PAN-OS 11.0.3 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 11.0 (EoL)
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
-
- Networking Features
- Panorama Features
- Management Features
- Certificate Management Features
- Cloud Identity Features
- Content Inspection Features
- IoT Security Features
- Mobile Infrastructure Security Features
- SD-WAN Features
- Virtualization Features
- Advanced WildFire Features
- GlobalProtect Features
- Hardware Features
- Enterprise Data Loss Prevention Features
End-of-Life (EoL)
PAN-OS 11.0.3 Addressed Issues
PAN-OS 11.0.3 addressed issues.
Issue ID | Description |
|---|---|
|
PAN-231823
|
A fix was made to address CVE-2024-5916.
|
PAN-233954 | Fixed an issue where the firewall was unable to retrieve correct groups from the LDAP server.
|
PAN-232059 | Fixed an issue with memory management when processing large certificates using TLSv1.3.
|
PAN-229691 | Fixed an issue on Panorama where configuration lock timeout errors were observed during normal operational commands by increasing thread stack size on Panorama.
|
PAN-228877 | (PA-7050 firewalls only) Fixed an issue with OOM conditions which caused slot restarts
due to pan_cmd consuming more than 300
MB.
|
PAN-227639 | Fixed an issue where the ACC displayed an incorrect DNS-base application traffic byte count.
|
PAN-227376 | Fixed an issue where a memory overrun caused the all_task process to stop responding.
|
PAN-227179 | Fixed an issue where routes were not updated in the forwarding table.
|
PAN-226418 | A CLI command was added to address an issue where long-lived sessions aged out even when there was ongoing traffic.
|
PAN-226198 | Fixed an issue on Panorama where the configd process repeatedly restarted when attempting to make configuration changes.
|
PAN-225920 | Fixed an issue where duplicate predict sessions didn't release NAT resources.
|
PAN-225183 | Fixed an issue where SSH tunnels were unstable due to ciphers used as part of the high availability SSH configuration.
|
PAN-225169 | Added a CLI command to view Cortex Data Lake queue usage.
|
PAN-224145 | Fixed an issue in multi-vsys environments where, when Panorama was on a PAN-OS 10.2 release and the firewall was on a PAN-OS 10.1 release, commits failed on the firewall when inbound inspection mode was configured in the decryption policy rule.
|
PAN-223852 | Fixed an issue where all_pktproc stopped responding when network packet broker or decryption broker chains failed.
|
PAN-223741 | Fixed an issue where the mprelay process stopped responding, which caused a slot restart when another slot rebooted.
|
PAN-223501 | (PA-5200 Series and PA-7000 Series firewalls only) Fixed an issue where diagnostic information for the dataplane in the dp-monitor.log file was not complete.
|
PAN-223488 | Fixed an issue where closed ElasticSearch shards were not deleted, which resulted in shard
purging not working as expected.
|
PAN-223457 | Fixed an issue where, if the number of group queries exceeded the Okta rate limit threshold, the firewall cleared the cache for the groups.
|
PAN-223317 | Fixed an issue where SSL traffic failed with the error message: Error: General TLS protocol error.
|
PAN-223185 | Fixed an issue where the distributord process stopped responding.
|
PAN-222957 | Fixed an issue where managed firewalls did not reflect changes pushed by users who were not in a
superuser role.
|
PAN-222941 | Fixed an issue where viewing the latest logs took longer than expected due to log indexer failures.
|
PAN-222533 | (VM-Series firewalls on Microsoft Azure and Amazon Web Services (AWS) environments) Added support for high availability (HA) link monitoring and path monitoring.
|
PAN-222418 | Fixed an issue where the firewall intermittently recorded a reconnection message to the authentication server as an error, even if no disconnection occurred.
|
PAN-222162 | Fixed an issue where the show transceiver <interface> CLI command
showed the RX and TX powers as 0.00 mW.
|
PAN-221984 | (VM-Series firewalls in Microsoft Azure environments only) Fixed an issue where an interface went down after a hotplug event and was only recoverable by restarting the firewall.
|
PAN-221836 | Fixed an issue where improper SNI detection caused incorrect URL categorization.
|
PAN-221787 | Fixed an issue where a User Principal Name (UPN) was incorrectly required in the pre-logon machine certificate.
|
PAN-221647 | Fixed an issue where the Apps seen value was not reflected on Panorama.
|
PAN-221577 | Fixed an issue where a static route for a branch or hub over the respective virtual interface was not installed in the routing table even when the tunnel to the branch or hub was active.
|
PAN-221208 | Fixed an issue where the tunnel monitor was unable to remain up when zone protection with Strict
IP was enabled and NAT Traversal was applied.
|
PAN-221126 | Fixed an issue where Email server profiles (Device > Server Profiles > Email and
Panorama > Server Profiles > Email) to forward
logs as email notifications were not forwarded in a readable
format.
|
PAN-220910 | Fixed an issue where an internal management plane NIC caused a kernel panic when doing a transmit due to the driver reinitializing under certain failure or change conditions on the same interface during transmit.
|
PAN-220899 | Fixed an issue where you were unable to choose the manual GlobalProtect gateway.
|
PAN-220747 | Fixed an issue where logs were not visible after restarting the log collector.
|
PAN-220626 | Fixed an issue where system warning logs were written every 24 hours.
|
PAN-220448 | Fixed an issue where the GlobalProtect client connection remained at the prelogin stage when
Kerberos SSO failed and was unable to fall back to the realm
authentication.
|
PAN-220401 | Fixed an issue where, during a reboot, an unexpected error message was displayed that the syslog configuration file format was too old.
|
PAN-220281 | (PA-7080 firewalls only) Fixed an issue where autocommitting changes after rebooting the
Log Forwarding Card (LFC) caused the logrcvr process to
fail to read the configuration file.
|
PAN-220180 | Fixed an issue where configured botnet reports (Monitor > Botnet) were not generated.
|
PAN-219813 | Fixed an issue where the configuration log displayed incorrect information after a multidevice
group Validate-all operation.
|
PAN-219659 | Fixed an issue where root partition frequently filled up and the following error message was displayed: Disk usage for / exceeds limit, xx percent in use, cleaning filesystem.
|
PAN-219644 | Fixed an issue where firewalls that forwarded logs to a syslog server over TLS (Objects > Log Forwarding) used the default Palo Alto Networks certificate instead of the configured custom certificate.
|
PAN-219623 | Fixed an issue where, when a multidynamic group validate job was pushed on the firewall, logs
displayed Panorama push instead of
ValidateAll push.
|
PAN-219498 | Fixed an issue where the Threat ID/Name detail in Threat logs was not
included in syslog messages sent to Splunk.
|
PAN-219300 | Fixed an issue where the task manager displayed only limited data.
|
PAN-219253 | Fixed an issue where, after making changes in a template, the Commit and Push option was grayed out.
|
PAN-218988 | Fixed an issue in FIPS mode where, when importing a certificate with a new private key, and the certificate used the name of an existing certificate on the Panorama, the following error message was displayed: Mismatched public and private keys.
|
PAN-218947 | Fixed an issue where logs were not displayed in Elasticsearch under ingestion load.
|
PAN-218697 | Fixed an issue where the ElasticSearch status frequently changed to red or yellow after a PAN-OS upgrade.
|
|
PAN-218663 and PAN-181876
|
A fix was made to address CVE-2024-2433
|
PAN-218404 | Fixed an issue where ikemgr stopped responding due to receiving CREATE_CHILD messages with a malformed SA payload.
|
PAN-218340 | Fixed an issue where selective pushes to template stack and multi device group pushes caused a buildup of resident memory, which caused the configd process to stop responding.
|
PAN-218318 | Fixed an issue where the firewall changed the time zone automatically instead of retrieving the correct time zone from the NTP server.
|
PAN-218273 | Fixed an issue where TCP keepalive packets from the client to the server weren't forwarded when SSL decryption was enabled.
|
PAN-218267 | Fixed an issue where a commit and push operation from Panorama to managed firewalls did not complete or took longer to complete than expected.
|
PAN-218252 | Fixed an issue where the slot-1 data processor showed the status as down during an SNMP
query.
|
PAN-218107 | Fixed an issue with ciphers used for SSH tunnels where packet lengths were too large, which made the SSH tunnel unstable.
|
PAN-218046 | Fixed an issue where the Virtual Routers (Network > Virtual Routers) setting was not available when configuring a custom admin role (Device > Admin Roles).
|
PAN-218001 | (PA-400 Series firewalls only) Fixed an issue where shutdown commands rebooted the system instead of correctly triggering a shutdown.
|
PAN-217650 | (VM-Series firewalls and Panorama virtual appliances in Microsoft Azure environments
only) Fixed an issue where management interface
Speed/Duplex was reported as unknown.
|
PAN-217493 | Fixed an issue where superusers with read-only privileges were unable to view SCEP object configurations.
|
PAN-217169 | Fixed an issue where the logrcvr stopped forwarding logs to the syslog server after a restart.
|
PAN-217053 | Fixed an issue where the configd process stopped responding after a selective push to multiple device groups failed.
|
PAN-216957 | Fixed an issue where allow list checks in an authentication profile did not work if the group
Distinguished Name contains the ampersand ( & ) character.
|
PAN-216775 | Fixed an issue where the devsrvr process stopped responding at pan_cloud_agent_get_curl_connection() and the URL cloud could not be connected.
|
PAN-216366 | Fixed an issue where, when custom signatures used a certain syntax, false positives were generated on devices on a PAN-OS 10.0 release.
|
PAN-216214 | (Panorama managed firewalls in active/active HA configurations only) Fixed an issue where the HA status displayed as Out of Sync (Panorama > Managed Devices > Health) if local firewall configurations were made on one of the HA peers. This caused the next HA configuration sync to overwrite the local firewall configuration made on the HA peer.
|
PAN-216048 | Fixed an issue where, when upgrading from a PAN-OS 9.1 release to a PAN-OS 10.0 release, commits failed with the error message: hip profiles unexpected here.
|
PAN-215767 | Fixed an issue where, after a high availability failover, IKE SA negotiation failed with the error message INVALID_SPI, which resulted in temporary loss of traffic over some proxy IDs.
|
PAN-215655 | Fixed an issue where, after a multidynamic group push, Security policy rules with the target
device tag were added to a firewall that did not have the tag.
|
PAN-215338 | (PA-5400 Series firewalls only) Fixed an issue where the inner VLAN tag for Q-in-Q traffic was stripped when forwarding.
|
PAN-215317 | Fixed an issue where the dataplane stopped responding unexpectedly with the error message comm exited with signal of 10.
|
PAN-215066 | Fixed an issue on Panorama where push scope rendering caused the Commit and Push or Push to Devices operation window to hang for several minutes.
|
PAN-214990 | Fixed an issue where firewall copper ports flapped intermittently when device telemetry was enabled.
|
PAN-214987 | Fixed an issue where Application Filter names were not random, and they matched or included internal protocol names.
|
PAN-214815 | Fixed an issue where SNMP queries were not replied to due to an internal process timeout.
|
PAN-214727 | Fixed an issue where a memory leak related to the useridd process resulted in an OOM
condition, which caused the process to stop responding.
|
PAN-214669 | Fixed an issue where FIN and RESET packets were sent in reverse order.
|
PAN-214463 | Fixed an issue where IKE re-key negotiation failed with a third-party vendor and the firewall
acting as the initiator received a response with the VENDOR_ID
payload and the error message unexpected critical
payload (type 43).
|
PAN-214201 | Fixed an issue where, after exporting custom reports to CSV format, the letter b appeared at the beginning of each column.
|
|
PAN-214186
|
Fixed an issue where category length was incorrect, which caused the
dataplane to restart.
|
PAN-213956 | Fixed an issue where the firewall interface did not go down even after the peer link/switch port went down.
|
PAN-213931 | Fixed an issue where the logrcvr process cache was not in sync with the mapping on the firewall.
|
PAN-213296 | Fixed an issue where Single Log-out (SLO) was not correctly triggered from the firewall toward
the client, which caused the client to not initiate the SLO request
toward the identity provider (IdP). This resulted in the IdP not
making the SLO callback to the firewall to remove the user.
|
PAN-213162 | Fixed an issue where an SD-WAN object was not displayed under a child device group.
|
PAN-213112 | Fixed an issue where executing the show report directory-listing CLI command resulted in no output after upgrading to a PAN-OS 10.1 release.
|
PAN-212978 |
Fixed an issue where the firewall stopped responding when executing an SD-WAN debug CLI
command.
|
PAN-212726 | Fixed an issue where RTP/RTCP packets were dropped for SIP calls by SIP ALG when the source NAT translation type was persistent Dynamic IP And Port.
|
PAN-212577 | (PA-5200 Series and PA-7080 firewalls only) Fixed an issue where commits took longer than expected when more than 45,000 Security policy rules were configured.
|
PAN-212240 | Fixed an issue where packet capture was logged for an unknown application session when packet capture logging was disabled.
|
PAN-212057 | Fixed an issue where Advanced Threat Prevention caused SSL delays when no URL licenses were present.
|
PAN-211441 | Fixed a memory leak issue related to SSL crypto operations that resulted in failed commits.
|
PAN-211398 | Fixed an issue where dataplane processes stopped responding when handling HTTP/2 streams.
|
PAN-211384 | Fixed an issue where the size of the redisthost_1 in the Redis database continuously increased, which caused an OOM condition.
|
PAN-210640 | Fixed an issue where applications were not displayed after authenticating into the clientless VPN.
|
PAN-210502 | Fixed an issue where Panorama was unable to convert to PAN-OS 9.1 syntax for WF-500
appliances.
|
PAN-210456 | Fixed an issue where high latency occurred on PA-850-ZTP when SSL decryption was enabled.
|
PAN-210452 | Fixed an issue where application packet capture (pcap) was not generated when Security policy
rules were used as a filter.
|
PAN-210429 | (VM-Series firewalls only) Fixed an issue where the HTTP service failed to come up on DHCP dataplane interfaces after rebooting the firewall, which resulted in health-check failure on HTTP/80 with a 503 error code on the public load balancer.
|
PAN-210364 | Fixed an issue where high latency was observed when accessing internal web applications, which interrupted development activities related to the web server.
|
PAN-209585 | The Palo Alto Networks QoS implementation now supports a new QoS mode called lockless QoS for PA-3400, PA-5410, PA-5420, PA-5430, and PA-5440 firewalls. For firewalls with higher bandwidth QoS requirements, the lockless QoS dedicates cores to the QoS function that improves QoS performance, resulting in improved throughput and latency.
|
PAN-209375 | Fixed an issue on the firewall where log filtering did not work as expected.
|
PAN-209288 | Fixed an issue where generating certificates with SCEP did not work.
|
PAN-209172 | Fixed an issue where the firewall was unable to handle GRE packets for Point-to-Point Tunneling Protocol (PPTP) connections.
|
PAN-209108 | Fixed an issue where a Panorama in Management Only mode was unable to display logs from log
collectors due to missing schema files.
|
PAN-208567 | Fixed an issue with email formatting where, when a scheduled email contained two or more attachments, only one attachment was visible.
|
PAN-208438 | Fixed an issue on Panorama where Security policy rules incorrectly displayed as disabled.
|
PAN-208395 | Fixed an issue where user authentication failed in multi-vsys environments with the error message User is not in allowlist when an authentication profile was created in a shared configuration space.
|
PAN-208316 | Fixed an issue where user-group names were unable to be configured as the source user via the test security-policy-match command.
|
PAN-208240 | Fixed an issue where, when attempting to replace an existing certificate, importing a new certificate with the same name as the existing certificate failed due to mismatched public and private keys.
|
PAN-208198 | Fixed an issue with firewalls in active/passive HA configurations where, after rebooting the passive firewall, interfaces were briefly shown as powered up, and then shown as down or shutdown.
|
PAN-208090 | Fixed an issue where the ACC report did not display data when querying the filter for the fields Source and Destination IP.
|
PAN-207604 | Fixed an issue where system logs continuously generated the log message Not enough space to load content to SHM.
|
PAN-207577 | Fixed an issue where Panorama > Setup > Interfaces was not accessible for users with custom admin roles even when the interface option was selected for the custom admin roles.
|
PAN-206765 | Fixed an issue where log forwarding filters involving negation did not work.
|
PAN-205015 | Fixed an issue where not all users were included in the user group after an incremental sync between the firewall and the Cloud Identity Engine.
|
PAN-204868 | Fixed an issue where disk utilization was continuously high due to the log purger not sufficiently reducing the utilization level.
|
PAN-204718 | (PA-5200 Series firewalls only) Fixed an issue where, after upgrading to PAN-OS 10.1.6-h3, a TACACS user login displayed the following error message during the first login attempt: Could not chdir to home directory /opt/pancfg/home/user: Permission denied.
|
PAN-203611 | Fixed an issue where URL categorization was not recognized for URLs that contained more than 100 characters.
|
PAN-202524 | Fixed an issue where the session ID was missing in the session details section of the ingress-backlogs XML API output.
|
PAN-199819 | Fixed an issue where, if a decryption profile allowed TLSv1.3, but the server only supported
TLSv1.2, and the cipher used by the first connection to the server
was a CBC SHA2 cipher suite, the connection failed.
|
PAN-198509 | Fixed an issue where commits failed due to insufficient CFG memory.
|
PAN-198453 | Fixed an issue where you were unable to resize the Description pop-up window (Policies > Security > Prerules).
|
PAN-198050 | Fixed an issue where Connection to update server is successful messages displayed even when connections failed.
|
PAN-197339 | Fixed an issue where template configuration for the User-ID agent was not reflected on the template stack on Panorama appliances on PAN-OS 10.2.1.
|
PAN-196345 | Fixed an issue where scheduled dynamic content updates failed to be retrieved by managed firewalls from Panorama when connectivity was slow.
|
PAN-189328 | Fixed an issue where traffic belonging to the same session was sent out from different ECMP enabled interfaces.
|
PAN-187989 | Fixed an issue where a user who did not have permissions of other access domains were able to view the commit and configuration lock.
|
PAN-185360 | Fixed an issue where, when Authentication Portal Authentication was configured,
l3svc_ngx_error.log and
l3svc_access.log did not roll over
after exceeding 10 megabytes, which caused the root partition to
reach full utilization.
|
PAN-180082 | Fixed an issue where errors in brdagent logs caused dataplane path monitoring failure.
|
PAN-177227 | (VM-Series firewalls on Amazon Web Services environments only) Fixed an issue where traffic sent from a GENEVE tunnel to the firewall was dropped if the firewall attempted to encapsulate traffic into an IPSec tunnel.
|
PAN-169586 | Fixed an issue where scheduled log view reports in emails didn't match the monitor page query result for the same time interval.
|
PAN-160633 | (PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls only) Fixed an issue where
the dataplane restarted repeatedly due to an internal path
monitoring failure until a power cycle.
|