PAN-OS 11.0.1 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 11.0 (EoL)
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
-
- Networking Features
- Panorama Features
- Management Features
- Certificate Management Features
- Cloud Identity Features
- Content Inspection Features
- IoT Security Features
- Mobile Infrastructure Security Features
- SD-WAN Features
- Virtualization Features
- Advanced WildFire Features
- GlobalProtect Features
- Hardware Features
- Enterprise Data Loss Prevention Features
End-of-Life (EoL)
PAN-OS 11.0.1 Addressed Issues
PAN-OS® 11.0.1 addressed issues.
Issue ID | Description |
|---|---|
|
PAN-231823
|
A fix was made to address CVE-2024-5916.
|
PAN-216656 | Fixed an issue where the firewall was unable to fully process the user list from a child group when the child group contained more than 1,500 users.
|
PAN-215911 | Fixed an issue that resulted in a race condition, which caused the configd process
to stop responding.
|
PAN-215488 | Fixed an issue where an expired Trusted Root CA was used to sign the forward proxy leaf certificate during SSL Decryption.
|
PAN-210561 | Fixed an issue where the all_task process repeatedly restarted due to missed heartbeats.
|
PAN-210513 | Fixed an issue where Captive Portal authentication via SAML did not work.
|
PAN-210481 | Fixed an issue where botnet reports were not generated on the firewall.
|
PAN-210449 | Fixed an issue where the value for shared objects used in policy rules were not displayed on multi-vsys firewalls when pushed from Panorama.
|
PAN-210331 | Fixed an issue where the firewall did not send device telemetry files to Cortex Data Lake with the error message send the file to CDL receiver failed.
|
PAN-210327 | (PA-5200 Series firewalls only) Fixed an issue where upgrading to PAN-OS 10.1.7, an internal loop caused an increase in the packets received per second.
|
PAN-210237 | Fixed an issue where system logs generated by Panorama for commit operations showed the severity as High instead of Informational.
|
PAN-210080 | Fixed an issue where the useridd process stopped responding when add and delete member parameters in an incremental sync query were empty.
|
PAN-209799 | Fixed an issue where logging was not disabled on passive nodes, which caused the logrcvr to stop responding.
|
PAN-209491 | Fixed an issue on the web interface where the Session Expire Time displayed a past date if the device time was in December.
|
PAN-209069 | Fixed an issue where IP addresses in the X-Forwarded-For (XFF) field were not logged when the IP address contained an associated port number.
|
PAN-209036 | Fixed an issue where the dataplane restarted, which led to slot failures occurring and a core file being generated.
|
PAN-208987 | (PA-5400 Series only) Fixed an issue where packets were not transmitted from the firewall if its fragments were received on different slots. This occurred when aggregate ethernet (AE) members in an AE interface were placed on a different slot.
|
|
PAN-208922
|
A fix was made to address an issue where an authenticated
administrator was able to commit a specifically created
configuration to read local files and resources from the system
(CVE-2023-38046).
|
PAN-208930 | (PA-7000 Series firewalls only) Fixed an issue where auto-tagging in log forwarding did not work.
|
PAN-208902 | Fixed an issue where, when a client sent a TCP/FIN packet, the firewall displayed the end reason as aged-out instead of tcp-fin.
|
PAN-208724 | Fixed an issue where port pause frame settings did not work as expected and incorrect pause frames occurred.
|
PAN-208718 | Additional debug information was added to capture internal details during traffic congestion.
|
PAN-208711 | (PA-5200 Series firewalls only) The CLI command debug dataplane set pow no-desched yes/no was added to address an issue where the all_pktproc process stopped responding and caused traffic issues.
|
PAN-208537 | Fixed an issue where the licensed-device-capacity was reduced when multiple device management license key files were present.
|
PAN-208525 | Fixed an issue where Security policy rules with user groups did not match when Kerberos authentication was configured for explicit proxy.
|
PAN-208485 | Fixed an issue where NAT policies were not visible on the CLI if they contained more than 32 characters.
|
PAN-208343 | Fixed an issue where telemetry regions were not visible on Panorama.
|
PAN-208157 | Fixed an issue where malformed hints sent from the firewall caused the logd process to stop responding on Panorama, which caused a system reboot into maintenance mode.
|
PAN-207940 | Fixed an issue where platforms with RAID disk checks were performed weekly, which caused logs to incorrectly state that RAID was rebuilding.
|
PAN-207740 | Fixed an issue that resulted in a race condition, which caused the configd process to stop responding.
|
PAN-207738 | Fixed an issue where the ocsp-next-update-time CLI command did not execute for leaf certificates with certificate chains that did not specify OCSP or CRL URLs. As a result, the next update time was 60 minutes even if a different time was set.
|
PAN-207663 | Fixed a Clientless VPN issue where JSON stringify caused issues with the application rewrite.
|
|
PAN-207629
|
Fixed an issue where a selective push to firewalls failed if the
firewalls were enabled with multiple vsys and the push scope
contained shared objects in device groups.
|
PAN-207610 | (PA-5200 Series and PA-7000 Series firewalls only) Fixed an issue where Log Admin Activity was not visible on the web interface.
|
PAN-207601 | Fixed an issue where URL cloud connections were unable to resolve the proxy server hostname.
|
PAN-207426 | Fixed an issue where a selective push did not include the Share Unused Address and Service Objects with Devices option on Panorama, which caused the firewall to not receive the objects during the configuration push.
|
PAN-207400 | Fixed an issue on Octeon based platforms where fragmented VLAN tagged packets dropped on an aggregate interface.
|
PAN-207390 | Fixed an issue where, even after disabling Telemetry, Telemetry system logs were still generated.
|
PAN-207260 | A commit option was enabled for Device Group and Template administrators after a password change.
|
PAN-207045 | (PA-800 Series firewalls only) Fixed an issue where PAN-SFP-SX transceivers used on ports 5 to 8 did not renegotiate with peer ports after a reload.
|
PAN-206963 | (M-700 Appliances only) A CLI command was added to check the status of each physical port of a bond1 interface.
|
PAN-206858 | Fixed an issue where a segmentation fault occurred due to the useridd process being restarted.
|
PAN-206755 | Fixed an issue when a scheduled multi-device group push occurred, the configd process stopped responding, which caused the push to fail.
|
PAN-206684 | (PA-7000 Series firewalls with Log Forwarding Cards (LFCs) only) Fixed an issue where, after upgrading the firewall from a PAN-OS 10.0 release to a PAN-OS 10.1 release, the firewall did not duplicate logs to local log collectors or to Cortex Data Lake when a device certificate was already installed.
|
PAN-206658 | Fixed a timeout issue in the Intel ixgbe driver that resulted in internal path monitoring failure.
|
PAN-206466 | Fixed an issue where the push scope was displaying duplicate shared objects for each device group that were listed under the shared-object group.
|
PAN-206393 | (PA-5280 firewalls only) Fixed an issue where memory allocation errors caused decryption failures that disrupted traffic with SSL forward proxy enabled.
|
PAN-206382 | Fixed an issue where authentication sequences were not populated in the drop down when selecting authentication profiles during administrator creation in a template.
|
PAN-206251 | (PA-7000 Series firewalls with Log Forwarding Cards (LFCs) only) Fixed an issue where the logrcvr process did not send the system-start SNMP trap during startup.
|
PAN-206233 | Fixed an issue where the pan_comm process stopped responding when a content update and a cloud application update occurred at the same time.
|
PAN-206128 | (PA-7000 Series firewalls with NPCs (Network Processing Cards) only) Improved debugging capability for an issue where the firewall restarted due to heartbeat failures and then failed with the following error message: Power not OK.
|
PAN-206069 | Fixed an issue where the firewall was unable to boot up on older Intel CPUs.
|
PAN-206017 | Fixed an issue where the show dos-protection rule command displayed a character limit error.
|
PAN-206005 | (PA-1400 Series, PA-3400 Series, and PA-5440 firewalls only) Fixed an issue where the
l7_misc memory pool was undersized
and caused connectivity loss when the limit was reached.
|
PAN-205877 | (PA-5450 firewalls only) Added debug commands for an issue where a MAC address flap occurred on a neighbor firewall when connecting both MGT-A and MGT-B interfaces.
|
PAN-205829 | Fixed an issue where logs did not display Host-ID details for GlobalProtect users despite having a quarantine Security policy rule. This occurred due to a missed local cache lookup.
|
PAN-205804 | Fixed an issue on Panorama where a WildFire scheduled update for managed devices triggered multiple UploadInstall jobs per minute.
|
PAN-205729 | (PA-3200 Series and PA-7000 Series firewalls only) Fixed an issue where the CPLD watchdog timeout caused the firewall to reboot unexpectedly.
|
PAN-205699 | Fixed an issue where the cloud plugin configuration was automatically deleted from Panorama after a reboot or a configd process restart.
|
PAN-205698 | Fixed an issue where GlobalProtect authentication did not work on Apple MacOS devices when the authentication method used was CIE with SAML Authentication.
|
PAN-205590 | Fixed an issue where the fan tray fault LED light was on even though no alarm was reported in the system environment.
|
PAN-205453 | Fixed an issue where running reports or queries under a user group caused the reportd process to stop responding.
|
PAN-205396 | Fixed an issue where SD-WAN adaptive SaaS path monitoring did not work correctly during a next hop link down failure.
|
PAN-205260 | Fixed an issue where there was an IP address conflict after a reboot due to a transaction ID collision.
|
PAN-205255 | Fixed a rare issue that caused the dataplane to restart unexpectedly.
|
PAN-205231 | Fixed an issue where a commit operation remained at 55% for longer than expected if more than 7,500 Security policy rules were configured.
|
PAN-205211 | Fixed an issue where the reportd process stopped responding while querying logs (Monitor > Logs > <logtype>).
|
PAN-205096 | Fixed an issue where promoted sessions were not synced with all cluster members in an HA cluster.
|
PAN-204749 | Fixed an issue where sudden, large bursts of traffic destined for an interface that was down caused packet buffers to fill, which stalled path monitor heartbeat packets.
|
PAN-204581 | Fixed an issue where, when accessing a web application via the GlobalProtect Clientless VPN, the web application landing page continuously reloaded.
|
PAN-204575 | (PA-7000 Series firewalls with Log Forwarding Cards (LFCs) only) Fixed an issue where the firewall did not forward logs to the log collector.
|
PAN-204572 | Fixed an issue where python scripts were not working as expected.
|
PAN-204456 | Fixed an issue related to the logd process that caused high memory consumption.
|
PAN-204335 | Fixed an issue where Panorama became unresponsive, and when refreshed, the error 504 Gateway not Reachable was displayed.
|
PAN-203964 | (Firewalls in FIPS-CC mode only) Fixed an issue where the firewall went into maintenance mode due to downloading a corrupted software image, which resulted in the error message FIPS-CC failure. Image File Authentication Error.
|
PAN-203851 | Fixed an issue with firewalls in HA configurations where host information profile (HIP) sync did not work between peer firewalls.
|
PAN-203681 | (Panorama appliances in FIPS-CC mode only) Fixed an issue where a leaf certificate was unable to be imported into a template stack.
|
PAN-203663 | Fixed an issue where administrators were unable to change the password of a local database for users configured as a local admin user via an authentication profile.
|
PAN-203453 | Fixed an issue on Panorama where the log query failed due to a high number of User-ID redistribution messages.
|
PAN-203430 | Fixed an issue where, when the User-ID agent had collector name/secret configured, the configuration was mandatory on clients on PAN-OS 10.0 and later releases.
|
PAN-203339 | Fixed an issue where services failed due to the RAID rebuild not being completed on time.
|
PAN-203147 | (Firewalls in FIPS-CC mode only) Fixed an issue where the firewall unexpectedly rebooted when downloading a new PAN-OS software image.
|
PAN-203137 | (PA-5450 firewalls only) Fixed an issue where HSCI ports did not come up when QSFP DAC cables were used.
|
PAN-202543 | An enhancement was made to improve path monitor data collection by verifying the status of the control network.
|
PAN-202248 | Fixed an issue where, due to a tunnel content inspection (TCI) policy match, IPSec traffic did not pass through the firewall when NAT was performed on the traffic.
|
PAN-201701 | Fixed an issue where the firewall generated system log alerts if the raid for a system or log disk was corrupted.
|
PAN-201580 | Fixed an issue where the useridd process stopped responding due to an invalid vsys_id request.
|
PAN-200845 | (M-600 Appliances in Management-only mode only) Fixed an issue where XML API queries failed due to the configuration size being larger than expected.
|
PAN-200160 | Fixed a memory leak issue on Panorama related to the logd process that caused an out-of-memory (OOM) condition.
|
PAN-200116 | Fixed an issue where Elasticsearch displayed red due to frequent tunnel check failures between HA clusters.
|
PAN-199965 | Fixed an issue where the reportd process stopped responding on log collectors during query and report operations due to a race condition between request handling threads.
|
PAN-199807 | Fixed an issue where the dataplane frequently restarted due to high memory usage on wifclient.
|
|
PAN-196597
|
Fixed an issue where the dnsproxyd process stopped
responding due to corruption.
|
PAN-198306 | Fixed an issue where the useridd process stopped responding when booting up the firewall.
|
PAN-198266 | Fixed an issue where, when predicts for UDP packets were created, a configuration change occurred that triggered a new policy lookup, which caused the dataplane stopped responding when converting the predict. This resulted in a dataplane restart.
|
PAN-198038 | A CLI command was added to address an issue where long-lived sessions were aging out even when there was ongoing traffic.
|
PAN-197872 | Fixed an issue where the useridd process generated false positive critical errors.
|
PAN-197298 | Fixed an issue where the audit comment archive for Security rule changes output had overlapping formats.
|
PAN-196410 | Fixed an issue where you were unable to customize the risk value in Risk-of-app.
|
PAN-195756 | Fixed an issue that caused an API request timeout when parsing requests using large header buffers.
|
|
PAN-194805
|
Fixed an issue where scheduled configuration backups to the SCP
server failed with error message No ECDSA host key is
known.
|
PAN-194068 | (PA-5200 Series firewalls only) Fixed an issue where the firewall unexpectedly rebooted with the log message Heartbeat failed previously.
|
PAN-192513 | Fixed an issue where log migration did not work when converting a Legacy mode Panorama appliance to Log Collector mode.
|
|
PAN-192282
|
(PA-415 and PA-445 firewalls only) Fixed an issue where, in
1G mode, the MGT and Ethernet 1/1 port LEDs incorrectly displayed as
amber instead of green.
|
PAN-191222 | Fixed an issue where Panorama became inaccessible when after a push to the collector group.
|
PAN-190502 | Fixed an issue where the Policy filter and Policy optimizer filter were required to have the exact same syntax, including nested conditions with rules that contained more than one tag when filtering via the neq operator.
|
PAN-189335 | Fixed an issue where the varrcvr process restarted repeatedly, which caused the firewall to restart.
|
PAN-189200 | Fixed an issue where sinkholes did not occur for AWS Gateway Load Balancer dig queries.
|
PAN-186412 | Fixed an issue where invalid packet-ptr was seen in work entries.
|
PAN-186270 | Fixed an issue where, when HA was enabled and a dynamic update schedule was configured, the configd process unexpectedly stopped responding during configuration commits.
|
PAN-183375 | Fixed an issue where traffic arriving on a tunnel with a bad IP address header checksum was not dropped.
|
PAN-180948 | Fixed an issue where an external dynamic list fetch failed with the error message Unable to fetch external dynamic list. Couldn't resolve host name. Using old copy for refresh.
|
PAN-179174 | Fixed an issue where exported PDF report of the ACC was the incorrect color after upgrading from a PAN-OS 10.1 or later release.
|
PAN-178594 | Fixed an issue where the descriptions of options under the set syslogng ssl-conn-validation CLI command were not accurate.
|
PAN-175142 | Fixed an issue on Panorama where executing a debug command caused the logrcvr process to stop responding.
|
PAN-170414 | Fixed an issue related to an OOM condition in the dataplane, which was caused by multiple panio commands using extra memory.
|