PAN-OS 11.2.4-h4 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
PAN-OS 11.2.4-h4 Addressed Issues
PAN-OSĀ® 11.2.4-h4 addressed issues.
| Issue ID | Description |
|---|---|
|
PAN-276130
|
Fixed an issue where, when a new IKEv2 was created on Panorama on a
PAN-OS 11.2 release using the default IKE version (IKEv2) and IPSec
crypto profiles with no specific changes to the crypto profile
parameters, and the configuration was pushed to a firewall on PAN-OS
11.2.0 to PAN-OS 11.2.4, the firewall interpreted the IKEv2 gateway
as IKEv1.
|
|
PAN-274029
|
Fixed an issue where upgrading Panorama and pushing configurations to
the firewall caused an IKE version mismatch, which resulted in IPSec
tunnel failure with the peer device.
|
|
PAN-273994
|
A fix was made to address CVE-2025-0111.
|
|
PAN-273971
|
A fix was made to address CVE-2025-0108.
|
|
PAN-273278
|
A fix was made to address CVE-2025-0109.
|
|
PAN-273197
|
Fixed an issue where the endpoint ID was not populated in logs when
the least significant word of the Geneve header was 0.
|
|
PAN-273165
|
Fixed an issue where HTTP/2 sessions failed on the firewall when
Dynamic Memory Management was enabled.
|
|
PAN-273085
|
Fixed an issue on the web interface where you were unable to edit or
create policy rules.
|
|
PAN-273019
|
Fixed an intermittent issue where SSL decryption failed.
|
|
PAN-272021
|
(M-300 Appliances only) Fixed an issue where a split brain
condition was not triggered during an inter-Log Collector disconnect
between DLC firewalls in an Elasticsearch cluster, which resulted in
missing logs.
|
|
PAN-271926
|
Fixed an issue where TLS 1.3 decryption failed with a bad record MAC
error when the firewall was configured to decrypt and inspect TLS
traffic.
|
|
PAN-271828
|
Fixed an issue where, after an accumulation proxy changed to
no-decrypt or no proxy, only the Client Hello was sent to Content
Threat Detection.
|
|
PAN-270549
|
Fixed an issue where some TLS connections were not handled correctly,
which led to instability in the dataplane.
|
|
PAN-270248
| Fixed an issue where the firewall failed to forward logs to a SNMP trap server if the SNMP manager IP address was unable to be resolved. |
|
PAN-268815
|
Fixed an issue where the firewall entered a non-functional state due
to duplicate entries in the shared memory.
|
|
PAN-268727
| Fixed an issue where traffic was dropped when the accumulation proxy was enabled and header insertion modified packets. |
|
PAN-268229
|
Fixed an issue where the firewall stopped responding during session
setup for ECMP hit-count updates.
|
|
PAN-268215
|
(Panorama appliances in HA configurations only) Fixed an
issue where, when Elasticsearch was forming a cluster and the port
was disabled or disconnected and then reconnected, Elasticsearch did
not reform the cluster
|
|
PAN-267781
|
Fixed an issue where Panorama did not display the Source Dynamic
Address Group.
|
|
PAN-265742
|
Fixed an issue on the Panorama web interface where the
OK button on the GlobalProtect gateway
configuration dialog box was not clickable.
|
|
PAN-263987
|
Fixed an issue on the firewall where, when a NAT transversal IPSec
tunnel was terminated, and the NAT rule that was applied to the
NAT-T IPSec tunnel was on the same firewall, traffic flowing through
the tunnel was not correctly translated.
|
|
PAN-252036
|
Fixed an issue where, when the GlobalProtect portal was not
configured, accessing the GlobalProtect gateway still loaded a
portal malformed page.
|