PAN-OS 11.2.13 Addressed Issues
Focus
Focus

PAN-OS 11.2.13 Addressed Issues

Table of Contents

PAN-OS 11.2.13 Addressed Issues

Lists the addressed issues in PAN-OS 11.2.13.
The following table lists the addressed issues in PAN-OS 11.2.13.
Issue ID
Description
PAN-328145
Fixed an issue where a firewall functioning as an Area Border Router did not correctly translate NSSA Type-7 LSAs to Type-5 LSAs when OSPF neighbors set the Nt bit in the NSSA Area, and routes were not advertised to upstream OSPF neighbors in the backbone area, which resulted in traffic being silently discarded.
PAN-321699
Fixed an issue where device telemetry intermittently failed to send files, which resulted in critical alerts in system files.
PAN-321150
Fixed an issue where the interface remained down after an upgrade.
PAN-320598
Fixed an issue where internal and external DNS names did not resolve when connected to a GlobalProtect gateway.
PAN-319798
(Panorama virtual appliances in AWS environments only) Fixed an issue where logging disks failed to mount or reported an unknown file system type.
PAN-319793
Fixed an issue where, after upgrading to PAN-OS 12.1.5, GlobalProtect Clientless VPN failed to access JavaScripts.
PAN-319266
(Cloud IPS only) Increased scale limit for zone mappings.
PAN-319228
Fixed an issue where External Dynamic List (EDL) refresh and commit operations remained in a pending state, which prevented any subsequent operations from completing.
PAN-318120
Fixed an issue where SSL traffic was silently dropped when traffic was processed by a Security policy with an Anti-Spyware profile that had Inline cloud Analysis enabled for SSL C2 Detector with an action other than allow or alert.
PAN-318106
Fixed an issue where SCM did not update device telemetry for the firewall after upgrading to an affected release.
PAN-318030
VM-Series firewalls in Hyper-V only) Fixed an issue where the throughput was reported to be twice as high as the actual traffic rate.
PAN-317755
Fixed an issue on Panorama where selective push operations failed when plugin configurations included access-domain or log-collector references.
PAN-317614
Fixed an issue where high throughput and increased packet rates caused high dataplane CPU usage.
PAN-317466
Fixed an issue where SIP sessions stopped progressing after the firewall received fragmented packets, fragmented at header field.
PAN-317215
(VM-Series firewalls on ESXi with Intel E810 NICs using PCI passthrough) Fixed an issue where the brdagent process became unresponsive during data port initialization, which resulted in system instability, interface outages, HA split-brain conditions, and unexpected reboots during failover.
PAN-315919
Fixed an issue where GlobalProtect pre-logon tunnel session was not cleared even after the user was logged in. With this fix, the session is cleared after the session timeout expires.
PAN-315337
Fixed an issue where GlobalProtect throughput was reduced after an upgrade.
PAN-315314
Fixed an issue where, when a push operation from Panorama to the firewall failed, accounting logs stopped forwarding.
PAN-314512
Fixed an issue where the GlobalProtect portal became inaccessible when the dataplane was configured with a DHCP assigned IP address.
PAN-314061
Fixed an issue where traffic was disrupted during IPSec rekey operations due to a 2 second delay in sending the DELETE message for the previous Security Association (SA) to the peer gateway after a new SA was negotiated.
PAN-314020
Fixed an issue where the firewall did not decapsulate GENEVE packets when DNS Security retransmitted a DNS query after receiving a verdict from the cloud.
PAN-313850
(PA-1400 Series firewalls in HA configurations only) Fixed an issue where a split-brain condition occurred and HA1/HA2 links went down while upgrading when the HA configuration used dataplane interfaces for HA1 and a combination of HSCI and Ethernet interfaces for HA2.
PAN-313828
Fixed an issue where the firewall did not forward traffic due to memory issues on a forwarding component.
PAN-312330
(Firewalls in active/passive HA configurations only) Fixed an issue where the Clientless VPN applications failed to load due to the firewall dataplane incorrectly processing session information.
PAN-311658
Fixed an issue where the reportd process stopped responding, which caused the firewall to reboot.
PAN-311285
Fixed an issue where a memory leak occurred related to the ospfd process, which caused RAM usage to continuously increase until the device stopped responding.
PAN-311192
Fixed an issue where the device-telemetry collect-now process became unresponsive when the process was initiated multiple times with other processes running concurrently, which prevented subsequent telemetry collection.
PAN-311040
Fixed an issue where the all_task process stopped responding and caused the firewall to reboot unexpectedly.
PAN-310240
Fixed an issue where software packet buffers were completely utilized when performing a Data Loss Prevention longevity test.
PAN-308775
(Firewalls in active/passive configurations only) Fixed an issue where NTP status intermittently showed as rejected on the active firewall, which prevented the firewalls from synchronizing time.
PAN-307976
(Firewalls in active/active HA configurations only) Fixed an issue where tunnels failed to come up with the error message failed to find a socket for transmission.
PAN-307618
Added a debug CLI command to address where remote networks for Prisma Access tenants randomly dropped monitoring packets from peer devices, which caused tunnels to be marked as down. This occurred when a CPU core suddenly experienced high utilization.
To utilize this fix, run debug dataplane set ssl-decrypt use-new-peek-window yes.
PAN-307470
Fixed an issue where an External Dynamic List (EDL) fetch with an invalid certificate was skipped on newly provisioned GlobalProtect gateway instances.
PAN-306356
Fixed an issue where the logrcvr process on a firewall stopped responding due to a document node being unexpectedly freed.
PAN-300615
Fixed an issue where the pan_comm process stopped after multiple content versions were installed and the memory limits were reached.
PAN-298960
Fixed an issue where the firewall continuously rebooted when the useridd process repeatedly restarted.
PAN-296246
Fixed an issue where policy cache corruption led to unexpected policy rule behavior or operational instability. This occurred when an internal system process restarted while a commit was in progress or when a commit operation failed.
PAN-295806
Fixed an issue where memory leaks on the configd process occurred due to a hash insert operation failing during connection management and SSL connections.
PAN-294434
Fixed an issue where memory leaks occurred. These leaks were caused by two distinct scenarios: the failure to deallocate memory for a nodeset when a new nodeset was assigned to the same variable, and the failure to free a UUID hash table during error conditions.
PAN-250445
Fixed an issue where DLP logs accumulated in the logrcvr cache when using DLP in mirror mode.
PAN-246699
Fixed an issue on Panorama where Rule Usage and Apps Seen under Security policy rules stopped incrementing.
PAN-234302
Fixed an issue where commit operations took longer than expected to complete due to EDL timeouts occurring on passive nodes when a service route was enabled.