PAN-OS 10.1.1 Addressed Issues

PAN-OS® 10.1.1 addressed issues.
Issue ID
Fixed an issue where a firewall in FIPS mode running PAN-OS 8.1.18 or a later version failed to connect with a WildFire appliance in normal mode.
Fixed an issue where an intermittent error while analyzing signed PE samples on the WildFire appliance might have caused analysis failures.
Fixed an issue where SaaS Policy Recommendation didn’t work on firewalls because the SaaS Security Inline policy recommendation license check failed.
Fixed an issue where hot-swapping or hot-plugging a transceiver in the HSCI-A or HSCI-B port on the PA-5450 firewall caused the firewall to reboot unexpectedly.
Passive PA-5450 firewalls in an HA active/passive configuration only
) Fixed an issue where, when the ports do not link up initially due to local or remote faults, the firewall continued to process traffic even when its port(s) were in a Disabled state.
Fixed an issue where the outbound/inbound interface was not populated for session logs that were forwarded to Panorama.
PA-5450 firewalls only
) Fixed an issue where the HSCI interface didn’t recognize a hot-swapped 40G or 100G transceiver.
Fixed an issue where
GlobalProtect Activity
did not display when a device group was selected.
Fixed an issue where Panorama deployed in Google Cloud Platform (GCP) failed to the renew management server DHCP IP.
Fixed an issue where the firewall egressed offloaded frames out of order after an explicit commit (
on the firewall or
Commit All Changes
on Panorama) or an implicit comment such as an Antivirus update, Dynamic Update, or WildFire update.
This issue persists for a network-related configuration and commit.
Fixed an issue where, when a partial
Preview Change
job failed, a process (configd) stopped responding.
Fixed an issue with the google-docs-uploading application that occurred if a Security policy rule was applied to a Security profile and traffic was decrypted.
Fixed an issue where SD-WAN SaaS monitoring traffic was incorrectly dropped by a Security policy that included a deny rule.
Fixed an issue where SSL traffic wasn’t decrypted on inbound inspection when the private key used a hardware security module (HSM).
Fixed an issue where PAN-DB URL cloud updates failed because a process (devsrvr) did not fetch serial numbers, which prevented the PAN_DB URL cloud from connecting after first deployment.
Fixed an issue where a CN-NGFW pod repeatedly restarted due to eth0 being unavailable when kubelet ran network checks on eth0. The following error displayed in the dataplane node
logs: f
ailed to read pod IP from plugin/docker: networkPlugin cni failed on the status hook for pod "pan-ngfw-dep-<>_kube-system": unexpected address output
Fixed an issue where the management CPU remained at 100% due to a large number of configured User-ID agents.
Fixed an issue where Elasticsearch didn't start up in a new Log Collector deployment or downgrade because the Log Collector could not register the service.
PA-5450 firewalls only
) Fixed an issue where QoS didn’t honor the guaranteed bandwidth for classes set to a Priority of real-time.
Fixed an issue where, when an MLAV URL with an exception list was configured and forward proxy was enabled, a process (all_pktproc) repeatedly restarted, which resulted in the firewall rebooting.
Fixed a timing issue between downloading and installing threads that occurred when Panorama pushed content updates and the firewall fetched content updates simultaneously.
Fixed an issue where, when default interzone and intrazone Security policy rules were overwritten, the rules did not display hit counts.
Fixed an issue where an out-of-memory (OOM) condition occurred due to a memory leak related to a process (logrcvr).
Fixed an intermittent issue where the presence of an Anti-Spyware profile in a Security policy rule that matched DNS traffic caused DNS responses to be malformed in transit.
Fixed an issue in HA active/active configurations where deleting an interface not associated with a virtual router did not sync the configuration change.
Fixed an issue where an increase was observed on
, which caused latency.
Fixed an issue where commits to the Prisma Access Remote networks from Panorama were failing when the management server on the cloud firewall failed to exit cleanly and reported the following error:
pan_check_cert_status(pan_crl_ocsp.c:284): sysd write failed (TIMEOUT)
Fixed an intermittent issue where SMB file transfer operations failed due to packet drops that were caused by the Content and Threat Detection (CTD) queue filling up quickly. This fix introduces a new CLI command which, when enabled, prevent these failures:
set system setting ctd nonblocking-pattern-match-qsizecheck [enable|disable]
Fixed an issue where a process (useridd) stopped responding while attempting to remove all HIP reports on the disk.
Fixed an issue where, when two or more PA-5450 fan assemblies failed, the firewall shut down without providing a console or CLI error message about the fan failure.

Recommended For You