PAN-OS 11.2.4-h9 Addressed Issues
Focus
Focus

PAN-OS 11.2.4-h9 Addressed Issues

Table of Contents

PAN-OS 11.2.4-h9 Addressed Issues

PAN-OSĀ® 11.2.4-h9 addressed issues.
Issue ID
Description
PAN-290239
(PA-455 firewalls in active/passive high availability (HA) configurations only) Fixed an issue where, after an upgrade, the TCP session for syslog forwarding did not resume after the syslog server service was disabled and then re-enabled, which caused logs to be dropped. This occurred when the syslog server was down for more than 16 minutes.
PAN-289102
(PA-7500 Series, PA-5410, PA-5420, PA-5430, PA-5440, PA-5445, PA-3400 Series, PA-1400 Series, PA-400 Series, VM-Series, and CN-Series firewalls only) Fixed a race condition issue related to predict processing, which resulted in a dataplane restart and traffic loss.
PAN-287002
A fix was made to address CVE-2025-0133.
PAN-285894
Fixed an issue where the all_task process stopped responding, which caused the firewall to reboot unexpectedly, and traffic failures occurred.
PAN-285651
(Panorama appliances in active/passive HA configurations on Microsoft Azure environments only) Fixed an issue on Panorama that caused firewalls to disconnect unexpectedly.
PAN-285590
(VM-Series firewalls on Amazon Web Services (AWS) GWLB environments only) Fixed an issue where the firewall CPU usage reached 100% after upgrading to PAN-OS 11.1.6-h1.
PAN-284066
Fixed an issue where, after an upgrade, the SNMP polled values for IF-MIB::ifInErrors displayed a high number of errors that did not match the values in the CLI show interface command.
PAN-283789
(Firewalls in HA configurations only) Fixed an issue where, after an upgrade, the mac receive error counter in receive incoming errors increased, which resulted in SNMP alerts.
PAN-283467
(PA-3400 Series firewalls only) Fixed an issue where the firewall unexpectedly rebooted and entered maintenance mode due to a ctd-agent out-of-memory (OOM) condition. This occurred during advanced services load testing and a high volume of IoT EAL log forwarding.
PAN-283331
Fixed an issue where selective pushes to managed devices failed when the User ID Master Device was configured.
PAN-282069
Fixed an issue on Panorama where Security policy rules were removed from device groups when you cloned or edited Security policy rules that used more than 63 characters.
PAN-280532
Fixed an issue where, after disabling and re-enabling the external syslog server, the TCP session was not resumed, which caused all logs that were forwarded to the syslog server to be dropped.
PAN-279621
Fixed an issue where processes stopped responding when HTTPS Forward traffic was run.
PAN-275077
Fixed an issue where DNS Security intermittently logs malicious domain URLs as Alert instead of taking a Sinkhole action, even when configured to Sinkhole malicious DNS domains.
PAN-274570
Fixed an issue where the devsrvr process restarted after a failed commit due to an invalid memory access.
PAN-274314
(PA-1400 Series, PA-3400 Series, and PA-5400 Series firewalls only) Fixed an issue where, when the pan_task process restarted, control plane packets were dropped, which could impact LACP and pings to host interfaces.
PAN-272006
Fixed an issue where the firewall did not trigger a kernel core dump as a large core when the CPLD (Complex Programmable Logic Device) sent a Non-Maskable Interrupt (NMI) to the CPU.
PAN-271913
Fixed an issue on firewalls in HA configurations where, when using the Cloud Identity Engine (CIE), the firewall experienced consistent memory leaks on the active firewall, which caused unexpected failovers.
PAN-271273
Fixed an issue where dynamic update downloads failed when IPv6 firewalling was enabled on the firewall and both IPv4 and IPv6 were configured on the management interface.
PAN-270379
Fixed an issue where socket files created in the /tmp directory were not cleared.
PAN-269052
Fixed an issue where traffic was blocked by a URL filtering profile even though the Security policy rule did not have a URL filtering profile configured.
PAN-269027
Fixed an issue related to external dynamic lists that caused commit times on the firewall to be higher than expected.
PAN-268708
Fixed an issue where PDF summary and email reports displayed IPv6 addresses instead of IPv4 addresses.
PAN-268705
Fixed an intermittent issue where the firewall failed to process FTP traffic after upgrading to PAN-OS 10.1.14.
PAN-268127
Fixed an issue where tagging devices in Panorama did not work as expected.
PAN-267444
Fixed an issue where large file downloads or uploads failed or remained in an incomplete state when using DLP HTTP2 mirror mode.
PAN-266900
Fixed an issue on the Panorama web interface where you were unable to click OK after selecting an install package type and file from the dropdown and selecting a firewall.
PAN-265745
Fixed an issue where the firewall displayed incorrect MAC receive error counters for VMWare devices hosted in ESXi.
PAN-263973
Fixed an issue where log collectors had a low incoming log rate.
PAN-261825
Fixed an issue where traffic was dropped when Data Loss Prevention or Advanced URL Filtering were enabled. This occurred when the payload size was greater than 3.5 KB.
PAN-261673
(VM-Series firewalls on Microsoft Azure environments only) Fixed an issue where, when Accelerated Networking was enabled, traffic was dropped because of the flow_parse_ip_hdr counter related to an Nvidia driver issue.
PAN-261429
Fixed an issue where the show auth radius-require-msg-authentic CLI command displayed no output.
PAN-259706
Fixed an issue on Panorama where the web interface was slower than expected or unresponsive when monitoring definitions were added in the Kubernetes plugin.
PAN-258680
Fixed an issue on Panorama where, when you removed Security profile groups from a Security policy rule via the CLI and committed the change, the Security policy rule was deleted.
PAN-257267
(VM-Series firewalls only) Fixed an issue where a warning message was displayed after a commit, and a critical system log was generated when the configuration size exceeded the maximum size.
PAN-255619
Fixed an intermittent issue where file downloads from websites failed when decrypting HTTP/2 traffic.
PAN-254901
Fixed an issue where GlobalProtect user-to-IP address mapping was removed even though the tunnel for the specific user was up and traffic was being passed.
PAN-252669
Fixed an issue where the ikemgr process stopped responding with a SIGSEGV error.