075
|
Fixed an issue where the firewall did not detect evasions due to TCP
checksum offloading not being enabled.
|
|
PAN-303959
|
Fixed an issue where traffic was incorrectly identified as
unknown-tcp/unknown-udp due to App-ID resource leak and eventually
dropped.
|
|
PAN-303954
|
Fixed an issue where, when configuring Safenet HSMs in HA and
authentication HSM manually, the second HSM server failed to
authenticate due to the firewall overwriting the first HSM server's
certificate with the second HSM server's certificate.
|
PAN-303627 | Fixed an issue where, after committing a configuration change, the firewall experienced traffic issues, pan_task crashes, and LACP interface failures.
|
|
PAN-303559
|
Fixed an issue where, after manually creating a device telemetry
bundle, the hour_cli_output.txt file within the bundle
had a file size of 0 bytes. This occurred when checking the bundle
content after enabling device telemetry and setting the device
telemetry upload endpoint.
|
|
PAN-302983
|
Fixed an issue where, after committing changes on Panorama, a shared
post-rule moved to the end of the post shared
rulebase on the managed device instead of
remaining at the top.
|
|
PAN-302551
|
Fixed an issue where the firewall displayed as disconnected in the
SLS due to the serial number not being retrieved
|
|
PAN-302428
|
Fixed an issue on Panorama where daily scheduled report emails for
custom reports were delivered with no content and instead
incorrectly displayed the message No matching data
found. With this fix, the content is displayed
correctly.
|
PAN-302085 | Fixed an issue where network values were not displayed in Panorama with the error message There is no value for the selected item. This was due to the device group passing vsysName in Panorama.
|
|
PAN-301975
|
(Firewalls in HA configurations only) Fixed an issue where
the passive firewall incorrectly triggered PBP alerts even with low
packet rates.
|
|
PAN-301937
|
Fixed an issue where Microsoft Defender for Cloud detected cleartext
SSH private keys in the /var/appweb and /etc/appweb directories on
PA-VM firewalls deployed in Azure.
|
PAN-301912 | Fixed an issue where Panorama stopped responding when deploying dynamic updates to managed devices.
|
PAN-301600 | Fixed an issue on the firewall where, after upgrading Panorama, OSPF adjacencies remained in the exchange start state, which resulted in an incomplete routing table.
|
PAN-301456 | Fixed an issue on Panorama where the debug system reset-ztp CLI command was unavailable.
|
PAN-301409 |
Fixed an issue where Panorama failed to perform a selective push to a
managed device when device tags were added or modified on the policy
rules. The selective push failed with the error message
Failed to generate selective push configuration.
Schema validation failed. Please try a full
push.
|
|
PAN-300837
|
Fixed an issue where firewalls experienced multiple reboots due to
the pan_task process restarting with a SIGSEGV signal.
This occurred because the client-to-firewall side assumed TLS 1.3
for the firewall-server side.
|
|
PAN-300671
|
Fixed an issue where traffic reports that were generated with
destination/source and destination/source hostnames were not
displayed in IPv4 format.
|
|
PAN-299751
|
Fixed an issue where the firewall was unable to connect to the
Subscription License Service (SLS) due to a public and private key
pair mismatch with the device certificate.
|
|
PAN-299622
|
Fixed an issue where the MFA timestamp was not redistributed between
standalone firewalls behind an Azure load balancer after upgrading,
which resulted in users being prompted to reauthenticate multiple
times.
|
|
PAN-297263
|
(PA-5220 firewalls only) Fixed an issue where the
ikemgr process stopped responding intermittently,
which caused IPSec tunnels to go down randomly. With this fix, the
IKE Security association data structures are accessed in a
thread-safe manner, and the ikemgr process does not
reference an invalid memory pointer during teardown operations.
|
|
PAN-299622
|
Fixed an issue where the MFA timestamp was not redistributed between
standalone firewalls behind an Azure load balancer after upgrading,
which resulted in users being prompted to reauthenticate multiple
times.
|
PAN-295796 | Fixed an issue where the firewall intermittently failed to forward VXLAN GARP packets, which led to connectivity issues for wireless clients in environments that used VXLAN tunnels for wireless access points.
|
|
PAN-292447
|
Fixed an issue where Panorama did not display data in the
Feature Adoption tab in Strata Cloud
Manager due to the system creating and deleting a CLI user for each
interval instead of reusing a permanent CLI user for telemetry.
|
PAN-291945 | Fixed an issue on PA-5220 firewalls where denied traffic logs incorrectly displayed a byte count of 0. This occurred because the bytes_sent value was stored in the most significant bits of u_bytes_sent, resulting in a zero value when a small value was assigned to u_bytes_sent.
|
PAN-285208 | Fixed an issue where the firewall did not automatically recover after a machine check exception (MCE) occurred.
|
PAN-283237 | Fixed an issue where traffic logs incorrectly displayed the action as allow for traffic matching a Security policy rule configured with the action set to deny. This issue occurred due to the child session being used for policy rule lookup when a configuration update triggered a rematch if the FTP-data application was not in the rule.
|
PAN-281588 | Fixed an issue where packet buffer depletion occurred due to the a high number of tcp_pkt_queued packets when Jumbo was enabled.
|
|
PAN-269535
|
Fixed an issue where the mib ID returned an incorrect value via
SNMP.
|
PAN-263691 | Fixed an issue where the firewall rebooted unexpectedly due to a memory leak in the all_task process.
|
PAN-262831 | (PA-5400f Series firewalls only) Fixed an intermittent issue where the all_task process stopped responding, which caused the firewall to restart.
|
PAN-241694 | Fixed an issue where memory leaks related to the devsrvr process occurred when downloading and pushing updates from the App-ID Cloud Engine to the dataplane.
|
|
PAN-185731
|
Fixed an issue where the firewall was unable to parse the URL path
and host when the host header was located in a different packet,
which resulted in the firewall not logging the URL path in the first
packet. The fix is disabled by default. The following CLI commands
can be used to enable/disable the feature:
|