>
    PAN-OS 11.2.3 Addressed Issues
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. PAN-OS 11.2.3 Known and Addressed Issues
    4. PAN-OS 11.2.3 Addressed Issues
    Download PDF

    PAN-OS 11.2.3 Addressed Issues

    Table of Contents

    PAN-OS 11.2.3 Addressed Issues

    PAN-OSĀ® 11.2.3 addressed issues.
    Issue ID
    Description
    PAN-263387
    Fixed an issue where the firewall web interface was blank after logging in.
    PAN-263226
    Fixed an issue where decryption based traffic failed on Explicit Proxy nodes.
    PAN-262593
    Fixed an issue where traffic to websites failed on the Google Chrome web browser on Secure Web Gateway (SWG) nodes.
    PAN-262287
    Fixed an issue where dereferencing a NULL pointer that occurred when App-ID stopped responding caused the firewall to restart.
    PAN-262013
    Fixed an issue where Prisma Access mobile users did not receive
    no such name
     DNS responses from the firewall and were timed out.
    PAN-261991
    Fixed an issue where traffic that did not match a decryption policy rule, or matched a no-decrypt policy rule, failed when accumulation proxy was enabled and a Zone Protection profile was configured with syn-cookies enabled.
    PAN-261917
    Fixed an issue where websites with a no-decrypt policy rule were decrypted in the traffic log when using a Google Chrome browser with PQC enabled.
    PAN-261797
    Fixed an issue where fragmented IP packets were dropped silently.
    PAN-261270
    Fixed an issue where the firewall decremented the TTL/Hop limit for BGPv6 packets by 1 after IPSec decryption.
    PAN-260059
    Fixed an issue where
    Device Telemetry Regions
     did not show up with the latest content due to content files not being parsed for the region list when Telemetry was turned off.
    PAN-259964
    Fixed an issue where the firewall was not able to handle a high traffic load, which caused some logs to be lost.
    PAN-259769
    Fixed an issue where the GlobalProtect portal was not accessible via a web browser and displayed the error
    ERR_EMPTY_RESPONSE
    .
    PAN-259733
    Fixed an issue where a custom report was not deleted on Panorama when expected.
    PAN-259480
    Fixed an issue where the varrcvr process stopped responding after running out of memory due to how the process queued and dequeued files for WildFire file forwarding when a WildFire Analysis Security profile was enabled.
    PAN-259473
    (
    PA-5450 firewalls only
    ) Fixed an issue where the chassis shut down when FAN1 was removed.
    PAN-259151
    Fixed an issue where unused objects were pushed to the firewall, which caused configuration pushes to fail with the error
    Number of address groups exceed platform capacity
    .
    PAN-258442
    Fixed an issue where changes made to the split tunnel configuration on the Prisma Access gateway were not reflected on the GlobalProtect client.
    PAN-257957
    (
    Firewalls and Panorama appliances in FIPS-CC mode only
    ) Fixed an issue where the authd process restarted if RADIUS PAP/CHAP authentication was used.
    PAN-257925
    (
    CN-Series firewalls only
    ) Fixed an issue where the CLI command
    show system setting ctd state
     did not work as expected.
    PAN-257624
    Fixed an issue where the firewall web interface was blank after logging in.
    PAN-257615
    Fixed an issue on Panorama where logs did not display or displayed intermittently on the web interface.
    PAN-257563
    Fixed an issue where the logrcvr component for SASE and MCW displayed incorrect zones in the traffic flow.
    PAN-257515
    Fixed an issue where Possible Domain Fronting Detection for HTTP/2 generated false positives. With this change, domain fronting is limited to HTTP/1.
    PAN-257462
    Fixed an issue related to the varrcvr process where the management plane CPU was higher than expected.
    PAN-257432
    Fixed an issue on Panorama where the reportd process stopped responding, which caused a log query issue.
    PAN-257390
    (
    PA-5250 firewalls only
    ) Fixed an issue where the logrcvr process stopped responding due to a segmentation fault.
    PAN-257355
    Fixed an issue where a false positive HTTP/TLS evasion alert was generated when the domain had DNS load balance.
    PAN-257197
    Fixed an issue where
    ifType
     and
    ifSpeed
     were not populated in asynchronous mode of SNMP operations.
    PAN-256939
    Fixed an issue on the firewall where disk space was low in
    /opt/pancfg/
    , which caused dynamic content installation to fail.
    PAN-256765
    Fixed an issue where you were unable to push variables from Panorama in service routes for non-cluster templates.
    PAN-256738
    (
    VM-Series firewalls in HA configurations only
    ) Fixed an issue where BGP routes from the active firewall were lost when the passive firewall was rebooted.
    PAN-256666
    Fixed an issue where the configd process stopped responding when
    Commit and Push
     operations were performed on multiple device groups.
    PAN-256385
    (
    CN-Series firewalls only
    ) Fixed an issue where communication was broken between the management plane and the dataplane when Anti-Spyware profiles were configured in a Security policy rule.
    PAN-256327
    (
    Panorama virtual appliances on Microsoft Azure environments only
    ) Fixed an issue where the logd process repeatedly restarted due to a buffer overflow when generating a traffic summary from a traffic log.
    PAN-256249
    Fixed an issue on the web interface that occurred when changing the pre-shared key to a variable (
    Network > Network Profiles > IKE Gateways
    ).
    PAN-256223
    Fixed an issue where device telemetry log collection filled the root partition.
    PAN-256181
    Fixed an issue where the management interface and front panel port interface statistics were not populated in asynchronous mode of SNMP operations.
    PAN-255895
    Fixed an issue where Panorama administrators with the
    Panorama Administrator
     dynamic administrator type were not able to create or modify BGP timer profiles or BGP dampening profiles.
    PAN-255820
    Fixed an issue where the WildFire signature generation check box in Panorama did not register a change in the configuration.
    PAN-255711
    Fixed an issue where the firewall displayed a malformed request error when selecting a custom format and clicking
    OK
     on the configuration window due to the log type
    Correlation
     incorrectly being displayed (
    Device > Log Setting - Correlation > Syslog Server Profile > Custom Log Format > Correlation
    ).
    PAN-255611
    Fixed an issue on the firewall where newly added routes were not automatically sorted based on subnets when added to a redistribution profile.
    PAN-255441
    Fixed an issue where BGP-ARE routes were not advertised due to a peer route map filter.
    PAN-255396
    Fixed an issue where, when using serial number and IP address authentication, and multiple gateways were configured, the portal returned the last gateway in the list and disregarded the satellite assignment by serial number.
    PAN-255391
    Fixed an issue where the firewall was unable to filter logs using the ISO 8601 timestamp format after upgrading to PAN-OS 11.0.4 or a later release.
    PAN-255266
    Fixed an issue where you were unable to clone a template stack with the Pre-Shared Key variable.
    PAN-255252
    Fixed an issue where Panorama administrators with the type Dynamic were unable to create, modify, or delete BGP Dampening profiles.
    PAN-255163
    (
    CN-Series firewalls only
    ) Fixed an issue where the system database key that stored the configuration status of the dataplane pod was not updated frequently.
    PAN-254826
    Fixed an issue where the firewall stopped responding when processing traffic.
    PAN-254629
    Fixed an issue on the Management Processing Card where excessive logs were generated for an error.
    PAN-254621
    Fixed an issue where the firewall frequently rebooted due to the brdagent process not responding.
    PAN-254577
    Fixed an issue where a core file was created on the Log Forwarding Card (LFC) due to a third-party software issue.
    PAN-254425
    Fixed an issue where the firewall did not restrict port 9905 to
    localhost
    .
    PAN-254423
    Fixed an issue on Panorama where custom role-based admin users with read-only access were able to make changes to configurations.
    PAN-254422
    Fixed an issue where the firewall required a restart when an SD-WAN policy rule was pushed from Panorama.
    PAN-254411
    Fixed an issue where the configd process stopped responding, which caused
    ERR_CONNECTION_REFUSED
     error messages to be displayed in admin sessions.
    PAN-254373
    Fixed an issue where the firewall did not handle error code 500 responses from the WildFire cloud correctly.
    PAN-254241
    Fixed an issue where the firewall stopped responding due to a high number of SD-WAN probes being sent.
    PAN-254181
    (
    CN-Series firewalls only
    ) Fixed an issue where firewall pods and application pods repeatedly restarted.
    PAN-253829
    Fixed an issue where the CLI command
    show running security-policy
     timed out when the Security policy was large.
    PAN-253819
    Fixed an issue where a
    User Activity Report
     was not generated by
    Run Now
     or not emailed through the
    Email Schedule
     when the locale setting was not English.
    PAN-253452
    Fixed an issue where GlobalProtect users were unable to connect to the GlobalProtect gateway and received the error
    Gateway does not exist
    .
    PAN-253317
    (
    VM-Series firewalls on Microsoft Azure environments only
    ) Fixed an issue where you were unable to log in to the firewall after a private data reset.
    PAN-252867
    Fixed an issue where an incorrect memory reference in an IoT API caused the
    wifclient
     process to stop responding.
    PAN-252517
    Fixed an issue where SNMP failed to respond to multiple Object Identifier (OID) queries in a single SNMP GET request.
    PAN-252411
    Fixed an issue where, when log files were purged from the rollup summary logs, the summary report still used the rollup summary data, which resulted in the summary report displaying less data.
    PAN-251909
    Fixed an issue where a Panorama pushed configuration failed to commit on the firewall due to the address object referenced by the interface not being shared with the firewall.
    PAN-251732
    Fixed an issue where Oracle traffic over generic routing encapsulation (GRE) was dropped when the traffic passed through the firewall using ttunnel content inspection (TCI).
    PAN-251676
    Fixed an issue on Panorama appliances in large-scale deployments where configd process core files consumed more space in the /opt/panlogs partition than was available.
    PAN-251661
    Fixed an issue where a memory overwrite occurred during HTTP/2 header inflation.
    PAN-251656
    Fixed an issue where enabling lockless QoS caused traffic disruptions.
    PAN-251655
    Fixed an issue where the firewall stopped forwarding files to the WildFire cloud and a restart of the varrcvr process was required.
    PAN-251446
    Fixed an issue where a critical system log was generated for a SAML authenticated user whose username length was greater than 32 characters.
    PAN-251047
    Fixed an issue where the useridd process logs were flooded with an error message related to service profiles.
    PAN-250948
    Fixed an issues where GlobalProtect on Microsoft Windows devices did not attempt CNAME resolution for sinkhole.paloaltonetworks.com.
    PAN-250909
    Fixed an issue where, when creating a Security policy rule via the CLI, validation was not implemented and the same object was able to be referenced in the policy twice.
    PAN-250787
    Fixed an issue where network issues between the firewall and the log collector caused logrcvr process memory exhaustion.
    PAN-250597
    Fixed an issue where Global Find for a Panorama pushed shared address object displayed
    Others
     in the results.
    PAN-250462
    Fixed an issue where the session logout time for the firewall was incorrect when viewing via context switch from Panorama.
    PAN-250419
    Fixed an issue where XML API explorer inserted a plus (+) character in the Xpath when a space was used in the object name.
    PAN-250405
    (
    CN-Series firewalls only
    ) Fixed an issue on the firewall where
    websrvr
     related messages displayed repeatedly.
    PAN-250311
    Fixed an issue where the domain was not mapped when using certificate profile authentication on GlobalProtect.
    PAN-250258
    Fixed an issue on the firewall where the Certificate Name character limit was 31 characters instead of 63 characters.
    PAN-250127
    Fixed an issue where commits failed with the error message
    set is not allowed
     when
    default originate
     was enabled with a route map that included a set action.
    PAN-250024
    Fixed an issue related to the reportd process where you were unable to log in to Panorama via the web interface and received a 500 error.
    PAN-250021
    Fixed an issue where
    Change Summary
     and
    Preview Changes
     displayed inconsistent information when changing an admin user password.
    PAN-250005
    Fixed an issue where the Advanced Routing migration script did not migrate BGP import policy rules correctly when the policy rule was configured with an exact match condition.
    PAN-249855
    Fixed an issue where the firewall dropped the active source of the Multicast source via MSDP when they were not received from the MSDP peer firewall.
    PAN-249404
    Fixed an issue on the Panorama web interface where the commit lock for a device group and template with the same name was not visible.
    PAN-249266
    Fixed an issue where the config process virtual memory was exceeded due to delays in post-commit processing.
    PAN-248975
    Fixed an issue on the Panorama web interface where no content was displayed after logging in.
    PAN-248841
    Fixed an issue where the SSL response time was not displayed in the GlobalProtect log.
    PAN-248542
    Fixed an issue where the NPB policy type was missing from configuration policy updates, which caused error messages to incorrectly display in the system logs.
    PAN-248211
    Fixed an issue on Panorama where commits failed when Advanced Routing was enabled.
    PAN-248130
    Fixed an issue where the
    AND
     operation under a Dynamic Address Group comparison did not work after upgrading the AWS plugin to 3.0.1.
    PAN-247857
    (
    PA-7050 firewalls in HA configurations only
    ) Fixed an issue on the firewall where a dataplane process restarted when updating the routing table.
    PAN-247754
    Fixed an issue where successful
    Commit and Push
     operations performed by SAML authenticated users were not reflected on the firewall.
    PAN-247575
    Fixed an issue where the error message
    import of <issuecert> failed. Please check the validity of the key pair and try again
     for unmatched keys for EC certificates.
    PAN-247426
    Fixed an issue where a proxy server was used for External Dynamic List communication even when the dataplane interface was configured through service routes.
    PAN-247257
    Fixed an issue where the useridd process stopped responding, which caused the firewall to reboot.
    PAN-247230
    Fixed an issue where the syslog forwarding configuration did not include the full path for Security policy rules.
    PAN-246772
    Fixed an issue on the firewall where the dataplane went down due to a path monitor failure caused by an out-of-memory (OOM) condition related to the pan_task process.
    PAN-246769
    Fixed an issue on Panorama where deny logs were not displayed.
    PAN-246220
    Fixed an issue where a dynamic peer connection was rejected when using an FQDN for the peer address.
    PAN-246056
    Fixed an issue where single TLS session packets were sent to multiple firewalls when off-loading was enabled and ECMP was disabled.
    PAN-245892
    Fixed an issue where Log Filtering (
    Monitor > Logs
    ) was slower than expected.
    PAN-245556
    Fixed an issue where the firewall dropped VxLAN packets via v-wire after upgrading to PAN-OS 10.1.10 or a later release, which impacted SMB traffic and resulted in silent packet drops.
    PAN-244746
    Fixed an issue where changes committed on Panorama were not reflected on the firewall after a successful push.
    PAN-243957
    Fixed an issue where the firewall TLS/SSL service profile exclusion settings were not correctly applied on the captive portal.
    PAN-243387
    Fixed an issue where sessions ended with the message
    resources-unavailable
     when traffic hit a Security profile.
    PAN-243240
    Fixed an issue where the using QoS caused packet buffer utilization to increase exponentially and the
    PKI POOL DFLT
     pool depleted until a reboot was performed.
    PAN-243098
    Fixed an issue with corrupted images when SSL decryption and Security profiles were configured.
    PAN-243081
    Fixed an issue on the firewall where log filtering with special characters in the username incorrectly returned results.
    PAN-242958
    Fixed an issue where the firewall intermittently logged
    connect-agent-failure
     messages for service connection instances due to bi-directional host ID redistribution.
    PAN-242331
    Fixed an issue where Prisma Access remote network firewalls intermittently created incorrect user-to-IP-address mappings.
    PAN-242147
    (
    PA-1410 firewalls only
    ) Fixed an issue where the firewall did not block STP packets when the ports on the connected routers were in access mode.
    PAN-241781
    Fixed an issue where partial
    commit
     and
    commit-all
     operations took more time than expected to create the job ID.
    PAN-241044
    Fixed an issue where traffic was denied by the interzone-default policy rule when a Security policy rule with an FQDN destination was configured.
    PAN-239246
    Fixed an issue where the CLI command
    debug user-id dump hip-based-profile-database-entry
     returned an incorrect value in the output for the
    total size of hip reports
    .
    PAN-237582
    Fixed an issue where logs were intermittently missing on the log collector due to missing aliases for some indices.
    PAN-236497
    Fixed an issue where the firewall was unable to purge expired GTP-U sessions that remained as allocated sessions even after the TTL was expired.
    PAN-235110
    (
    PA-220 firewalls only
    ) Fixed an issue where the web interface did not load after an upgrade.
    PAN-234560
    Fixed an issue where the daily summary report displayed IPv6 addresses instead of IPv4 addresses.
    PAN-232550
    Fixed an issue where SNMPv3 authentication failed when using SHA-512 Auth protocol.
    PAN-231642
    Fixed an issue on the Panorama web interface where users that were logged in through multiple sessions were able to see an active lock on only one session.
    PAN-230326
    Fixed an issue where the Network Packet Broker (NPB) user interface was incorrectly displayed on unsupported platforms.
    PAN-226785
    Fixed an issue where accessing websites with HTTP to HTTPS redirect failed via explicit proxy.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.