Limitations in PAN-OS 11.0
What are the limitations related to PAN-OS 11.0 releases?
The following are limitations associated with PAN-OS 11.0.
The following limitations apply for on-premises Explicit Proxy:
In Advanced Routing mode, BGP peer groups and peers allow IPv6 NLRI to be transported over an IPv6 MP-BGP peer and allow IPv6 NLRI to be transported over an IPv4 MP-BGP peer. If you want to use IPv4 multicast, you are limited to only IPv4 with that peer. The firewall does not support SAFI IPv6 multicast at all.
For CN-Series deployments using the Advanced Routing Engine with the Kubernetes 3.0.0 plugin, you must configure Advanced Routing manually on the template stack:
PAN-OS logs (
) experience a significant delay before they are displayed if NetFlow (
) is enabled on an interface (
). This may result in log loss if the volume of delayed logs exceeds the logging buffer available on the firewall.
The following firewalls are impacted:
DHCPv6 Client with Prefix Delegation is currently incompatible with GlobalProtect. You cannot configure GP gateways with dynamic IPv6 addresses.
In IPSec transport mode, the traffic does not flow if you configure BGP routes in a tunnel interface. While using IPSec transport mode for BGP routes, configure the BGP routes on a physical interface (for example, ethernet 1/1) and not the tunnel interface.
While IPSec tunnel mode for BGP routes works with the tunnel interface, IPSec transport mode for BGP routes works with the physical interface only.
On the PA-5440 firewall, the valid range to configure the maximum number of site-to-site VPN tunnels is from 0 to 10,000.
PA-415 and PA-445 firewalls) The hardware can detect the presence of a power adapter but does not detect voltage or functionality. As a result, the firewall’s Alarm feature is unavailable to the power supply and is only raised when the device reaches temperature limits. Furthermore, the firewall does not display power supply details in system logs or the CLI.
Recommended For You
Recommended videos not found.