PAN-OS 11.2.6 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
PAN-OS 11.2.6 Addressed Issues
PAN-OSĀ® 11.2.6 addressed issues.
Issue ID | Description |
|---|---|
PAN-287812 | Fixed an intermittent issue where the dataplane stopped responding when advanced DNS was enabled.
|
PAN-286255 | Fixed an issue where, when the firewall received an unexpected termination request for SSL sessions, the dataplane experienced a slow buffer resource leak.
|
|
PAN-284908
|
Fixed an issue where retrieving filenames from OneDrive resulted in a
cache miss.
|
PAN-284116 | Fixed an issue where mTLS decryption bypass did not work when the decryption profile was configured with the maximum TLS version as TLS 1.3.
|
PAN-284036 | (PA-450R and PA-450R-5G firewalls only) Fixed an issue where the maximum temperature threshold and shutdown threshold were not set correctly.
|
PAN-283467 | (PA-3400 Series firewalls only) Fixed an issue where the firewall unexpectedly rebooted and entered maintenance mode due to a ctd-agent out-of-memory (OOM) condition. This occurred during advanced services load testing and a high volume of IoT EAL log forwarding.
|
PAN-282968 | Fixed an issue where the firewall did not identify the test threat file when the content was installed via a traditional bootstrap.
|
PAN-282236 | Fixed an issue where large IPv6 packets were reassembled incorrectly on the firewall when the packets arrived fragmented over an IPv4 tunnel.
|
PAN-282206 | Fixed an issue where configuring Secure Web Gateway (SWG) in no-auth mode led to latency when no decryption policy rules or No-decrypt policy rules were present.
|
PAN-282069 | Fixed an issue on Panorama where Security policy rules were removed from device groups when you cloned or edited Security policy rules that used more than 63 characters.
|
PAN-282022 | Fixed the support limitation for the Panorama M-600 and M-700 appliances.
|
PAN-280700 | Fixed an Issue where commits failed with the error invalid IPv6 x:x - must be global/link-local unicast when the management IPv6 address had a specific value.
|
PAN-280471 | Fixed an issue where navigating Panorama > Monitor > Logs was slower than expected.
|
PAN-279983 | (PA-1400 Series firewalls only) Fixed an issue on the web interface where Enable Bonjour Reflector was not displayed (Network > Interfaces > Ethernet Interface).
|
PAN-279746 | Fixed an issue where SMTP packets were not sent out when the Client Hello arrived at the firewall in multiple out-of-order segments and the traffic was not subject to SSL decryption.
|
PAN-279621 | Fixed an issue where processes stopped responding when HTTPS Forward traffic was run.
|
PAN-279197 | (PA-450R-5G firewalls only) Fixed an issue where the firewall stopped responding and displayed the error message Thermal temperature exceeds system threshold! Shutting down NOW even when the firewall was within the threshold.
|
PAN-279191 | Fixed an issue where a GlobalProtect gateway stopped responding when handling HTTP/1.1 traffic with web inspection enabled.
|
PAN-278684 | (PA-445 firewalls only) Fixed an issue where the firewall did not properly power cycle during a reboot.
|
PAN-278322 | (VM-Series firewalls on Amazon Web Services (AWS) Gateway Load Balancer (GWLB) deployments only) Fixed an issue where the firewall did not display the correct source user in traffic logs and session details.
|
PAN-278296 | Fixed an issue where the system MAC address of the aggregate interface was the same on the active firewall and the passive firewall after an upgrade.
|
PAN-277762 | (VM-Series firewalls only) Fixed an issue where unexpected failovers occurred on firewalls running PAN-OS 11.2.2-h2.
|
PAN-277751 | Fixed an issue where a policy-based forwarding (PBF) rule with an action of no-pbf and a service of TCP-22 did not match traffic after upgrading to PAN-OS 11.1.5-h1. As a result, traffic was matched by a lower rule with a service of any and an action of forward.
|
PAN-277629 | Fixed an issue where the firewall did not match the correct policy for SSL forward decrypted HTTP/2 traffic when upgrading from PAN-OS 10.2.9-h1 to PAN-OS 11.2.3.
|
PAN-277417 | Fixed an memory leak issue related to TLS inbound decryption.
|
PAN-277135 | Fixed an issue where the firewall stopped responding when a DNS client closed or reset a TCP connection while the firewall was sending a response.
|
PAN-276822 | Fixed an issue where the packet buffer size increased significantly when WildFire File Forwarding was continued after a threat detection and then canceled.
|
PAN-276607 | Fixed an issue where GlobalProtect users experienced DNS resolution timeouts when using Prisma Access.
|
PAN-276546 | Fixed an issue where a session lost the PBF rule mapping after a configuration change or commit.
|
PAN-276177 | Fixed an issue where App Acceleration did not work with Oracle databases.
|
PAN-276090 | Fixed an issue where the DLP feature did not work as expected and performance issues occurred when uploading files. This was caused by incomplete error handling when writing CTD WIF messages to shared memory and incomplete checking of parameters when freeing entries in the shared memory.
|
PAN-276016 | Fixed an issue where Prisma Access cap700 instances did not insert HTTP headers when accessing certain Google domains if the 32 byte pool size was low.
|
PAN-275032 | (M-600 appliances only) Fixed an issue where the Elasticsearch cluster certificate (CC) status displayed with a past expiration date, which caused all shards to be unassigned.
|
PAN-274592 | (Firewalls in high availability (HA) configurations only) Fixed an issue where the
firewall did not fail over when the active firewall experienced data
plane issues.
|
PAN-274314 | (PA-1400 Series firewalls, PA-3400 Series firewalls, and PA-5400 Series firewalls only)
Fixed an issue where, when the pan_task process
restarted, control plane packets were dropped, which could impact
LACP and pings to host interfaces.
|
PAN-273949 | Fixed an issue where the firewall generated the following error message in the snmpd logs: pan_get_keystr_from_cryptod(pan_snmpinterface.c:181): Key X2F1dGhfa2V5 import from cryptod failed.
|
|
PAN-273727
|
Fixed an issue where the firewall skipped the DNS policy rule of a
domain external dynamic list (EDL) during an EDL refresh.
To use this fix, run the following CLI command and commit:
set deviceconfig setting ctd
custom-edl-domains-continuous-reload yes/no
|
PAN-273195 | Fixed an issue where the firewall did not log the correct NAT IP address and source zone for HTTP2 traffic with SSL decryption enabled on RNHP nodes.
|
PAN-273129 | Fixed an issue on the web interface where the negate option was visible when you clicked on the rule name, but not when you viewed the target options from the rulebase attribute.
|
PAN-273026 | Fixed an issue where traffic logs did not display correctly when filters were applied.
|
PAN-273021 | Fixed an issue where 25G port links did not come up due to a change in the handling of 25G DAC modules.
|
PAN-272959 | Fixed an issue where the firewall generated BGP update packets larger than 1500 bytes when the interface MTU was 1500 bytes and jumbo frames were enabled globally.
|
PAN-272849 | Fixed an issue where log forwarding to a UDP syslog server stopped when an unreachable TCP syslog server was configured and applied.
|
PAN-272538 | Fixed an issue where the configd process stopped responding during a commit-all validation when there were uncommitted changes and share-unused-objects-with-devices was set to off.
|
PAN-272171 | Fixed an issue where the firewall dropped the AAAA DNS server response and caused delays in traffic from Ubuntu or Linux clients when DNS Security was enabled.
|
PAN-272085 |
Fixed an issue where the firewall unexpectedly stopped responding and
rebooted when DoH was enabled for DNS Security and multiple DoH
transactions were sent in a single HTTP/1 connection.
|
PAN-271912 | Fixed an issue on Panorama where the configd process stopped responding when filtering in the configuration audit window after upgrading to PAN-OS 11.1.3.
|
PAN-271701 | Fixed an issue where Advanced Services, App-ID Cloud Engine (ACE), and Enhanced Application Log stopped working due to incorrect memory usage accounting, which caused memory usage to remain at 99% after an extended period of time.
|
PAN-271314 | Fixed an issue where pushing changes to a prefix list used for BGP from Panorama affected OSPF routes.
|
PAN-271273 | Fixed an issue where dynamic update downloads failed when IPv6 firewalling was enabled on the firewall and both IPv4 and IPv6 were configured on the management interface.
|
PAN-271181 | Fixed an issue where committing changes to Advanced Routing and redistribution profiles failed while pushing the configuration from SCM.
|
PAN-271152 | (7000-Series firewalls in HA configurations only) Fixed an issue where the firewall failed over into a non-functional state, and the LFC LED was blinking on the passive firewall.
|
PAN-270607 | (Firewalls in active/passive HA configurations only) Fixed an issue where OSPF failed to establish after a failover from the active firewall to the passive firewall.
|
PAN-270471 | Firewalls in active/active configurations only) Fixed an issue where the firewall did not detect configuration changes when only the interface of an IKE gateway was changed, which caused IPSec tunnels to not come up after migrating the IKE gateway IP address from a subinterface to a physical interface.
|
PAN-269956 | Fixed an issue where the all_pktproc process stopped responding, which caused internal path monitor failures.
|
PAN-269731 | Fixed an issue where Panorama did not display logs from firewalls after upgrading to PAN-OS 10.2.11 on devices due to Elasticsearch (ES) getting restarted continuously.
|
PAN-269291 | Fixed an issue where the scheduled report generation script did not return debug information.
|
PAN-269052 | Fixed an issue where traffic was blocked by a URL filtering profile even though the Security policy rule did not have a URL filtering profile configured.
|
PAN-268705 | Fixed an intermittent issue where the firewall failed to process FTP traffic after upgrading to PAN-OS 10.1.14.
|
PAN-268168 | Fixed an issue where uploading files that were 5GB or larger to Google Drive or YouTube failed
when a decryption policy rule for http2 was enabled.
|
PAN-267662 | Fixed an issue where the firewall experienced a memory out-of-bounds access when the firewall was configured with SD-WAN and the SD-WAN plugin was loading, which caused the firewall to stop responding and drop VPN tunnels.
|
PAN-267580 | Fixed an issue where an External Dynamic List (EDL) IP address in an unsupported format was recognized as valid on the firewall.
|
|
PAN-267489
|
Fixed an issue where firewalls on PAN-OS 11.2 releases were not able
to successfully onboard to SCM with ZTP due to a commit failure in
the bootstrap process.
|
PAN-267444 | Fixed an issue where large file downloads or uploads failed or remained in an incomplete state when using DLP HTTP2 mirror mode.
|
PAN-265219 | (VM-Series firewalls only) Fixed an issue where GRE traffic did not work properly.
|
PAN-265021 | Fixed an issue where the firewall did not inspect NXDomain responses and follow the regular traffic inspection flow.
|
PAN-261998 | Fixed an issue where the firewall configuration process restarted during an External Dynamic List refresh or a commit and push operation.
|
PAN-261825 | Fixed an issue where traffic was dropped when Data Loss Prevention or Advanced URL Filtering were enabled. This occurred when the payload size was greater than 3.5 KB.
|
PAN-261429 | Fixed an issue where the show auth radius-require-msg-authentic command CLI displayed no output.
|
PAN-260300 | (PA-5410, PA-5420, PA-5430, PA-5440 and PA-5445 firewalls only) Fixed an issue related to the all_pktproc process where DPC slot 3 stopped responding.
|
PAN-260235 | Fixed an issue where the firewall sent Threat logs and URL logs to an external syslog server without Security profile settings when Enhanced Application Logging was enabled.
|
PAN-260090 | Fixed an issue where commit all operations failed when the application openair-psa was used as a keyword on a remote network instance that was upgraded to PAN-OS 10.2.4-h20.
|
PAN-260015 | Fixed an issue on the firewall where the dataplane restarted due to insufficient allocation of memory buffers.
|
PAN-259076 | Fixed an issue where the firewall displayed an OCSP/CRL check failure when accessing websites.
|
PAN-257619 | Fixed an issue on Panorama where the Task Manager took longer than expected to display managed firewall report tasks.
|
PAN-255914 | (VM-Series firewalls on AWS environments only) Fixed an issue where a newly bootstrapped
firewall required a management server restart, relicensing, or
license push from Panorama to invoke the device certificate.
|
PAN-255619 | Fixed an intermittent issue where file downloads from websites failed when decrypting HTTP/2 traffic.
|
PAN-252381 | Fixed an issue where the Panorama web interface was slower than expected when opening interfaces, virtual routers, and zones in a template or template stack.
|
PAN-245064 | (Multi-vsys firewalls only) Fixed an issue where commits failed on the firewall after selecting Export or push device config bundle on Panorama and a force push was required.
|
PAN-233647 | Fixed an issue where Panorama management servers generated duplicate configuration logs.
|