PAN-OS 10.1.1 Addressed Issues
Focus
Focus

PAN-OS 10.1.1 Addressed Issues

Table of Contents

PAN-OS 10.1.1 Addressed Issues

PAN-OS® 10.1.1 addressed issues.
Issue ID
Description
WF500-5568
Fixed an issue where a firewall in FIPS mode running PAN-OS 8.1.18 or a later version failed to connect with a WildFire appliance in normal mode.
WF500-5559
Fixed an issue where an intermittent error while analyzing signed PE samples on the WildFire appliance might have caused analysis failures.
PAN-174094
Fixed an issue where SaaS Policy Recommendation didn’t work on firewalls because the SaaS Security Inline policy recommendation license check failed.
PAN-172419
Fixed an issue where hot-swapping or hot-plugging a transceiver in the HSCI-A or HSCI-B port on the PA-5450 firewall caused the firewall to reboot unexpectedly.
PAN-172386
(Passive PA-5450 firewalls in an HA active/passive configuration only) Fixed an issue where, when the ports do not link up initially due to local or remote faults, the firewall continued to process traffic even when its port(s) were in a Disabled state.
PAN-172063
Fixed an issue where the outbound/inbound interface was not populated for session logs that were forwarded to Panorama.
PAN-171898
(PA-5450 firewalls only) Fixed an issue where firewalls did not get full 10G throughput when traffic was sent from 100G or 40G interfaces to 10G interfaces.
PAN-171750
(PA-5450 firewalls only) Fixed an issue where the HSCI interface didn’t recognize a hot-swapped 40G or 100G transceiver.
PAN-171703
Fixed an issue where GlobalProtect Activity did not display when a device group was selected.
PAN-171290
Fixed an issue where Panorama deployed in Google Cloud Platform (GCP) failed to the renew management server DHCP IP.
PAN-170936
Fixed an issue where the firewall egressed offloaded frames out of order after an explicit commit (Commit on the firewall or Commit All Changes on Panorama) or an implicit comment such as an Antivirus update, Dynamic Update, or WildFire update.
Note This issue persists for a network-related configuration and commit.
PAN-170825
Fixed an issue where, when a partial Preview Change job failed, a process (configd) stopped responding.
PAN-170740
Fixed an issue with the google-docs-uploading application that occurred if a Security policy rule was applied to a Security profile and traffic was decrypted.
PAN-170610
Fixed an issue where SD-WAN SaaS monitoring traffic was incorrectly dropped by a Security policy that included a deny rule.
PAN-170473
Fixed an issue where SSL traffic wasn’t decrypted on inbound inspection when the private key used a hardware security module (HSM).
PAN-170314
Fixed an issue where PAN-DB URL cloud updates failed because a process (devsrvr) did not fetch serial numbers, which prevented the PAN_DB URL cloud from connecting after first deployment.
PAN-170174
Fixed an issue where a CN-NGFW pod repeatedly restarted due to eth0 being unavailable when kubelet ran network checks on eth0. The following error displayed in the dataplane node journalctl logs: failed to read pod IP from plugin/docker: networkPlugin cni failed on the status hook for pod "pan-ngfw-dep-<>_kube-system": unexpected address output.
PAN-169064
Fixed an issue where the management CPU remained at 100% due to a large number of configured User-ID agents.
PAN-168646
Fixed an issue where Elasticsearch didn't start up in a new Log Collector deployment or downgrade because the Log Collector could not register the service.
PAN-168920
(PA-5450 firewalls only) Fixed an issue where QoS didn’t honor the guaranteed bandwidth for classes set to a Priority of real-time.
PAN-168418
Fixed an issue where, when an MLAV URL with an exception list was configured and forward proxy was enabled, a process (all_pktproc) repeatedly restarted, which resulted in the firewall rebooting.
PAN-167989
Fixed a timing issue between downloading and installing threads that occurred when Panorama pushed content updates and the firewall fetched content updates simultaneously.
PAN-166398
(PA-5450 firewalls only) Fixed an issue where, when you configured path or latency monitoring on the Health Monitor tab in the packet broker profile (ObjectsPacket Broker), the path health monitor was disabled due to a configuration synchronization issue after a reboot.
PAN-165025
Fixed an issue where, when default interzone and intrazone Security policy rules were overwritten, the rules did not display hit counts.
PAN-164707
(PA-7000 Series firewalls only) Fixed an issue where logs were not viewable via the web interface in the Monitor tab or via the CLI.
PAN-164392
Fixed an issue where an out-of-memory (OOM) condition occurred due to a memory leak related to a process (logrcvr).
PAN-163800
Fixed an intermittent issue where the presence of an Anti-Spyware profile in a Security policy rule that matched DNS traffic caused DNS responses to be malformed in transit.
PAN-162442
Fixed an issue in HA active/active configurations where deleting an interface not associated with a virtual router did not sync the configuration change.
PAN-158932
Fixed an issue where an increase was observed on spyware_state, which caused latency.
PAN-158649
Fixed an issue where commits to the Prisma Access Remote networks from Panorama were failing when the management server on the cloud firewall failed to exit cleanly and reported the following error: pan_check_cert_status(pan_crl_ocsp.c:284): sysd write failed (TIMEOUT)
PAN-157715
Fixed an intermittent issue where SMB file transfer operations failed due to packet drops that were caused by the Content and Threat Detection (CTD) queue filling up quickly. This fix introduces a new CLI command which, when enabled, prevent these failures: set system setting ctd nonblocking-pattern-match-qsizecheck [enable|disable].
PAN-156388
Fixed an issue where a process (useridd) stopped responding while attempting to remove all HIP reports on the disk.
PAN-154053
Fixed an issue where, when two or more PA-5450 fan assemblies failed, the firewall shut down without providing a console or CLI error message about the fan failure.