PAN-OS 11.2.4-h10 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
PAN-OS 11.2.4-h10 Addressed Issues
PAN-OSĀ® 11.2.4-h10 addressed issues.
Issue ID
|
Description
|
---|---|
PAN-292503
|
Fixed an issue on the firewall where the source and destination NAT
IP addresses did not display in traffic & threat logs.
|
PAN-290996
|
Fixed an issue where SNMP walks returned a value of 0 for the CPS
(Connections Per Second) per vsys on firewalls after upgrading to
PAN-OS 11.1.6-h3, even when active connections were present.
|
PAN-290088
|
Fixed an issue where a memory leak occurred related to the
configd process when pushing configurations from
Panorama to a firewall. This occurred when the configurations
contained shared policy rules.
|
PAN-287838
|
(Panorama appliances only) Fixed an issue on the web
interface where resetting the rule hit counter for multiple policy
rules failed with the error message Failed to reset
rule-hit job.
|
PAN-287056
|
Fixed an issue where BGP export policy rules with next-hop matching
failed to block the advertisement of static routes, and the firewall
incorrectly matched the egress interface IP address instead of the
original next-hop IP address of the static route, which caused the
deny rule to fail.
|
PAN-287023
|
Fixed an issue where a large number of logs caused the
logrcvr process to stop responding.
|
PAN-286848
|
Fixed an issue where ECMP incorrectly balanced sessions across links
based on the configured metric, which led to an imbalance in traffic
distribution and resulted in traffic assignment shifting
disproportionately to routes with lower metrics.
|
PAN-286306
|
Fixed an issue where, when getting transceiver information from ESCC
for SFP 25G modules, the transceiver code was incorrectly updated
with Unknown instead of
25GBase-SR.
|
PAN-284117
|
(Panorama appliances in Log Collector mode only) Fixed an
issue where the vm_agent process restarted after an
upgrade.
|
PAN-284073
|
Fixed an issue on the firewall that caused commits to fail and the
web interface to become inaccessible.
|
PAN-284003
|
Fixed an issue where clients did not receive a valid response when
searching a website due to a compression error.
|
PAN-282391
|
(Panorama appliances and Log Collectors only) Fixed an issue
where a VLD memory leak caused increased memory use, which resulted
in OOM errors.
|
PAN-282359
|
Fixed an issue where the Panorama web interface was slower than
expected.
|
PAN-281649
|
Fixed an issue where the index size limit was incorrectly calculated
and indices rolled over earlier than expected, which resulted in
high memory and OOM errors.
|
PAN-281509
|
(Panorama appliances only) Fixed an issue where log exports
were slower than expected or failed when filtering logs after an
upgrade, which resulted in timeouts or delays in displaying logs on
the web interface.
|
PAN-279500
|
Fixed an issue where TLS connections failed to establish in
asymmetric routing environments if the firewall did not see
server-to-client (s2c) packets of the TLS handshake.
To use this fix, run the following CLI command: debug
dataplane set ssl-decrypt accumulate-client-hello asym-disable
yes.
|
PAN-279415
|
Fixed an issue where service routes configured to use a data plane
interface incorrectly used the management plane interface for
traffic transmission. This issue affected syslog and CRL status
traffic when a custom service route was not configured.
|
PAN-278812
|
Fixed an issue where authentication to GlobalProtect failed with the
error message User not in allowed
list.
|
PAN-278150
|
Fixed an issue where the firewall removed the Authentication Key
Identifier (AKID) from the certificate during SSL decryption, which
caused Python 3.13 to fail with a certificate verification
error.
|
PAN-277417
|
Fixed an memory leak issue related to TLS inbound decryption.
|
PAN-277147
|
Fixed an issue where daily scheduled reports were not generated and
emailed.
|
PAN-276920
|
Fixed an issue where web-advertisement traffic was not immediately
blocked which resulted in pages loading indefinitely.
|
PAN-276616
|
Fixed an issue on the firewall where half-duplex settings on Ethernet
were not visible.
|
PAN-276276
|
(PA-450 firewalls only) Fixed an issue where, after an
upgrade, data that was excluded using the query builder in a custom
report was still visible in the report, and the logs displayed
errors related to invalid threat names being queried.
|
PAN-275047
|
(VM-Series firewalls only) Fixed an issue where, after an
upgrade, the firewall was unable to send logs to the Strata Logging
Service (SLS) when using a specific proxy server, and the SSL
connection status displayed as failed when attempting to forward
logs through the web proxy.
|
PAN-275032
|
(M-600 appliances only) Fixed an issue where the
Elasticsearch cluster certificate (CC) status displayed with a past
expiration date, which caused all shards to be unassigned.
|
PAN-272812
|
Fixed an issue where SNMP monitoring of tunnel interfaces displayed
zero values for received bytes and packets.
|
PAN-271810
|
Fixed an issue where auto-negotiation advertised and negotiated
10/100 half and full duplex.
|
PAN-271700
|
Fixed an issue where User-ID connections were lost after an HA
failover.
|
PAN-271560
|
Fixed an issue where DNS requests to malware sites were not blocked
as expected, and the dns-security-categories
log-level and action displayed default values
instead of unavailable.
|
PAN-270849
|
Fixed a memory leak issue related to the configd process
that occurred when running consecutive commits for multiple days.
|
PAN-269899
|
Fixed an issue where the Panorama web interface was slower than
expected when querying for device tags.
|
PAN-269731
|
Fixed an issue where Panorama did not display logs from firewalls
after upgrading to PAN-OS 10.2.11 on devices due to Elasticsearch
(ES) getting restarted continuously.
|
PAN-268787
|
Fixed an issue where users were unable to log in to Panorama and the
following error message was displayed: Timed out while
getting config lock. Please try again. This
occurred when pushing configurations to a large number of devices.
|
PAN-267091
|
Fixed an issue on Panorama where Elasticsearch repeatedly restarted.
|
PAN-266639
|
Fixed an issue where administrators were unable to edit or add
virtual router configurations when a filter was applied to the
viewer.
|
PAN-263369
|
Fixed an issue where commits from Panorama to Panorama virtual
appliances failed with the error message Internal
error during commit processing. Commit/Validate
failed after upgrading Panorama.
|
PAN-261209
|
(Firewalls in active/active HA configuration only) Fixed an
issue where the firewall displayed the HA2 status as down when the
HSCI port was used for both HA2 and HA3.
|
PAN-260604
|
Fixed an issue where the firewall displayed inaccurate throughput
utilization stats in NetFlow analyzer tools.
|
PAN-259881
|
Fixed an issue on Panorama where traffic log details were not
displayed under detailed log view.
|
PAN-258757
|
Fixed an issue on Panorama where upgrades failed with validation
errors.
|
PAN-255860
|
(PA-5200 firewalls only) Fixed an issue where the
all_pktproc process stopped responding when the
firewall was under a heavy traffic load.
|
PAN-249384
|
Fixed an issue on Panorama where configuration locks were observed
during a partial rulebase commit.
|
PAN-246699
|
Fixed an issue on Panorama where Rule Usage
and Apps Seen under Security policy rules
stopped incrementing.
|
PAN-245064
|
(Multi-vsys firewalls only) Fixed an issue where commits
failed on the firewall after selecting Export or push
device config bundle on Panorama and a force push
was required.
|