PAN-OS 11.0.4 Addressed Issues
Focus
Focus

PAN-OS 11.0.4 Addressed Issues

Table of Contents
End-of-Life (EoL)

PAN-OS 11.0.4 Addressed Issues

PAN-OS 11.0.4 addressed issues.
Issue ID
Description
PAN-250686
Fixed an issue where selective push operations did not work when more than one admin user simultaneously performed changes and partial commits on Panorama.
PAN-249808
Fixed an issue where the configd process stopped responding when performing multidevice group pushes via XML API.
PAN-246707
Fixed an issue where failover was not triggered when multiple processes stopped responding.
PAN-245701
Fixed an issue where the returned values to SNMP requests for data port statistics were incorrect.
PAN-245690
Fixed an issue where the managed collectors health status on Panorama displayed as empty.
PAN-244493
Fixed a memory limitation with mapping subinterfaces to VPCE endpoints for GCP IPS, Amazon Web Services (AWS) integration with GWLB, and NSX service chain mapping.
PAN-243951
Fixed an issue on Panorama appliances in active/passive HA configurations where managed devices displayed as out-of-sync on the passive appliance when peer configuration changes were made to the SD-WAN configuration on the active peer.
PAN-242910
Fixed an issue where a custom based non-Superuser was unable to push to firewalls.
PAN-242627
Fixed an issue where selective push did not work.
PAN-242519
Fixed an issue where scheduled email reports failed if the @ symbol before the mail client was missing.
PAN-242027
Fixed an issue where the all-task process repeatedly restarted during memory allocation failures.
PAN-241164
(PA-410 firewalls only) Fixed an issue where system and configuration logs sent from the firewall to Panorama contained the serial number field instead of the firewall device name.
PAN-241141
Fixed an issue where creating more than one address object in the same XML API request resulted in a commit error.
PAN-240618
Fixed an issue where configuration commits were successful even when dynamic peer IKE gateways configured on the same interface and IP address that did not have the same IKE Crypto profile.
PAN-240612
Fixed a kernel panic caused by a third-party issue
PAN-240487
Fixed an issue where fan speed increased significantly after upgrading the firewall.
PAN-240251
Fixed an issue where the vldmgr process incorrectly restarted during an Elasticsearch restart.
PAN-240225
Fixed an issue where authentication failed on web-based GlobalProtect portal.
PAN-240197
Fixed an issue where configuration changes made in Panorama and pushed to the firewall were not reflected on the firewall.
PAN-240166
Fixed an issue where, when explicit proxy was configured on the firewall, websites loaded more slowly than expected or did not load due to DNS using TCP.
PAN-239776
Fixed an issue where Panorama went into maintenance mode due to a GlobalProtect quota configuration that was under the minimum required quota.
PAN-239722
Fixed an issue where SNMP scans to the firewall took longer than expected and intermittently timed out.
PAN-239279
Fixed an issue where the SWG proxy did not accept new connections.
PAN-239256
Fixed an issue where ARP entries were unable to be completed for subinterfaces with SNAT configured.
PAN-239241
Extended the root certificate for WildFire appliances to December 31, 2032.
PAN-239200
Fixed an issue where the following Prisma Access SWG proxy upstream error was displayed when you attempted to access the proxy: disconnect / reset before headers: reset reason: overflow.
PAN-239144
Fixed an issue where the web interface was slower than expected when logging in, committing, and pushing changes after upgrading to PAN-OS 10.2.7.
PAN-238949
Fixed a memory corruption issue where multiple processes stopped responding.
PAN-238643
Fixed an issue where a memory leak caused multiple processes to stop responding when VM Information Sources was configured.
PAN-238621
Fixed an issue where the HA3 link status remained down when updating the HA3 interface configuration when the AE interface was up.
PAN-238586
Fixed an issue where DNS resolution failure from the LFC resulted in WildFire public cloud connectivity failure.
PAN-238562
Fixed an issue where log collectors stopped responding when gathering reports from Panorama.
PAN-238508
Fixed an issue where the routed process created excessive logs in the log file.
PAN-237993
Fixed an issue where Config Push Scheduler > Admin scope changed to an admin ID instead of a 0 value, which caused a scheduled configuration push to work as a Selective push instead of a Full push.
PAN-237876
Extended the firewall Panorama root CA certificate which was previously set to expire on April 7th, 2024.
PAN-237678
Fixed an issue with firewalls in active/passive HA configurations where the passive firewall displayed the error message Unable to read QSFP Module ID when the passive link state was set to shutdown.
PAN-237562
Fixed an issue where firewalls generated link-change system logs for SFP ports even when no cable was connected to the ports.
PAN-237537
Fixed an issue where, when deleting CTD entries, the all_pktproc process stopped responding which resulted in dataplane failure.
PAN-237478
Fixed an issue where the Traffic log displayed 0 bytes for denied sessions.
PAN-237454
Fixed an issue where Panorama stopped redistributing IP address-to-username mappings when packet loss occurred between the distributor and the client.
PAN-237369
(PA-1420 firewalls only) Fixed an issue where the all_task process stopped responding, which caused the firewall to become unresponsive.
PAN-236802
Fixed an issue on firewalls in HA configurations where unexpected failovers occurred.
PAN-236605
Fixed an issue where the configd process stopped responding due to a deadlock related to rule-hit-count.
PAN-235840
Fixed an issue where, after a configuration push from Panorama to managed firewalls, the status displayed as None and the push took longer than expected.
PAN-235737
Fixed an issue where the brdagent process stopped responding due to a sudden increase in logging to the bcm.log.
PAN-235628
Fixed an issue where you were not prompted for login credentials when you disconnected and connected back to the GlobalProtect portal when SAML authentication was selected along with single sign-on (SSO) and Single Log Out (SLO).
PAN-235557
Fixed an issue where uploads from tunnels, including GlobalProtect, were slower than expected when the inner and outer sessions were on different dataplanes.
PAN-235476
Fixed an issue where Threat logs from different Security zones were aggregated into one log.
PAN-235385
Enhanced wifclient cloud connectivity redundancy.
PAN-235168
Fixed an issue where disk space became full even after clearing old logs and content images.
PAN-235081
(VM-Series firewalls only) Fixed an issue where the firewall sent packets to its own interface after configuring NAT64.
PAN-234977
Fixed an issue where, when a Layer 2 interface that was a member of a VLAN was down, all traffic transmitted over the VLAN was dropped.
PAN-234459
Fixed an issue with the firewall web interface where local SSL decryption exclusion cache entries were not visible.
PAN-234290
Fixed an issue where the firewall displayed incorrect interface transfer rates when running the CLI command show system state filter-pretty sys.s1.px with a filter.
PAN-234279
Fixed an issue where the ikemgr process crashed due to an IKEv1 timing issue, which caused commits to fail with the following error message: Client ikemgr requesting last config in the middle of a commit/validate, aborting current commit.
PAN-234238
Fixed an issue where a Security policy that referenced more than 30 HIP Profiles caused buffer overflow, which caused other Security policies with HIP Profiles to misidentified users and traffic was denied.
PAN-234190
Fixed an issue where the firewall incorrectly blocked URLs even when they matched the custom category.
PAN-234031
Fixed an issue on multi-core firewalls where the firewall displayed packets out of order when capturing packets on the transmit stage.
PAN-233957
(PA-5450 firewalls only) Fixed an issue where the NAT private pool was not used properly when enabling slot 6 DPC.
PAN-233833
Fixed an issue where enabling Jumbo frames resulted in software packet buffer depletion.
PAN-233789
Fixed an issue with push and commit and push operations where the user was not correctly bound to the scope, which caused all device groups to be selected for a selective push.
PAN-233780
(VM-100 firewalls only) Fixed an issue where commits failed due to the configuration memory limit.
PAN-233764
Fixed an issue where commits failed due to large inbound inspection certificates that exceeded the buffer size of 4,096 bytes.
PAN-233541
Fixed an issue where device group and template administrators with access to a specific virtual system were able to see logs for all virtual systems via Context Switch.
PAN-233517
Fixed an issue on Panorama where managed device templates and device groups took longer than expected to display in the Push to Devices window.
PAN-233463
Fixed an issue where the X-Forwarded-For (XFF) IP address value was not displayed in Traffic logs.
PAN-233390
Fixed an issue where the exclude-cache reason was incorrectly presented as TLS13_UNSUPPORTED instead of SSL_CLIENT_CERT.
PAN-233191
(PA-5450 firewalls only) Fixed an issue where the Data Processing Card (DPC) restarted due to path monitor failure after QSFP28 disconnected from the Network Processing Card (NPC).
PAN-233039
Fixed an issue where GENEVE encapsulated packets coming from a GFE Proxy mapped to an incorrect Security policy rule.
PAN-232953
Fixed an issue where you were able to cancel the same commit repeatedly, which displayed the error message Cannot stop job <job> at this time.
PAN-232924
Fixed an issue on firewalls in active/passive HA configurations where the passive firewall was unable to retrieve SDB data for locally inserted SFP transceivers.
PAN-232800
Fixed an issue where critical disk usage for /opt/pancfg increased continuously and the system logs displayed the following message: Disk usage for /opt/pancfg exceeds limit, <value> percent in use.
PAN-232377
Fixed an issue where the AddrObjRefresh job failed when the useridd process restarted.
PAN-232358
(PA-5450 firewalls only) Fixed an issue where the interface on QSFP28 ports did not go down when the Tx cable was removed from the QSFP28 module.
PAN-232290
(PA-5200 Series firewalls only) Fixed an issue where the First Packet Processor (FPP) did not acknowledge a query to find the owner for fragmented packets, tunnel packets, and other scenarios when the packet slot and dataplane owner was unknown.
PAN-232250
Fixed an issue where, when SSH service profiles for management access were set to None, the reported output was incorrect.
PAN-232132
Fixed an issue where DNS response packets were malformed when an antispyware Security Profile was enabled.
PAN-231698
Fixed an issue where you were unable to set the Dynamic Updates schedule threshold to an empty value.
PAN-231552
Fixed an issue where traffic returning from a third-party Security chain was dropped.
PAN-231507
(PA-1400 Series firewalls only) Fixed an issue where, when an HSCI interface was used as an HA2 interface, HA2 packets were intermittently dropped on the passive firewall, which caused the HA2 connection to flap due to missing HA2 keepalive messages.
PAN-231480
Fixed an issue where the firewall CLI output for GlobalProtect log quota settings did not match the settings configured on the Panorama web interface.
PAN-231459
(PA-5450 firewalls only) Fixed an issue where a large number of invalid source MAC addresses were shown in drop-stage packet captures.
PAN-231395
Fixed an intermittent issue where the OCSP query failed.
PAN-231329
Fixed an issue where the logrcvr process stopped responding due to a corrupt log in the forwarding pipeline.
PAN-231295
Fixed an issue where the logrcvr process stopped when running the hints-max CLI command.
PAN-231169
(PA-220 firewalls only) Fixed an issue where an unused plugin incorrectly used memory.
PAN-231148
Fixed an issue where no DHCP option list was defined when using GlobalProtect.
PAN-230813
Fixed an issue where flex memory leak caused decryption failure and commit failure with the error message Error preparing global objects failed to handle CONFIG_UPDATE_START.
PAN-230746
Fixed an issue on the web interface where device groups with a large number of managed firewalls displayed the Policy page more slowly than expected.
PAN-230656
(Firewalls in HA configurations only) Fixed an issue where a split brain condition occurred on both firewalls after booting up any firewall, and an HA switchover occurred after booting up a firewall with a higher HA priority even when no preemptive option was enabled on the firewall.
PAN-230377
Fixed an issue where FEC support was not enabled by default for PAN-25G-SFP28-LR modules.
PAN-230363
(PA-7050 firewalls with SMC-B only) Fixed an issue where the management interface was reported as up even when MGT-A and MGT-B were both down.
PAN-230362
Fixed an issue where the firewall truncated the payload of a TCP Out of Order segment with a FIN flag.
PAN-230359
Fixed an issue where SAML authentication failed with the error message Failed to verify signature against certificate when ds:KeyName was in the IdP metadata.
PAN-230198
Fixed an issue where URL logs were duplicated on Cortex Data Lake.
PAN-230106
Fixed an issue where the firewall was unable to retrieve the most current external dynamic list information from the server due to hostname resolution failure.
PAN-230092
Fixed an issue where the routed process stopped responding when committing routing-related changes if Advanced routing was enabled.
PAN-230039
Fixed an issue where migrating from an Enterprise License Agreement (ELA) to a Flexible VM-Series License failed with a deactivation error message.
PAN-229952
Fixed an issue where the print PDF option did not work (Panorama > Managed Devices > Health).
PAN-229950
Fixed an issue where custom response pages for the GlobalProtect login page did not load and displayed a 404 Not Found error.
PAN-229874
Fixed an issue where the firewall was unable to form OSPFv3 adjacency when using an ESP authentication profile.
PAN-229873
(PA-7050 firewalls only) Fixed an issue related to brdagent process errors.
PAN-229866
Fixed an issue where the reportd process stopped responding.
PAN-229824
Fixed an issue where Device History was not visible under Managed Devices Summary.
PAN-229606
Fixed an issue where the brdagent process stopped responding after an upgrade due to initialization failure.
PAN-229398
Fixed an issue where the Management Processor Card (MPC) stopped responding.
PAN-229315
Fixed an issue where Octets in NetFlow records were always reported to be 0 despite having a nonzero packet count.
PAN-229307
Fixed an issue where half closed SSL decryption sessions stayed active, which caused software packet buffer depletion.
PAN-229115
Fixed an issue on the web interface where the screen was blank after logging in to Panorama.
PAN-229080
Fixed an issue where the new management IP address on the interface did not take effect.
PAN-229072
Fixed an issue where GlobalProtect did not automatically connect to an internal gateway after an endpoint was woken.
PAN-229069
Fixed an issue where clientless VPN portal users were unable to access clientless applications due to an SSL renegotiation being triggered.
PAN-228998
Fixed an issue where multiple license status checks caused an internal process to stop responding.
PAN-228775
Fixed an issue where the CLI command show bonjour interface did not display any output.
PAN-228457
(PA-7000 firewalls only) Fixed an issue where the GTP logs forwarded from the firewall to the log collector did not include the pcap.
PAN-228442
Fixed an issue on firewalls in active/passive HA configurations where sessions did not fail over from the active firewall to the passive firewall when upgrading PAN-OS.
PAN-228342
Fixed an issue where objects in the running configuration appeared to be deleted under the push scope preview.
PAN-228323
Fixed an issue where a large number of Panorama management server cookies were created in the Redis database when the Cloud-Service plugin sent an authentication request every second, and logging in to or using Panorama was slower than expected.
PAN-228277
Fixed an issue where commits took longer than expected.
PAN-227998
Fixed an issue where the zebra process stopped responding due to memory corruption.
PAN-227939
Fixed an issue where the all_task process stopped responding due to high wifclient memory usage, which caused the firewall to reboot.
PAN-227887
Fixed an issue where IP address checksums were calculated incorrectly.
PAN-227804
Fixed an issue where memory corruption caused the comm process to stop responding.
PAN-227774
Fixed an issue where commits failed with the error message Management server failed to send phase 1 to client logrcvr.
PAN-227539
Fixed an issue where excess WIF process memory use caused processes to restart due to OOM conditions.
PAN-227522
Fixed an issue where shared application filters that had application object overrides were overwritten by predefined applications.
PAN-227517
Fixed an issue related to the IPv6 character limit for the source address in static route path monitoring.
PAN-227510
Fixed an issue where the error message Failed to establish GRPC connection to UrlCat service: failed to start grpc connection was displayed in the system log when the Advanced URL Filtering license was applied but not configured.
PAN-227397
Fixed an issue where selective pushes on Panorama removed a previously pushed configuration from the firewalls.
PAN-227368
Fixed an issue where the GlobalProtect app was unable to connect to a portal or gateway and GlobalProtect Clientless VPN users were unable to access applications if authentication took more than 20 seconds.
PAN-227344
Fixed an issue on Panorama where PDF Summary Reports (Monitor > PDF Reports > Manage PDF Summary) displayed no data and were blank when predefined widgets were included in the summary report.
PAN-227305
Fixed an issue where SCEP certificate generation failed when a service route was used to reach the SCEP server.
PAN-227064
Fixed an issue with high availability (HA) sync failure when performing a partial commit after creating a Security policy via REST API.
PAN-227058
Fixed an issue where traffic did not match Security policy rules with the destination as FQDN and instead hit the default deny rule.
PAN-226923
Fixed an issue where an excessive tab displayed *Device > Setup** when using Simplified Chinese.
PAN-226860
Fixed an issue where macOS X-Auth clients disconnected prematurely from the GlobalProtect gateway during a Phase 2 re-key event.
PAN-226768
Fixed an issue where, when the GlobalProtect app was installed on iOS endpoints and the gateway was configured to accept cookies, the app remained in the Connecting stage after authentication, and the GlobalProtect log displayed the error message User is not in allow list. This occurred when the app was restarted or when the app attempted to reconnect after disconnection.
PAN-226626
Fixed an issue where the firewall generated numerous logrcvr error messages related to NetFlow.
PAN-226470
Fixed an issue where previewing changes for selective admins took longer than expected or displayed the error message commands succeeded with no output.
PAN-226128
Fixed an issue where selective push failed on Panorama after deleting shared objects that were referenced in multi-device group environments with the error message: Schema validation failed. Please try a full push.
PAN-226021
Fixed an issue where content push operations failed for a URL category Scanning Activity.
PAN-225975
Fixed an issue where the CLI command show system disk details was not available.
PAN-225394
Fixed an issue on the firewall where SNMP incorrectly reported high packet descriptor usage.
PAN-225337
Fixed an issue on Panorama related to Shared configuration objects where configuration pushes to multi-vsys firewalls failed.
PAN-225203
Fixed an issue where the Log Forwarding Card (LFC) did not honor the negotiated MSS on the logging connection.
PAN-225110
Fixed an issue with firewalls in HA configurations where HA configuration syncs did not complete or logging data was missing until firewall processes were manually restarted or the firewalls were rebooted.
PAN-225094
Fixed an issue where performing a commit operation failed and the following error message was displayed: failed to handle CUSTOM_UPDATE.
PAN-225090
Fixed an issue on Panorama where Commit and Push was grayed out when making changes to a template or device group.
PAN-225082
Fixed an issue where GlobalProtect quarantine-delete logs were incorrectly shown on passive firewalls.
PAN-225013
(PA-5450 firewalls only) Fixed an issue where the firewall rebooted unexpectedly when a Network Card was on Slot 2 instead of a DPC.
PAN-224955
Fixed an issue where the devsrvr process stopped responding when Zone Protection had more than 255 profiles.
PAN-224954
Fixed an issue where, after upgrading and rebooting a Panorama appliance in Panorama or Log Collector mode, managed firewalls continuously disconnected.
PAN-224938
Fixed an issue where the CLI command settings for set system setting logging max-log-rate did not persist after a mgmtsrvr process restart.
PAN-224882
Fixed an issue where the session end reason was incorrectly logged as decrypt-cert-validation for allowed sessions when the decryption profile was configured for a no-decrypt policy.
PAN-224788
Fixed an issue where the Power Supplies was not present in the show system environmentals CLI command output.
PAN-224772
Fixed a high memory usage issue with the mongodb process that caused an OOM condition.
PAN-224656
Fixed an issue where the devsrvr process caused delays when Dynamic Address Groups with large entry lists were being processed during a commit, which caused commits to take longer than expected.
PAN-224500
Fixed an issue where IPv6 addresses in XFF were displayed in Traffic logs.
PAN-224424
(PA-3440 firewalls only) Fixed an issue where you were unable to set the link speed as 25Gbps from the drop-down in the template for Ethernet ports 1/23 through 1/26.
PAN-224405
Fixed an issue where the distributord process repeatedly stopped responding.
PAN-224404
Fixed an issue where a memory leak caused decryption failures when SSL Forward Proxy was configured.
PAN-224365
Fixed an issue where excessive network path monitoring messages were generated in the system logs.
PAN-224354
Fixed an issue where a memory leak related to the distributord process occurred when connections flapped for IP address-to-username mapping redistribution.
PAN-224067
Fixed an issue where cookie authentication did not work for GlobalProtect when an authentication override domain was configured in the SAML authentication profile.
PAN-223914
Fixed an issue on Panorama where the reportd process unexpectedly stopped responding.
PAN-223856
(PA-800 Series firewalls only Fixed an issue where the GlobalProtect SSL tunnel failed.
PAN-223855
Fixed an issue where the show running ippool CLI command output displayed incorrect used and available NAT IP address pools on DIPP NAT policy rules in multidataplane firewalls.
PAN-223798
Fixed an issue on the firewall where, when Advanced Routing was enabled, PIM join messages were not sent to the RN due to a missing OIF.
PAN-223559
Fixed an issue where unexpected characters appeared in the text of GlobalProtect application authentication prompts when the GlobalProtect portal or gateway had a RADIUS authentication profile.
PAN-223796
(PA-7000 Series firewalls with Log Forwarding Cards (LFC) only) Fixed an issue where multiple OOM conditions occurred which caused a system restart.
PAN-223559
Fixed an issue where unexpected characters appeared in the text of GlobalProtect application authentication prompts when the GlobalProtect portal or gateway had a RADIUS authentication profile.
PAN-223481
(PA-5450 firewalls only) Fixed an issue where the all_pktproc process stopped responding when the firewall was on PAN-OS 10.1.9-h3 or a later release.
PAN-223432
Fixed an issue where SSL decryption for HTTP/2 sessions failed when enabling Send handshake messages to CTD for inspection (Device > Setup > Session > Decryption Settings > SSL Decryption Settings).
PAN-223365
Fixed an issue where Panorama was unbale to query any logs if the Elasticsearch health status for any log collector was degraded.
PAN-223271
Fixed an issue where the file transfer of large zipped and compressed files had the App-ID unknown-tcp.
PAN-223263
Fixed an issue on the web interface where the system clock for Mexico_city was displayed in CDT instead of CST on the management dashboard.
PAN-223259
Fixed an issue where selective pushes failed with the error message Failed to generate selective push configuration. Unable to retrieve last in-sync configuration for the device, either a push was never done or version is too old. Please try a full push.
PAN-223172
Fixed an issue on Panorama where host IDs manually added to the device quarantine list were unexpectedly removed.
PAN-223094
Fixed an issue where fragmented TCP traffic was dropped due to an IP address ID conflict over the SD-WAN tunnel.
PAN-222662
Fixed an issue where the CLI command debug log-card-interface pint slot <x> host <host> did not return any information when attempting to ping the Log Forwarding Card (LFC).
PAN-222586
(PA-5410, PA-5420, and PA-5430 firewalls only) Fixed an issue where Filter drop-downs, Forward Method, and Correlation log settings (Device > Log Settings > Correlation) were not displayed.
PAN-222188
A CLI command was introduced to address an issue where SNMP monitoring performance was slower than expected, which resulted in snmpwalk timeouts.
PAN-222089
Fixed an issue where you were unable to context switch from Panorama to the managed device.
PAN-221973
Fixed an issue where the same user connected to multiple SSL VPN connections and one of the sessions stopped working.
PAN-221938
Fixed an issue with network packet broker sessions where the broker session and primary session timeouts were out of sync, which caused traffic drops if the broker session timed out when the primary session was still active.
PAN-221897
Fixed an issue where duplicate entries were not detected during commits, which caused routing engine failure.
PAN-221881
Fixed an issue where log ingestion to Panorama failed, which resulted in missing logs under the Monitor tab.
PAN-221857
Fixed an issue where users were unable to log in to the GlobalProtect app using SAML authentication after upgrading to PAN-OS 10.2.3-h4, and the GlobalProtect logs displayed the following error message: Username from SAML SSO response is different from the input.
PAN-221728
Fixed an issue where selective pushes did not work after upgrading to PAN-OS 10.2.4.
PAN-221428
Fixed a memory leak issue where the packet buffer count continuously increased and the firewall required a restart to clear the buffers.
PAN-221190
(PA-800 Series firewalls only) Fixed an issue where the firewall rebooted due to I2C errors when unsupported optics were inserted in ports 5-8.
PAN-221186
Fixed an issue where BGP aggregate routes were not created and discard routes were not installed in the routing table.
PAN-221162
Fixed an issue where previewing changes before pushing to devices displayed a pop-up with the message: Command succeeded with no output.
PAN-221015
(M-600 Appliances only) Fixed an issue where ElasticSearch processes did not restart when the appliance was rebooted, which caused the managed collector ES health status to be downgraded.
PAN-220931
(Panorama appliances in FIPS-CC mode only) Fixed an issue where scheduled email reports did not contain PDF attachments.
PAN-220907
(VM-Series firewalls only) Fixed an issue where large packets were dropped from the dataplane to the management plane, which caused OSPF neighborship to fail.
PAN-220881
Fixed an issue where the CLI command show logging-status did not correctly display the last log created and forwarded timestamps.
PAN-220659
Fixed an issue on the firewall where scheduled antivirus updates failed when external dynamic lists were configured on the firewall.
PAN-220619
Fixed an issue where the correct device filter did not apply when filtering Targets and Target/Tags (Device Group > Policies).
PAN-220553
Fixed an issue where, after enabling Advanced Routing Engine, the backup default route was not installed in the FIB table if static path monitoring went down.
PAN-220500
(PA-5450 and PA-400 firewalls only) Fixed an issue where the request shutdown system CLI command did not completely shut down the system.
PAN-220239
Fixed an issue where certificate-based logins to Panorama via the web interface failed.
PAN-219851
Fixed an issue where you were unable to export SAML metadata when configuring SAML authentication.
PAN-219768
Fixed an issue where you were unable to filter data filtering logs with Threat ID/NAME for custom data patterns created over Panorama.
PAN-219585
Fixed an issue where enabling syslog-ng debugs from the root caused 100% disk utilization.
PAN-219494
Fixed an issue with the firewall where adding Parent-App under Application Filter for Security policy rules did not add dependent applications.
PAN-219415
Fixed an issue where BGP routes were installed in the routing table even when the option to install routes was disabled in the configuration.
PAN-219351
Fixed an issue where the all_pktproc process stopped responding during Layer 7 processing.
PAN-219260
(M-Series appliances only) Fixed an issue where the management interface flapped due to low memory reserved for kernel space.
PAN-219251
Fixed an issue where the ctd_dns_wait_pkt_drop counter increase was greater than expected.
PAN-219222
Fixed an issue where spaces in a certificate name caused imports to fail.
PAN-219113
Fixed an issue where, when a port on the NPC was configured for log forwarding, the ingress traffic on the card was sent for processing to the LPC, and the LPC card was reloaded when the ingress volume of traffic was high.
PAN-218873
Fixed an issue where a HIP mask was reused when an existing IP address user mapping was updated by a new IP address user mapping that had a different username but the same IP address.
PAN-218694
Fixed an issue where SaaS PR was reimported to the shared location and policy objects were not updated with new updates coming from the SaaS cloud.
PAN-218659
Fixed an issue where Security zones under Interfaces displayed as none for dynamic group and template admin users in a read-only admin role.
PAN-218652
Fixed an issue on Panorama where the HA virtual address was not created for firewalls in active/active HA configurations.
PAN-218620
Fixed an issue where scheduled configuration exports and SCP server connection testing failed.
PAN-218611
Fixed an issue where the device telemetry region was not updated on the firewall when pushed from the Panorama template stack.
PAN-218555
Fixed an issue where the firewall did not receive dynamic address updates pushed from Panorama during initial registration to Panorama.
PAN-218352
Fixed an issue where Panorama was slower than expected when WildFire deployment was scheduled every minute to a large number of devices.
PAN-218119
Fixed an issue where the firewall transmitted packets with an incorrect source MAC address during commit operations.
PAN-218057
(PA-7000 Series firewalls only) Fixed an issue where internal path monitoring failed due to a heartbeat miss.
PAN-217728
Fixed an issue where uploading a certificate in a manual configuration option for SafenetHSM failed.
PAN-217652
Fixed an issue on Panorama where certificates created on Panorama were not pushed to the firewall with a selective push.
PAN-217619
Fixed an issue where supported Bi-DI transceivers were not recognized which caused ports to not come up.
PAN-217541
Fixed an issue where the useridd process stopped responding after a restart when HIP redistribution was enabled.
PAN-217510
Fixed an issue where inbound DHCP packets received by a DHCP client interface that were not addressed to itself were silently dropped instead of forwarded.
PAN-217293
Fixed a rare issue where URLs were not accessible when the header length was greater than 16,000 over HTTP/2.
PAN-217289
Fixed an intermittent issue where HTTP/2 traffic caused buffer depletion.
PAN-217272
Fixed an issue where the DNS proxy log included an excessive number of the following error message: Warning: pan_dnsproxy_log_resolve_fail: Failed to resolve domain name ** AAAA after trying all attempts to name servers
PAN-217241
Fixed an issue where predict session conversion failed for RTP and RTCP traffic.
PAN-217205
Fixed an issue where the firewall did not clear port reused sessions for GlobalProtect traffic with proxy fast-session-delete enabled.
PAN-217155
Fixed an issue where syncs between Panorama and the Cloud Identity Engine (CIE) caused intermittent slowness when using the web interface due to a large number of groups in the CIE directory.
PAN-217123
Fixed an issue where, when log queries in the yyyy/mm/dd format displayed extra digits for the day and an error was not generated.
PAN-217064
Fixed an issue where commits took longer than expected when the DLP plugin was configured.
PAN-217024
Fixed an issue where fetching device certificates failed for internal DNS servers with the error message ERROR Error: Could not resolve host: certificate.paloaltonetworks.com.
PAN-216647
Fixed an issue where the sysd node was updated at incorrect times.
PAN-216230
Fixed an issue where the shard count reached up to 10% over the limit rather than staying under the limit.
PAN-216077
A CLI command was added to configure the FEC for PA-5450 breakout ports.
PAN-215583
Fixed an issue on firewalls in HA configurations where the primary firewall went into a nonfunctional state due to a timeout in the pan_comm logs during the policy-based forwarding (PBF) parse, which caused an HA failover.
PAN-215576
Fixed an issue where the userID-Agent and TS-Agent certificates were set to expire on November 18, 2024. With this fix, the expiration date has been extended to January 2032.
PAN-215436
Fixed an issue with the web interface where the latest logs took longer than expected to display under Monitor.
PAN-214773
Fixed an issue where RTP packets traversing intervsys were dropped on the outgoing vsys.
PAN-214760
Fixed an issue where, when a firewall had more than 1,200 logical interfaces, commits failed with the error message: Error pre-installing config failed to handle CONFIG_COMMIT.
PAN-214311
Fixed an issue where users were able to add configurations via XML API even when a config lock was in place.
PAN-214177
Fixed an issue where template configurations were not properly pushed to the firewall during an export or push of the device configuration bundle.
PAN-213949
Fixed an issue where the VPN responder stopped responding when it received a CREATE_CHILD message with no security association (SA) payload.
PAN-213918
Fixed an issue where mlav-test-pe-file.exe was not detected by WildFire Inline ML.
PAN-213591
Fixed an issue where Request Categorization Change was not displayed under URL filtering logs when the Advanced URL Filtering license was applied.
PAN-213011
Fixed an issue where, when using multi-factor authentication (MFA) with RADIUS OTP, the challenge message Enter Your Microsoft verification code did not appear when accessing the GlobalProtect portal via browser.
PAN-212932
Fixed an issue where the firewall went into a restart loop with the following error message: failed to get mgt settings candidate: configured traffic quota of 0 MB is less than the minimum 32 MB.
PAN-212770
Fixed an issue on the firewall where the WildFire file size limit value did not match on the web interface and the CLI.
PAN-212580
(PA-7050 firewalls only) Fixed an issue where disk space filled up due to files under /opt/var/s8/lp/log/pan/ not being properly deleted.
PAN-212576
Fixed an issue where firewall HA clusters in active/active configurations with Advanced Routing enabled did not relay to ping requests sent to a virtual IP address.
PAN-211945
Fixed an issue where URL Filtering system logs showed the error message CURL ERROR: bind failed with errno 124: Address family not supported by protocol even though the PAN-DB cloud was connected.
PAN-211827
Fixed an issue where Dynamic Updates failed with the following error message: CONFIG_UPDATE_INC: Incremental update to DP failed please try to commit force the latest config.
PAN-211821
Fixed an issue on firewalls in HA configurations where committing changes after disabling the QoS feature on multiple Aggregate Ethernet (AE) interfaces caused the dataplane to go down.
PAN-211255
Fixed an issue third-party VPNC IPSec clients were disconnected after a few seconds for firewalls in active/active HA configurations.
PAN-210354
Fixed an issue where the routedd process stopped responding when executing the show static-route path-monitoring CLI command or when accessing the path monitoring records from the web interface (Network > Virtual Router > More Runtime Stats > Static Routing).
PAN-208085
Fixed an issue where the BFD peers were deleted during a commit from Panorama. This occurred because the pan_comm thread became deadlocked due to the same sysd object was handled during the commit.
PAN-207616
Fixed an issue on Panorama where, after selecting managed firewalls and creating a new tag, the managed firewalls were automatically unselected and any new tag that was created was applied to the managed firewalls for which you initially created the tag.
PAN-207092
Fixed an issue where logging in using default credentials after changing to FIPS-CC for NSX-T firewalls did not work.
PAN-207003
Fixed an issue where the logrcvr process NetFlow buffer was not reset which resulted in duplicate NetFlow records.
PAN-206639
Fixed an issue where the LFC and NPC remained stuck during bootup.
PAN-206041
(PA-7050 firewalls only) Fixed an issue where the ikemgr process stopped responding.
PAN-205041
Fixed an issue where DNS Security cloud service unavailable logs did not indicate the service name, status code, or error message in the DNS proxy log.
PAN-202361
Fixed an issue where packets queued to the pan_task process were still transmitted when the process was not responding.
PAN-202095
Fixed an issue on the web interface where the language setting is not retained.
PAN-202008
Fixed an issue where Traffic logs exported to CSV files contained inaccuracies and were not complete.
PAN-198043
Fixed a rare issue where aBuildXmlCache job failed on the firewall.
PAN-196954
Fixed a memory leak issue related to the distributord process.
PAN-196840
Fixed an issue where exporting a Security policy rule that contained Korean language characters to CSV format resulted in the policy description being in a nonreadable format.
PAN-196395
(PA-5450 firewalls only) Fixed an issue where the firewall accepted 12 Aggregate Ethernet interfaces, but you were unable to configure interfaces 9-12 via the web interface.
PAN-194912
Fixed an issue where the CLI command show applications list did not return any outputs.
PAN-194006
Fixed an issue on Panorama where *Commit Push** and Validate Push operations during a Push to Devices did not handle the configuration for shared objects, which resulted in an invalid configuration being pushed.
PAN-193004
Fixed an issue where /opt/pancfg partition utilization reached 100%, which caused access to the Panorama web interface to fail.
PAN-192188
(PA-5450 firewalls only) Fixed an issue where the show running resource-monitor ingress-backlogs CLI command failed with the following error message: Server error : Failed to intepret the DP response.
PAN-185249
Fixed an issue where Template Stack overrides (Dynamic Updates > App & Threats > Schedule) were not able to be reverted via the web interface.
PAN-182960
Additional error logs were added for an issue where, when multiple Panorama web interface sessions were opened, active lock did not show up on the web interface for any session.
PAN-172600
Fixed an issue where the CLI command show rule-hit-count did not provide all details of the rule from the device group.
PAN-171569
Fixed an issue where HIP matches were not recognized in an SSL decryption policy rule.