PAN-OS 11.2.4-h10 Addressed Issues
Focus
Focus

PAN-OS 11.2.4-h10 Addressed Issues

Table of Contents

PAN-OS 11.2.4-h10 Addressed Issues

PAN-OSĀ® 11.2.4-h10 addressed issues.
Issue ID
Description
PAN-292503
Fixed an issue on the firewall where the source and destination NAT IP addresses did not display in traffic & threat logs.
PAN-290996
Fixed an issue where SNMP walks returned a value of 0 for the CPS (Connections Per Second) per vsys on firewalls after upgrading to PAN-OS 11.1.6-h3, even when active connections were present.
PAN-290088
Fixed an issue where a memory leak occurred related to the configd process when pushing configurations from Panorama to a firewall. This occurred when the configurations contained shared policy rules.
PAN-287838
(Panorama appliances only) Fixed an issue on the web interface where resetting the rule hit counter for multiple policy rules failed with the error message Failed to reset rule-hit job.
PAN-287056
Fixed an issue where BGP export policy rules with next-hop matching failed to block the advertisement of static routes, and the firewall incorrectly matched the egress interface IP address instead of the original next-hop IP address of the static route, which caused the deny rule to fail.
PAN-287023
Fixed an issue where a large number of logs caused the logrcvr process to stop responding.
PAN-286848
Fixed an issue where ECMP incorrectly balanced sessions across links based on the configured metric, which led to an imbalance in traffic distribution and resulted in traffic assignment shifting disproportionately to routes with lower metrics.
PAN-286306
Fixed an issue where, when getting transceiver information from ESCC for SFP 25G modules, the transceiver code was incorrectly updated with Unknown instead of 25GBase-SR.
PAN-284117
(Panorama appliances in Log Collector mode only) Fixed an issue where the vm_agent process restarted after an upgrade.
PAN-284073
Fixed an issue on the firewall that caused commits to fail and the web interface to become inaccessible.
PAN-284003
Fixed an issue where clients did not receive a valid response when searching a website due to a compression error.
PAN-282391
(Panorama appliances and Log Collectors only) Fixed an issue where a VLD memory leak caused increased memory use, which resulted in OOM errors.
PAN-282359
Fixed an issue where the Panorama web interface was slower than expected.
PAN-281649
Fixed an issue where the index size limit was incorrectly calculated and indices rolled over earlier than expected, which resulted in high memory and OOM errors.
PAN-281509
(Panorama appliances only) Fixed an issue where log exports were slower than expected or failed when filtering logs after an upgrade, which resulted in timeouts or delays in displaying logs on the web interface.
PAN-279500
Fixed an issue where TLS connections failed to establish in asymmetric routing environments if the firewall did not see server-to-client (s2c) packets of the TLS handshake.
To use this fix, run the following CLI command: debug dataplane set ssl-decrypt accumulate-client-hello asym-disable yes.
PAN-279415
Fixed an issue where service routes configured to use a data plane interface incorrectly used the management plane interface for traffic transmission. This issue affected syslog and CRL status traffic when a custom service route was not configured.
PAN-278812
Fixed an issue where authentication to GlobalProtect failed with the error message User not in allowed list.
PAN-278150
Fixed an issue where the firewall removed the Authentication Key Identifier (AKID) from the certificate during SSL decryption, which caused Python 3.13 to fail with a certificate verification error.
PAN-277417
Fixed an memory leak issue related to TLS inbound decryption.
PAN-277147
Fixed an issue where daily scheduled reports were not generated and emailed.
PAN-276920
Fixed an issue where web-advertisement traffic was not immediately blocked which resulted in pages loading indefinitely.
PAN-276616
Fixed an issue on the firewall where half-duplex settings on Ethernet were not visible.
PAN-276276
(PA-450 firewalls only) Fixed an issue where, after an upgrade, data that was excluded using the query builder in a custom report was still visible in the report, and the logs displayed errors related to invalid threat names being queried.
PAN-275047
(VM-Series firewalls only) Fixed an issue where, after an upgrade, the firewall was unable to send logs to the Strata Logging Service (SLS) when using a specific proxy server, and the SSL connection status displayed as failed when attempting to forward logs through the web proxy.
PAN-275032
(M-600 appliances only) Fixed an issue where the Elasticsearch cluster certificate (CC) status displayed with a past expiration date, which caused all shards to be unassigned.
PAN-274671
Fixed an issue where empty traffic logdb folders were generated for each day even when trafcfic logs were not received by the logrcvr process.
PAN-272812
Fixed an issue where SNMP monitoring of tunnel interfaces displayed zero values for received bytes and packets.
PAN-271810
Fixed an issue where auto-negotiation advertised and negotiated 10/100 half and full duplex.
PAN-271700
Fixed an issue where User-ID connections were lost after an HA failover.
PAN-271560
Fixed an issue where DNS requests to malware sites were not blocked as expected, and the dns-security-categories log-level and action displayed default values instead of unavailable.
PAN-270849
Fixed a memory leak issue related to the configd process that occurred when running consecutive commits for multiple days.
PAN-269899
Fixed an issue where the Panorama web interface was slower than expected when querying for device tags.
PAN-269731
Fixed an issue where Panorama did not display logs from firewalls after upgrading to PAN-OS 10.2.11 on devices due to Elasticsearch (ES) getting restarted continuously.
PAN-268787
Fixed an issue where users were unable to log in to Panorama and the following error message was displayed: Timed out while getting config lock. Please try again. This occurred when pushing configurations to a large number of devices.
PAN-267535
Fixed an issue where all_task processes stopped responding on the remote network firewall, which caused tunnels to go down and the pan_task CPU usage to approach 100%.
PAN-267091
Fixed an issue on Panorama where Elasticsearch repeatedly restarted.
PAN-266639
Fixed an issue where administrators were unable to edit or add virtual router configurations when a filter was applied to the viewer.
PAN-263369
Fixed an issue where commits from Panorama to Panorama virtual appliances failed with the error message Internal error during commit processing. Commit/Validate failed after upgrading Panorama.
PAN-261209
(Firewalls in active/active HA configuration only) Fixed an issue where the firewall displayed the HA2 status as down when the HSCI port was used for both HA2 and HA3.
PAN-260604
Fixed an issue where the firewall displayed inaccurate throughput utilization stats in NetFlow analyzer tools.
PAN-259881
Fixed an issue on Panorama where traffic log details were not displayed under detailed log view.
PAN-258757
Fixed an issue on Panorama where upgrades failed with validation errors.
PAN-255860
(PA-5200 firewalls only) Fixed an issue where the all_pktproc process stopped responding when the firewall was under a heavy traffic load.
PAN-249384
Fixed an issue on Panorama where configuration locks were observed during a partial rulebase commit.
PAN-246699
Fixed an issue on Panorama where Rule Usage and Apps Seen under Security policy rules stopped incrementing.
PAN-245064
(Multi-vsys firewalls only) Fixed an issue where commits failed on the firewall after selecting Export or push device config bundle on Panorama and a force push was required.