PAN-OS 11.1.6-h14 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
PAN-OS 11.1.6-h14 Addressed Issues
PAN-OS 11.1.6-h14 addressed issues.
Issue ID
|
Description
|
---|---|
PAN-290996
|
Fixed an issue where SNMP walks returned a value of 0 for the CPS
(Connections Per Second) per vsys on firewalls after upgrading to
PAN-OS 11.1.6-h3, even when active connections were present.
|
PAN-290803
|
(VM-Series firewalls on Microsoft Azure environments only)
Fixed an issue where firewall failed to bootstrap with a custom
image, and VM-Series plugin information was not displayed in the
system information.
|
PAN-290239
|
(PA-455 firewalls in active/passive HA configurations only)
Fixed an issue where, after an upgrade, the TCP session for syslog
forwarding did not resume after the syslog server service was
disabled and then re-enabled, which caused logs to be dropped. This
occurred when the syslog server was down for more than 16 minutes.
|
PAN-290088
|
Fixed an issue where a memory leak occurred related to the
configd process when pushing configurations from
Panorama to a firewall. This occurred when the configurations
contained shared policy rules.
|
PAN-289102
|
(PA-7500 Series, PA-5410, PA-5420, PA-5430, PA-5440, PA-5445,
PA-3400 Series, PA-1400 Series, PA-400 Series, VM-Series, and
CN-Series firewalls only) Fixed a race condition issue
related to predict processing, which resulted in a dataplane restart
and traffic loss.
|
PAN-288893
|
(Firewalls in multi-vsys configurations only) Fixed an issue
where HTTP/2 traffic failed due when one virtual system (vsys) had a
decryption policy rule enabled and another vsys had a no-decrypt
policy rule for the same session.
|
PAN-287818
|
Fixed an issue where sessions timed out sooner than expected due to
the
pan_proxy_accumulation_restore_timeout
not initiating when the accumulation
session_init failed.
|
PAN-287734
|
Fixed an issue where Scan ERR: Internal Err
1002 messages were unexpectedly generated when WIF
shared memory use was high.
|
PAN-287621
|
Added debug logs for an issue where a slow IP address pool NAT leak
occurred when persistent NAT was enabled, which led to NAT IP pool
exhaustion.
|
PAN-287056
|
Fixed an issue where BGP export policy rules with next-hop matching
failed to block the advertisement of static routes, and the firewall
incorrectly matched the egress interface IP address instead of the
original next-hop IP address of the static route, which caused the
deny rule to fail.
|
PAN-287023
|
Fixed an issue where a large number of logs caused the
logrcvr process to stop responding.
|
PAN-287002
|
A fix was made to address CVE-2025-0133.
|
PAN-286857
|
Fixed an issue where only failed Kerberos authentication events were
logged in auth.log, and successful
authentication events were not logged.
|
PAN-286848
|
Fixed an issue where ECMP incorrectly balanced sessions across links
based on the configured metric, which led to an imbalance in traffic
distribution and resulted in traffic assignment shifting
disproportionately to routes with lower metrics.
|
PAN-286443
|
Fixed an issue where, after an upgrade, the firewall was unable to be
managed via HTTPS or SSH.
|
PAN-286306
|
Fixed an issue where, when getting transceiver information from ESCC
for SFP 25G modules, the transceiver code was incorrectly updated
with Unknown instead of
25GBase-SR.
|
PAN-285894
|
Fixed an issue where the all_task process stopped
responding, which caused the firewall to reboot unexpectedly, and
traffic failures occurred.
|
PAN-285818
|
Fixed an issue where a tool was needed to display leaked NAT port
numbers without requiring a forced synchronization.
|
PAN-284908
|
Fixed an issue where retrieving filenames from OneDrive resulted in a
cache miss.
|
PAN-284073
|
Fixed an issue on the firewall that caused commits to fail and the
web interface to become inaccessible.
|
PAN-284067
|
Fixed an issue where the devsrvr process experienced out
of memory (OOM) conditions due to the show running
application statistics CLI command, which caused
the firewall to reboot.
|
PAN-284003
|
Fixed an issue where clients did not receive a valid response when
when searching a website due to a compression error.
|
PAN-283979
|
Fixed an issue where the firewall became non-functional due to high
root partition use.
|
PAN-283936
|
(Panorama appliances only) Fixed an issue where the
configd process intermittently restarted, which
caused Panorama to be temporarily unavailable.
|
PAN-283331
|
Fixed an issue where selective pushes to managed devices failed when
the User ID Master Device was configured.
|
PAN-282359
|
Fixed an issue where the Panorama web interface was slower than
expected.
|
PAN-282277
|
Fixed an issue where an OOM condition on the logrcvr
process caused interface flapping, and the interface unexpectedly
went down and then recovered without intervention.
|
PAN-281509
|
(Panorama appliances only) Fixed an issue where log exports
were slower than expected or failed when filtering logs after an
upgrade, which resulted in timeouts or delays in displaying logs on
the web interface.
|
PAN-280532
|
Fixed an issue where, after disabling and re-enabling the external
syslog server, the TCP session was not resumed, which caused all
logs that were forwarded to the syslog server to be dropped.
|
PAN-280101
|
Fixed an issue where set and edit commands took longer than expected
when adding address objects with a large number of dynamic groups
due to the completion cache being enabled. With this fix, the
completion cache is disabled by default.
|
PAN-279500
|
Fixed an issue where TLS connections failed to establish in
asymmetric routing environments if the firewall did not see
server-to-client (s2c) packets of the TLS handshake.
To use this fix, run the following CLI command: debug
dataplane set ssl-decrypt accumulate-client-hello asym-disable
yes.
|
PAN-278836
|
Fixed an issue where, after an upgrade, GlobalProtect attempted to
use the embedded browser instead of the default browser for gateway
authentication even when it was configured to use the default
browser.
|
PAN-278812
|
Fixed an issue where authentication to GlobalProtect failed with the
error message User not in allowed list.
|
PAN-278190
|
Fixed an issue on Panorama where a scheduled report with SLS data had
an invalid translated-query.
|
PAN-278150
|
Fixed an issue where the firewall removed the Authentication Key
Identifier (AKID) from the certificate during SSL decryption, which
caused Python 3.13 to fail with a certificate verification error.
|
PAN-277751
|
Fixed an issue where a policy-based forwarding (PBF) rule with an
action of no-pbf and a service of TCP-22 did
not match traffic after upgrading to PAN-OS 11.1.5-h1. As a result,
traffic was matched by a lower rule with a service of
any and an action of
forward.
|
PAN-276920
|
Fixed an issue where web-advertisement traffic was not immediately
blocked which resulted in pages loading indefinitely.
|
PAN-276862
|
Fixed an issue on Panorama where the logd process
stopped responding unexpectedly.
|
PAN-276616
|
Fixed an issue on the firewall where half-duplex settings on Ethernet
was not visible.
|
PAN-276276
|
(PA-450 firewalls only) Fixed an issue where, after an
upgrade, data that was excluded using the query builder in a custom
report was still visible in the report, and the logs displayed
errors related to invalid threat names being queried.
|
PAN-275133
|
Fixed an issue where HTTP 503 server errors occurred while browsing
websites due to slow Secure Web Gateway (SWG) bypass rule lookup.
|
PAN-275047
|
(VM-Series firewalls only) Fixed an issue where, after an
upgrade, the firewall was unable to send logs to the Strata Logging
Service (SLS) when using a specific proxy server, and the SSL
connection status displayed as failed when attempting to forward
logs through the web proxy.
|
PAN-273964
|
Fixed an issue where SNMP scans to a firewall timed out after
upgrading to a PAN-OS 10.2 release.
|
PAN-273727
|
Fixed an issue where the firewall skipped the DNS policy rule of a
domain external dynamic list (EDL) during an EDL refresh.
To use this fix, run the following CLI command and commit:
set deviceconfig setting ctd
custom-edl-domains-continuous-reload yes/no
|
PAN-271810
|
Fixed an issue where auto-negotiation advertised and negotiated
10/100 half and full duplex.
|
PAN-271490
|
Fixed an issue on the firewall that caused the following error
message to be displayed: frr_ns0: failed to stop child
frr_ns0_ospf6d.
|
PAN-271432
|
Fixed an issue where the firewall was unable to decrypt SSL traffic
when using forward proxy and HSM with an ECDSA signing certificate.
|
PAN-271215
|
A fix was made to address CVE-2025-4230.
|
PAN-269700
|
Fixed an issue where commits to service connection firewalls from
Panorama failed.
|
PAN-269057
|
Fixed an issue where the routed process stopped
responding due to accessing freed memory from a hash table when the
route vectors were resized. This occurred when a large number of
static routes were configured.
|
PAN-268922
|
(PA-3220 firewalls in high availability (HA) configurations
only) Fixed an intermittent issue where the firewalls went
out of sync after a configuration push from Panorama.
|
PAN-268787
|
Fixed an issue where users were unable to log in to Panorama and the
following error message was displayed: Timed out while
getting config lock. Please try again. This
occurred when pushing configurations to a large number of devices.
|
PAN-268708
|
Fixed an issue where PDF summary and email reports displayed IPv6
addresses instead of IPv4 addresses.
|
PAN-268680
|
Fixed an issue where the configd process stopped
responding when a configuration merge operation changed.
|
PAN-267759
|
Fixed an issue where Prisma Access gateway downloads were slower than
expected.
|
PAN-267614
|
Fixed an issue where the Panorama web interface was slower than
expected due to high CPU utilization on the mongodb
process.
|
PAN-267328
|
Fixed an issue where the all_task process stopped
responding, which caused the firewall to stop processing traffic.
|
PAN-267045
|
Fixed an issue on the firewall where ICMP ping loss occurred after
installing a Network Processing Card (NPC) in slot 7.
|
PAN-265549
|
A fix was made to address CVE-2025-0137.
|
PAN-265014
|
Fixed an issue where changes made to device groups with the same
prefix name were not visible in the commit scope.
|
PAN-264845
|
Fixed an issue where the Log Forwarding for Security Services feature
did not correctly filter policy rules with log forwarding profiles.
|
PAN-263749
|
Fixed an issue where disk space that was used by file descriptors was
not freed, which caused the root partition to become full and
Panorama to be inaccessible.
|
PAN-260564
|
Fixed an issue on firewalls in HA configurations where a network loop
was detected by switches after suspending HA on the active firewall.
|
PAN-260279
|
Fixed an issue where selective push operations failed with the error
message: Failed to generate selective push
configuration. Schema validation failed. Please try a full
push.
|
PAN-255020
|
Fixed an issue where the Panorama web interface did not display the
push scope data for custom admin users when performing a partial
commit and push.
|
PAN-226184
|
Fixed an issue where push operations from Panorama were slow due to
the rasmgr process taking longer than expected.
|