PAN-OS 11.2.3 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 11.2
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
PAN-OS 11.2.3 Addressed Issues
PAN-OS® 11.2.3 addressed issues.
Issue ID | Description |
---|---|
PAN-263387 | Fixed an issue where the firewall web interface was blank after logging in.
|
PAN-263226 | Fixed an issue where decryption based traffic failed on Explicit Proxy nodes.
|
PAN-262593 | Fixed an issue where traffic to websites failed on the Google Chrome web browser on Secure Web Gateway (SWG) nodes.
|
PAN-262287 | Fixed an issue where dereferencing a NULL pointer that occurred when App-ID stopped responding caused the firewall to restart.
|
PAN-262013 | Fixed an issue where Prisma Access mobile users did not receive no such name DNS responses from the firewall and were timed out.
|
PAN-261991 | Fixed an issue where traffic that did not match a decryption policy rule, or matched a no-decrypt policy rule, failed when accumulation proxy was enabled and a Zone Protection profile was configured with syn-cookies enabled.
|
PAN-261917 | Fixed an issue where websites with a no-decrypt policy rule were decrypted in the traffic log
when using a Google Chrome browser with PQC enabled.
|
PAN-261797 | Fixed an issue where fragmented IP packets were dropped silently.
|
PAN-261270 | Fixed an issue where the firewall decremented the TTL/Hop limit for BGPv6 packets by 1 after IPSec decryption.
|
PAN-260059 | Fixed an issue where Device Telemetry Regions did not show up with the latest content due to content files not being parsed for the region list when Telemetry was turned off.
|
PAN-259964 | Fixed an issue where the firewall was not able to handle a high traffic load, which caused some logs to be lost.
|
PAN-259769 | Fixed an issue where the GlobalProtect portal was not accessible via a web browser and displayed the error ERR_EMPTY_RESPONSE.
|
PAN-259733 | Fixed an issue where a custom report was not deleted on Panorama when expected.
|
PAN-259480 |
Fixed an issue where the varrcvr process stopped responding after running out of memory due to how the process queued and dequeued files for WildFire file forwarding when a WildFire Analysis Security profile was enabled.
|
PAN-259473 | (PA-5450 firewalls only) Fixed an issue where the chassis shut down when FAN1 was removed.
|
PAN-259151 | Fixed an issue where unused objects were pushed to the firewall, which caused configuration pushes to fail with the error Number of address groups exceed platform capacity.
|
PAN-258442 | Fixed an issue where changes made to the split tunnel configuration on the Prisma Access gateway were not reflected on the GlobalProtect client.
|
PAN-257957 | (Firewalls and Panorama appliances in FIPS-CC mode only) Fixed an issue where the authd process restarted if RADIUS PAP/CHAP authentication was used.
|
PAN-257925 | (CN-Series firewalls only) Fixed an issue where the CLI command show system setting ctd state did not work as expected.
|
PAN-257624 | Fixed an issue where the firewall web interface was blank after logging in.
|
PAN-257615 | Fixed an issue on Panorama where logs did not display or displayed intermittently on the web interface.
|
PAN-257563 | Fixed an issue where the logrcvr component for SASE and MCW displayed incorrect zones in the traffic flow.
|
PAN-257515 | Fixed an issue where Possible Domain Fronting Detection for HTTP/2 generated false positives. With this change, domain fronting is limited to HTTP/1.
|
PAN-257462 | Fixed an issue related to the varrcvr process where the management plane CPU was higher than expected.
|
PAN-257432 | Fixed an issue on Panorama where the reportd process stopped responding, which caused a log query issue.
|
PAN-257390 | (PA-5250 firewalls only) Fixed an issue where the logrcvr process stopped responding due to a segmentation fault.
|
PAN-257355 | Fixed an issue where a false positive HTTP/TLS evasion alert was generated when the domain had DNS load balance.
|
PAN-257197 | Fixed an issue where ifType and ifSpeed were not populated in asynchronous mode of SNMP operations.
|
PAN-256939 | Fixed an issue on the firewall where disk space was low in /opt/pancfg/, which caused dynamic content installation to fail.
|
PAN-256765 | Fixed an issue where you were unable to push variables from Panorama in service routes for non-cluster templates.
|
PAN-256738 | (VM-Series firewalls in HA configurations only) Fixed an issue where BGP routes from the active firewall were lost when the passive firewall was rebooted.
|
PAN-256666 | Fixed an issue where the configd process stopped responding when Commit and Push operations were performed on multiple device groups.
|
PAN-256385 | (CN-Series firewalls only) Fixed an issue where communication was broken between the
management plane and the dataplane when Anti-Spyware profiles were
configured in a Security policy rule.
|
PAN-256327 | (Panorama virtual appliances on Microsoft Azure environments only) Fixed an issue where the logd process repeatedly restarted due to a buffer overflow when generating a traffic summary from a traffic log.
|
PAN-256249 | Fixed an issue on the web interface that occurred when changing the pre-shared key to a variable (Network > Network Profiles > IKE Gateways).
|
PAN-256223 | Fixed an issue where device telemetry log collection filled the root partition.
|
PAN-256181 | Fixed an issue where the management interface and front panel port interface statistics were not populated in asynchronous mode of SNMP operations.
|
PAN-255895 | Fixed an issue where Panorama administrators with the Panorama Administrator dynamic administrator type were not able to create or modify BGP timer profiles or BGP dampening profiles.
|
PAN-255820 | Fixed an issue where the WildFire signature generation check box in Panorama did not register a change in the configuration.
|
PAN-255711 | Fixed an issue where the firewall displayed a malformed request error when selecting a custom format and clicking OK on the configuration window due to the log type Correlation incorrectly being displayed (Device > Log Setting - Correlation > Syslog Server Profile > Custom Log Format > Correlation).
|
PAN-255611 | Fixed an issue on the firewall where newly added routes were not automatically sorted based on subnets when added to a redistribution profile.
|
PAN-255441 | Fixed an issue where BGP-ARE routes were not advertised due to a peer route map filter.
|
PAN-255396 | Fixed an issue where, when using serial number and IP address authentication, and multiple gateways were configured, the portal returned the last gateway in the list and disregarded the satellite assignment by serial number.
|
PAN-255391 | Fixed an issue where the firewall was unable to filter logs using the ISO 8601 timestamp format after upgrading to PAN-OS 11.0.4 or a later release.
|
PAN-255266 | Fixed an issue where you were unable to clone a template stack with the Pre-Shared Key variable.
|
PAN-255252 | Fixed an issue where Panorama administrators with the type Dynamic were unable to create, modify, or delete BGP Dampening profiles.
|
PAN-255163 | (CN-Series firewalls only) Fixed an issue where the system database key that stored the configuration status of the dataplane pod was not updated frequently.
|
PAN-254826 | Fixed an issue where the firewall stopped responding when processing traffic.
|
PAN-254629 | Fixed an issue on the Management Processing Card where excessive logs were generated for an error.
|
PAN-254621 | Fixed an issue where the firewall frequently rebooted due to the brdagent process not responding.
|
PAN-254577 | Fixed an issue where a core file was created on the Log Forwarding Card (LFC) due to a
third-party software issue.
|
PAN-254425 | Fixed an issue where the firewall did not restrict port 9905 to localhost.
|
PAN-254423 | Fixed an issue on Panorama where custom role-based admin users with read-only access were able to
make changes to configurations.
|
PAN-254422 | Fixed an issue where the firewall required a restart when an SD-WAN policy rule was pushed from Panorama.
|
PAN-254411 | Fixed an issue where the configd process stopped responding, which caused ERR_CONNECTION_REFUSED error messages to be displayed in admin sessions.
|
PAN-254373 |
Fixed an issue where the firewall did not handle error code 500 responses from the WildFire cloud correctly.
|
PAN-254241 | Fixed an issue where the firewall stopped responding due to a high number of SD-WAN probes being sent.
|
PAN-254181 | (CN-Series firewalls only) Fixed an issue where firewall pods and application pods repeatedly restarted.
|
PAN-253829
|
Fixed an issue where the CLI command show running
security-policy timed out when the Security
policy was large.
|
PAN-253819 | Fixed an issue where a User Activity Report was not generated by
Run Now or not emailed through the
Email Schedule when the locale setting
was not English.
|
PAN-253452 | Fixed an issue where GlobalProtect users were unable to connect to the GlobalProtect gateway and received the error Gateway does not exist.
|
PAN-253317 | (VM-Series firewalls on Microsoft Azure environments only) Fixed an issue where you were unable to log in to the firewall after a private data reset.
|
PAN-252867 | Fixed an issue where an incorrect memory reference in an IoT API caused the wifclient process to stop responding.
|
PAN-252517 | Fixed an issue where SNMP failed to respond to multiple Object Identifier (OID) queries in a single SNMP GET request.
|
PAN-252411 | Fixed an issue where, when log files were purged from the rollup summary logs, the summary report still used the rollup summary data, which resulted in the summary report displaying less data.
|
PAN-251909 | Fixed an issue where a Panorama pushed configuration failed to commit on the firewall due to the address object referenced by the interface not being shared with the firewall.
|
PAN-251732 | Fixed an issue where Oracle traffic over generic routing encapsulation (GRE) was dropped when the
traffic passed through the firewall using ttunnel content inspection
(TCI).
|
PAN-251676 | Fixed an issue on Panorama appliances in large-scale deployments where configd process core files consumed more space in the /opt/panlogs partition than was available.
|
PAN-251661 | Fixed an issue where a memory overwrite occurred during HTTP/2 header inflation.
|
PAN-251656 | Fixed an issue where enabling lockless QoS caused traffic disruptions.
|
PAN-251655 | Fixed an issue where the firewall stopped forwarding files to the WildFire cloud and a restart of the varrcvr process was required.
|
PAN-251446 |
Fixed an issue where a critical system log was generated for a SAML
authenticated user whose username length was greater than 32
characters.
|
PAN-251047 | Fixed an issue where the useridd process logs were flooded with an error message related to service profiles.
|
PAN-250948 | Fixed an issues where GlobalProtect on Microsoft Windows devices did not attempt CNAME resolution for sinkhole.paloaltonetworks.com.
|
PAN-250909 | Fixed an issue where, when creating a Security policy rule via the CLI, validation was not implemented and the same object was able to be referenced in the policy twice.
|
PAN-250787 | Fixed an issue where network issues between the firewall and the log collector caused logrcvr process memory exhaustion.
|
PAN-250597 | Fixed an issue where Global Find for a Panorama pushed shared address object displayed Others in the results.
|
PAN-250462 | Fixed an issue where the session logout time for the firewall was incorrect when viewing via context switch from Panorama.
|
PAN-250419 | Fixed an issue where XML API explorer inserted a plus (+) character in the Xpath when a space was used in the object name.
|
PAN-250405 | (CN-Series firewalls only) Fixed an issue on the firewall where websrvr related messages displayed repeatedly.
|
PAN-250311 | Fixed an issue where the domain was not mapped when using certificate profile authentication on GlobalProtect.
|
PAN-250258 | Fixed an issue on the firewall where the Certificate Name character limit was 31 characters
instead of 63 characters.
|
PAN-250127 | Fixed an issue where commits failed with the error message set is not allowed when default originate was enabled with a route map that included a set action.
|
PAN-250024 | Fixed an issue related to the reportd process where you were unable to log in to Panorama via the web interface and received a 500 error.
|
PAN-250021 | Fixed an issue where Change Summary and Preview Changes displayed inconsistent information when changing an admin user password.
|
PAN-250005 | Fixed an issue where the Advanced Routing migration script did not migrate BGP import policy rules correctly when the policy rule was configured with an exact match condition.
|
PAN-249855 | Fixed an issue where the firewall dropped the active source of the Multicast source via MSDP when they were not received from the MSDP peer firewall.
|
PAN-249404 | Fixed an issue on the Panorama web interface where the commit lock for a device group and template with the same name was not visible.
|
PAN-249266 | Fixed an issue where the config process virtual memory was exceeded due to delays in post-commit processing.
|
PAN-248975 | Fixed an issue on the Panorama web interface where no content was displayed after logging in.
|
PAN-248841
|
Fixed an issue where the SSL response time was not displayed in the
GlobalProtect log.
|
PAN-248542 | Fixed an issue where the NPB policy type was missing from configuration policy updates, which caused error messages to incorrectly display in the system logs.
|
PAN-248211 | Fixed an issue on Panorama where commits failed when Advanced Routing was enabled.
|
PAN-248130 | Fixed an issue where the AND operation under a Dynamic Address Group comparison did not work after upgrading the AWS plugin to 3.0.1.
|
PAN-247857 | (PA-7050 firewalls in HA configurations only) Fixed an issue on the firewall where a dataplane process restarted when updating the routing table.
|
PAN-247754 | Fixed an issue where successful Commit and Push operations performed by SAML authenticated users were not reflected on the firewall.
|
PAN-247575 | Fixed an issue where the error message import of <issuecert> failed. Please
check the validity of the key pair and try again
for unmatched keys for EC certificates.
|
PAN-247426 | Fixed an issue where a proxy server was used for External Dynamic List communication even when the dataplane interface was configured through service routes.
|
PAN-247257 | Fixed an issue where the useridd process stopped responding, which caused the firewall to reboot.
|
PAN-247230 | Fixed an issue where the syslog forwarding configuration did not include the full path for Security policy rules.
|
PAN-246772 | Fixed an issue on the firewall where the dataplane went down due to a path monitor failure caused
by an out-of-memory (OOM) condition related to the
pan_task process.
|
PAN-246769 | Fixed an issue on Panorama where deny logs were not displayed.
|
PAN-246220 | Fixed an issue where a dynamic peer connection was rejected when using an FQDN for the peer address.
|
PAN-246056 |
Fixed an issue where single TLS session packets were sent to multiple firewalls when off-loading was enabled and ECMP was disabled.
|
PAN-245892 | Fixed an issue where Log Filtering (Monitor > Logs) was slower than expected.
|
PAN-245556 | Fixed an issue where the firewall dropped VxLAN packets via v-wire after upgrading to PAN-OS 10.1.10 or a later release, which impacted SMB traffic and resulted in silent packet drops.
|
PAN-244746 | Fixed an issue where changes committed on Panorama were not reflected on the firewall after a successful push.
|
PAN-243957 | Fixed an issue where the firewall TLS/SSL service profile exclusion settings were not correctly applied on the captive portal.
|
PAN-243387
|
Fixed an issue where sessions ended with the message
resources-unavailable when traffic hit a
Security profile.
|
PAN-243240 | Fixed an issue where the using QoS caused packet buffer utilization to increase exponentially and the PKI POOL DFLT pool depleted until a reboot was performed.
|
PAN-243098 | Fixed an issue with corrupted images when SSL decryption and Security profiles were configured.
|
PAN-243081 | Fixed an issue on the firewall where log filtering with special characters in the username incorrectly returned results.
|
PAN-242958 | Fixed an issue where the firewall intermittently logged connect-agent-failure messages for service connection instances due to bi-directional host ID redistribution.
|
PAN-242331 | Fixed an issue where Prisma Access remote network firewalls intermittently created incorrect user-to-IP-address mappings.
|
PAN-242147 | (PA-1410 firewalls only) Fixed an issue where the firewall did not block STP packets when the ports on the connected routers were in access mode.
|
PAN-241781 | Fixed an issue where partial commit and commit-all operations took more time than expected to create the job ID.
|
PAN-241044 | Fixed an issue where traffic was denied by the interzone-default policy rule when a Security policy rule with an FQDN destination was configured.
|
PAN-239246 | Fixed an issue where the CLI command debug user-id dump hip-based-profile-database-entry returned an incorrect value in the output for the total size of hip reports.
|
PAN-237582 | Fixed an issue where logs were intermittently missing on the log collector due to missing aliases for some indices.
|
PAN-236497 | Fixed an issue where the firewall was unable to purge expired GTP-U sessions that remained as allocated sessions even after the TTL was expired.
|
PAN-235110 | (PA-220 firewalls only) Fixed an issue where the web interface did not load after an upgrade.
|
PAN-234560 | Fixed an issue where the daily summary report displayed IPv6 addresses instead of IPv4 addresses.
|
PAN-232550 | Fixed an issue where SNMPv3 authentication failed when using SHA-512 Auth protocol.
|
PAN-231642 | Fixed an issue on the Panorama web interface where users that were logged in through multiple sessions were able to see an active lock on only one session.
|
PAN-230326 | Fixed an issue where the Network Packet Broker (NPB) user interface was incorrectly displayed on unsupported platforms.
|
PAN-226785 | Fixed an issue where accessing websites with HTTP to HTTPS redirect failed via explicit proxy.
|