PAN-OS 11.0.1 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
PAN-OS 11.0.1 Addressed Issues
PAN-OSĀ® 11.0.1 addressed issues.
Issue ID | Description |
|---|---|
|
PAN-231823
|
A fix was made to address CVE-2024-5916.
|
PAN-216656 | Fixed an issue where the firewall was unable to fully process the user list from a child group when the child group contained more than 1,500 users.
|
PAN-215911 | Fixed an issue that resulted in a race condition, which caused the configd process
to stop responding.
|
PAN-215488 | Fixed an issue where an expired Trusted Root CA was used to sign the forward proxy leaf certificate during SSL Decryption.
|
PAN-210561 | Fixed an issue where the all_task process repeatedly restarted due to missed heartbeats.
|
PAN-210513 | Fixed an issue where Captive Portal authentication via SAML did not work.
|
PAN-210481 | Fixed an issue where botnet reports were not generated on the firewall.
|
PAN-210449 | Fixed an issue where the value for shared objects used in policy rules were not displayed on multi-vsys firewalls when pushed from Panorama.
|
PAN-210331 | Fixed an issue where the firewall did not send device telemetry files to Cortex Data Lake with the error message send the file to CDL receiver failed.
|
PAN-210327 | (PA-5200 Series firewalls only) Fixed an issue where upgrading to PAN-OS 10.1.7, an internal loop caused an increase in the packets received per second.
|
PAN-210237 | Fixed an issue where system logs generated by Panorama for commit operations showed the severity as High instead of Informational.
|
PAN-210080 | Fixed an issue where the useridd process stopped responding when add and delete member parameters in an incremental sync query were empty.
|
PAN-209799 | Fixed an issue where logging was not disabled on passive nodes, which caused the logrcvr to stop responding.
|
PAN-209491 | Fixed an issue on the web interface where the Session Expire Time displayed a past date if the device time was in December.
|
PAN-209069 | Fixed an issue where IP addresses in the X-Forwarded-For (XFF) field were not logged when the IP address contained an associated port number.
|
PAN-209036 | Fixed an issue where the dataplane restarted, which led to slot failures occurring and a core file being generated.
|
PAN-208987 | (PA-5400 Series only) Fixed an issue where packets were not transmitted from the firewall if its fragments were received on different slots. This occurred when aggregate ethernet (AE) members in an AE interface were placed on a different slot.
|
|
PAN-208922
|
A fix was made to address an issue where an authenticated
administrator was able to commit a specifically created
configuration to read local files and resources from the system
(CVE-2023-38046).
|
PAN-208930 | (PA-7000 Series firewalls only) Fixed an issue where auto-tagging in log forwarding did not work.
|
PAN-208902 | Fixed an issue where, when a client sent a TCP/FIN packet, the firewall displayed the end reason as aged-out instead of tcp-fin.
|
PAN-208724 | Fixed an issue where port pause frame settings did not work as expected and incorrect pause frames occurred.
|
PAN-208718 | Additional debug information was added to capture internal details during traffic congestion.
|
PAN-208711 | (PA-5200 Series firewalls only) The CLI command debug dataplane set pow no-desched yes/no was added to address an issue where the all_pktproc process stopped responding and caused traffic issues.
|
PAN-208537 | Fixed an issue where the licensed-device-capacity was reduced when multiple device management license key files were present.
|
PAN-208525 | Fixed an issue where Security policy rules with user groups did not match when Kerberos authentication was configured for explicit proxy.
|
PAN-208485 | Fixed an issue where NAT policies were not visible on the CLI if they contained more than 32 characters.
|
PAN-208343 | Fixed an issue where telemetry regions were not visible on Panorama.
|
PAN-208157 | Fixed an issue where malformed hints sent from the firewall caused the logd process to stop responding on Panorama, which caused a system reboot into maintenance mode.
|
PAN-207940 | Fixed an issue where platforms with RAID disk checks were performed weekly, which caused logs to incorrectly state that RAID was rebuilding.
|
PAN-207740 | Fixed an issue that resulted in a race condition, which caused the configd process to stop responding.
|
PAN-207738 | Fixed an issue where the ocsp-next-update-time CLI command did not execute for leaf certificates with certificate chains that did not specify OCSP or CRL URLs. As a result, the next update time was 60 minutes even if a different time was set.
|
PAN-207663 | Fixed a Clientless VPN issue where JSON stringify caused issues with the application rewrite.
|
|
PAN-207629
|
Fixed an issue where a selective push to firewalls failed if the
firewalls were enabled with multiple vsys and the push scope
contained shared objects in device groups.
|
PAN-207610 | (PA-5200 Series and PA-7000 Series firewalls only) Fixed an issue where Log Admin Activity was not visible on the web interface.
|
PAN-207601 | Fixed an issue where URL cloud connections were unable to resolve the proxy server hostname.
|
PAN-207426 | Fixed an issue where a selective push did not include the Share Unused Address and Service Objects with Devices option on Panorama, which caused the firewall to not receive the objects during the configuration push.
|
PAN-207400 | Fixed an issue on Octeon based platforms where fragmented VLAN tagged packets dropped on an aggregate interface.
|
PAN-207390 | Fixed an issue where, even after disabling Telemetry, Telemetry system logs were still generated.
|
PAN-207260 | A commit option was enabled for Device Group and Template administrators after a password change.
|
PAN-207045 | (PA-800 Series firewalls only) Fixed an issue where PAN-SFP-SX transceivers used on ports 5 to 8 did not renegotiate with peer ports after a reload.
|
PAN-206963 | (M-700 Appliances only) A CLI command was added to check the status of each physical port of a bond1 interface.
|
PAN-206858 | Fixed an issue where a segmentation fault occurred due to the useridd process being restarted.
|
PAN-206755 | Fixed an issue when a scheduled multi-device group push occurred, the configd process stopped responding, which caused the push to fail.
|
PAN-206684 | (PA-7000 Series firewalls with Log Forwarding Cards (LFCs) only) Fixed an issue where, after upgrading the firewall from a PAN-OS 10.0 release to a PAN-OS 10.1 release, the firewall did not duplicate logs to local log collectors or to Cortex Data Lake when a device certificate was already installed.
|
PAN-206658 | Fixed a timeout issue in the Intel ixgbe driver that resulted in internal path monitoring failure.
|
PAN-206466 | Fixed an issue where the push scope was displaying duplicate shared objects for each device group that were listed under the shared-object group.
|
PAN-206393 | (PA-5280 firewalls only) Fixed an issue where memory allocation errors caused decryption failures that disrupted traffic with SSL forward proxy enabled.
|
PAN-206382 | Fixed an issue where authentication sequences were not populated in the drop down when selecting authentication profiles during administrator creation in a template.
|
PAN-206251 | (PA-7000 Series firewalls with Log Forwarding Cards (LFCs) only) Fixed an issue where the logrcvr process did not send the system-start SNMP trap during startup.
|
PAN-206233 | Fixed an issue where the pan_comm process stopped responding when a content update and a cloud application update occurred at the same time.
|
PAN-206128 | (PA-7000 Series firewalls with NPCs (Network Processing Cards) only) Improved debugging capability for an issue where the firewall restarted due to heartbeat failures and then failed with the following error message: Power not OK.
|
PAN-206069 | Fixed an issue where the firewall was unable to boot up on older Intel CPUs.
|
PAN-206017 | Fixed an issue where the show dos-protection rule command displayed a character limit error.
|
PAN-206005 | (PA-1400 Series, PA-3400 Series, and PA-5440 firewalls only) Fixed an issue where the
l7_misc memory pool was undersized
and caused connectivity loss when the limit was reached.
|
PAN-205877 | (PA-5450 firewalls only) Added debug commands for an issue where a MAC address flap occurred on a neighbor firewall when connecting both MGT-A and MGT-B interfaces.
|
PAN-205829 | Fixed an issue where logs did not display Host-ID details for GlobalProtect users despite having a quarantine Security policy rule. This occurred due to a missed local cache lookup.
|
PAN-205804 | Fixed an issue on Panorama where a WildFire scheduled update for managed devices triggered multiple UploadInstall jobs per minute.
|
PAN-205729 | (PA-3200 Series and PA-7000 Series firewalls only) Fixed an issue where the CPLD watchdog timeout caused the firewall to reboot unexpectedly.
|
PAN-205699 | Fixed an issue where the cloud plugin configuration was automatically deleted from Panorama after a reboot or a configd process restart.
|
PAN-205698 | Fixed an issue where GlobalProtect authentication did not work on Apple MacOS devices when the authentication method used was CIE with SAML Authentication.
|
PAN-205590 | Fixed an issue where the fan tray fault LED light was on even though no alarm was reported in the system environment.
|
PAN-205453 | Fixed an issue where running reports or queries under a user group caused the reportd process to stop responding.
|
PAN-205396 | Fixed an issue where SD-WAN adaptive SaaS path monitoring did not work correctly during a next hop link down failure.
|
PAN-205260 | Fixed an issue where there was an IP address conflict after a reboot due to a transaction ID collision.
|
PAN-205255 | Fixed a rare issue that caused the dataplane to restart unexpectedly.
|
PAN-205231 | Fixed an issue where a commit operation remained at 55% for longer than expected if more than 7,500 Security policy rules were configured.
|
PAN-205211 | Fixed an issue where the reportd process stopped responding while querying logs (Monitor > Logs > <logtype>).
|
PAN-205096 | Fixed an issue where promoted sessions were not synced with all cluster members in an HA cluster.
|
PAN-204749 | Fixed an issue where sudden, large bursts of traffic destined for an interface that was down caused packet buffers to fill, which stalled path monitor heartbeat packets.
|
PAN-204581 | Fixed an issue where, when accessing a web application via the GlobalProtect Clientless VPN, the web application landing page continuously reloaded.
|
PAN-204575 | (PA-7000 Series firewalls with Log Forwarding Cards (LFCs) only) Fixed an issue where the firewall did not forward logs to the log collector.
|
PAN-204572 | Fixed an issue where python scripts were not working as expected.
|
PAN-204456 | Fixed an issue related to the logd process that caused high memory consumption.
|
PAN-204335 | Fixed an issue where Panorama became unresponsive, and when refreshed, the error 504 Gateway not Reachable was displayed.
|
PAN-203964 | (Firewalls in FIPS-CC mode only) Fixed an issue where the firewall went into maintenance mode due to downloading a corrupted software image, which resulted in the error message FIPS-CC failure. Image File Authentication Error.
|
PAN-203851 | Fixed an issue with firewalls in HA configurations where host information profile (HIP) sync did not work between peer firewalls.
|
PAN-203681 | (Panorama appliances in FIPS-CC mode only) Fixed an issue where a leaf certificate was unable to be imported into a template stack.
|
PAN-203663 | Fixed an issue where administrators were unable to change the password of a local database for users configured as a local admin user via an authentication profile.
|
PAN-203453 | Fixed an issue on Panorama where the log query failed due to a high number of User-ID redistribution messages.
|
PAN-203430 | Fixed an issue where, when the User-ID agent had collector name/secret configured, the configuration was mandatory on clients on PAN-OS 10.0 and later releases.
|
PAN-203339 | Fixed an issue where services failed due to the RAID rebuild not being completed on time.
|
PAN-203147 | (Firewalls in FIPS-CC mode only) Fixed an issue where the firewall unexpectedly rebooted when downloading a new PAN-OS software image.
|
PAN-203137 | (PA-5450 firewalls only) Fixed an issue where HSCI ports did not come up when QSFP DAC cables were used.
|
PAN-202543 | An enhancement was made to improve path monitor data collection by verifying the status of the control network.
|
PAN-202248 | Fixed an issue where, due to a tunnel content inspection (TCI) policy match, IPSec traffic did not pass through the firewall when NAT was performed on the traffic.
|
PAN-201701 | Fixed an issue where the firewall generated system log alerts if the raid for a system or log disk was corrupted.
|
PAN-201580 | Fixed an issue where the useridd process stopped responding due to an invalid vsys_id request.
|
PAN-200845 | (M-600 Appliances in Management-only mode only) Fixed an issue where XML API queries failed due to the configuration size being larger than expected.
|
PAN-200160 | Fixed a memory leak issue on Panorama related to the logd process that caused an out-of-memory (OOM) condition.
|
PAN-200116 | Fixed an issue where Elasticsearch displayed red due to frequent tunnel check failures between HA clusters.
|
PAN-199965 | Fixed an issue where the reportd process stopped responding on log collectors during query and report operations due to a race condition between request handling threads.
|
PAN-199807 | Fixed an issue where the dataplane frequently restarted due to high memory usage on wifclient.
|
|
PAN-196597
|
Fixed an issue where the dnsproxyd process stopped
responding due to corruption.
|
PAN-198306 | Fixed an issue where the useridd process stopped responding when booting up the firewall.
|
PAN-198266 | Fixed an issue where, when predicts for UDP packets were created, a configuration change occurred that triggered a new policy lookup, which caused the dataplane stopped responding when converting the predict. This resulted in a dataplane restart.
|
PAN-198038 | A CLI command was added to address an issue where long-lived sessions were aging out even when there was ongoing traffic.
|
PAN-197872 | Fixed an issue where the useridd process generated false positive critical errors.
|
PAN-197298 | Fixed an issue where the audit comment archive for Security rule changes output had overlapping formats.
|
PAN-196410 | Fixed an issue where you were unable to customize the risk value in Risk-of-app.
|
PAN-195756 | Fixed an issue that caused an API request timeout when parsing requests using large header buffers.
|
|
PAN-194805
|
Fixed an issue where scheduled configuration backups to the SCP
server failed with error message No ECDSA host key is
known.
|
PAN-194068 | (PA-5200 Series firewalls only) Fixed an issue where the firewall unexpectedly rebooted with the log message Heartbeat failed previously.
|
PAN-192513 | Fixed an issue where log migration did not work when converting a Legacy mode Panorama appliance to Log Collector mode.
|
|
PAN-192282
|
(PA-415 and PA-445 firewalls only) Fixed an issue where, in
1G mode, the MGT and Ethernet 1/1 port LEDs incorrectly displayed as
amber instead of green.
|
PAN-191222 | Fixed an issue where Panorama became inaccessible when after a push to the collector group.
|
PAN-190502 | Fixed an issue where the Policy filter and Policy optimizer filter were required to have the exact same syntax, including nested conditions with rules that contained more than one tag when filtering via the neq operator.
|
PAN-189335 | Fixed an issue where the varrcvr process restarted repeatedly, which caused the firewall to restart.
|
PAN-189200 | Fixed an issue where sinkholes did not occur for AWS Gateway Load Balancer dig queries.
|
PAN-186412 | Fixed an issue where invalid packet-ptr was seen in work entries.
|
PAN-186270 | Fixed an issue where, when HA was enabled and a dynamic update schedule was configured, the configd process unexpectedly stopped responding during configuration commits.
|
PAN-183375 | Fixed an issue where traffic arriving on a tunnel with a bad IP address header checksum was not dropped.
|
PAN-180948 | Fixed an issue where an external dynamic list fetch failed with the error message Unable to fetch external dynamic list. Couldn't resolve host name. Using old copy for refresh.
|
PAN-179174 | Fixed an issue where exported PDF report of the ACC was the incorrect color after upgrading from a PAN-OS 10.1 or later release.
|
PAN-178594 | Fixed an issue where the descriptions of options under the set syslogng ssl-conn-validation CLI command were not accurate.
|
PAN-175142 | Fixed an issue on Panorama where executing a debug command caused the logrcvr process to stop responding.
|
PAN-170414 | Fixed an issue related to an OOM condition in the dataplane, which was caused by multiple panio commands using extra memory.
|