PAN-OS 11.2.10-h5 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
PAN-OS 11.2.10-h5 Addressed Issues
PAN-OSĀ® 11.2.10-h5 addressed issues.
Issue ID | Description |
|---|---|
PAN-318275 | (VM-Series firewalls only) Fixed an issue where the firewall became unresponsive and did not automatically reboot, which led to prolonged outages. With this fix, the Linux kernel configuration will trigger a system panic and reboot.
|
|
PAN-316911
|
(VM-Series firewalls on Amazon Web Services (AWS) environments
only) Fixed an issue where a newly bootstrapped firewall
required a management server restart, relicensing, or license push
from Panorama to invoke the device certificate.
|
PAN-315912 | Fixed an issue where the Maximum Segment Size (MSS) rewrite functionality for packets ingressing through SD-WAN interfaces on firewalls was not optimized.
|
PAN-314147 | Fixed an issue where SSL traffic was dropped on SD-WAN DIA interfaces with member having different MTU.
|
PAN-313623 | Fixed an issue where the /opt/pancfg/mgmt/ssl/private/ directory on Palo Alto Networks devices with TPM support became 100% utilized due to an accumulation of undeleted .pub_pem files. This occurred because executing the show device-certificate status CLI command initiated a process that generated these files but failed to remove them, which prevented the fetching of new device certificates.
|
|
PAN-313216
|
Fixed an issue where firewalls with Prisma Access incorrectly
displayed some traffic as unsanctioned in traffic logs for cloud
applications that were tagged as
sanctioned.
|
PAN-312706 | Fixed an issue where the firewalls restarted due to a function lacking a NULL-pointer sanity check.
|
PAN-311512 | Fixed an issue where HIP (Host Information Profile) reports were blocked on GlobalProtect when Authentication Cookie Usage Restrictions was enabled and the Prisma Access Agent protocol was in use. This occurred because the system failed to correctly process HIP messages that were relayed via IPSec tunnels with a Virtual IP as the source, leading to their rejection.
|
PAN-309300 | Fixed an issue where management plane system resources configuration size exceeded 28 MB for over 4 hours, and the following error message was displayed: Configuration size reaching device capacity limit.
|
|
PAN-308786
|
(Panorama appliances only) Fixed an issue where traffic log
queries using the device_name filter returned
no results, and complex log queries that included negation operators
produced incorrect outputs.
|
PAN-308564 | Fixed an issue where packets were dropped on SD-WAN interfaces when a proxy was enabled due to an MTU inconsistency where the firewall failed to rewrite the maximum segment size in SYN/ACK packets based on the SD-WAN virtual interface MTU.
Note: This fix does not apply when the traffic egress interface isĀ SD-WAN Direct Internet
Access (DIA) interface and proxy is enabled.
|
|
PAN-308507
|
(Panorama managed firewalls only) Fixed an issue where the
firewall intermittently failed to maintain active log forwarding
streams to Strata Logging Service (SLS) even when duplicate logging
and enhanced application logging were enabled.
|
PAN-308418 | Fixed an issue where, when Advanced DNS Security was enabled and experienced unusually high loads, DNS resolution failures occurred with the error resources-unavailable.
|
PAN-306555 | Fixed an issue where the firewall stopped responding, which led to service outages.
|
PAN-304019 | (VM-Series firewalls only) Fixed an issue where the firewall did not send traffic to SCM or SLS via a configured explicit proxy IP address when the proxy username was not configured.
|
PAN-303745 | Fixed an issue where inter-dataplane forwarding did not work for sessions ingressing on Slot 2, which resulted in intermittent ping failures to interfaces on Network Card 2 when traffic was forwarded to Slot 3.
Note: With this fix, after a slot restart, the global counter will still show dot1q errors
for a short period.
|
|
PAN-302564
|
Fixed an issue on the firewall where a path monitoring failure
occurred and caused the dataplane to restart.
|
|
PAN-301653
|
Fixed an issue where DNS traffic sessions prematurely terminated with
the message resources-unavailable. This occurred due to
IPv4 fragmented DNS responses causing the Advanced DNS Security
module to incorrectly pack the DNS payload multiple times when
forwarding to the cloud for inspection.
|
PAN-302983 | Fixed an issue where, after committing changes on Panorama, a shared post-rule moved to the end of the post shared rulebase on the managed device instead of remaining at the top.
|
|
PAN-300837
|
Fixed an issue where firewalls experienced multiple reboots due to
the pan_task process restarting with a SIGSEGV signal.
This occurred because the client-to-firewall side assumed TLS 1.3
for the firewall-server side.
|
PAN-300671 | Fixed an issue where traffic reports that were generated with destination/source and destination/source hostnames were not displayed in IPv4 format.
|
|
PAN-300423
|
Fixed an issue where Data Processing Cards (DPCs) installed in slots
5 and 6 remained stuck in a starting state with the error
Signal detected for port xeS5-DP0 but Link
Down alerts, which resulted in device
instability.
|
|
PAN-299242
|
Fixed an issue where the firewall's SSL proxy sent an empty HTTP2
SETTINGS message to the client before confirming server support,
which caused some clients to incorrectly assume HTTP/2 support and
not fall back to HTTP/1.1. Additionally, the firewall dropped
HTTP1.1 400 Bad Request frames from the server, which prevented the
client from correctly detecting the lack of HTTP/2 support.
|
PAN-298617 | Optimized the commit workflow to reduce the size of the effective configuration, resulting in lower memory consumption.
|
PAN-297708 | Fixed an issue where a long-lived session with many Machine Learning (ML) model triggers caused a memory leak of feature states associated with the ML model runs. This resulted in Spyware_State failure increases, allocation max outs, and impaired policy matching.
|
PAN-295802 | Fixed an issue where a memory leak related to the configd process occurred.
|
PAN-295309 | Fixed an issue where OSPF session using MD5 authentication experienced intermittent flapping due to out-of-order packet processing.
|
PAN-293644 | (Firewalls in HA configurations only) Fixed an issue where the configd process stopped responding during an External Dynamic List (EDL) refresh.
|
PAN-290938 | Fixed an issue where multiple memory leaks occurred related to the configd process.
|
|
PAN-264762
|
Fixed an issue where the firewall showed the status of SFP+
interfaces as not up, or up but not configured, when a
PAN-SFP-PLUS-SR cable was connected.
|
|
PAN-263691
|
Fixed an issue where the firewall rebooted unexpectedly due to a
memory leak in the all_task process.
|
|
PAN-250339
|
Added an improvement to automatically clean up idle HTTP connection
pools to address an issue where idle connection pools accumulated
when a circuit breaker limit was reached, which caused client
requests to fail with a 503
no_healthy_upstream error.
|
PAN-248913 | Fixed an issue where the Elasticsearch client certificate was not auto renewed, which caused it to enter a Red state, and logs were not displayed in Panorama.
|