PAN-OS 11.2.7-h8 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
PAN-OS 11.2.7-h8 Addressed Issues
PAN-OSĀ® 11.2.7-h8 addressed issues.
Issue ID | Description |
|---|---|
|
PAN-308727
|
Fixed an issue where traffic logs for Remote
Networks displayed the source zone as
trust instead of the remote network
name.
|
|
PAN-308468
|
Fixed an issue where the firewall rebooted due to the
all_task process restarting.
|
|
PAN-303051
|
Fixed an issue on Panorama where a memory leak occurred related to
the reportd process due to retaining memory that was
temporarily used for report generation instead of releasing the
memory for reuse, which resulted in continuous accumulation and
memory exhaustion.
|
|
PAN-302927
|
Fixed an issue where, after upgrading Panorama, the Push
to Devices option did not display selected devices,
and the OK and Cancel
buttons did not function as expected. Selecting
OK did not close the window, and
selecting Cancel returned to the main push
screen with the push selected devices displaying as empty. Despite
this, selecting Push or Validate
Device Group Push still pushed to the previously
canceled, non-displayed devices.
|
PAN-301801 | Fixed an issue on Log Collectors where the Elasticsearch process fluctuated intermittently between green and red states, which led to interruptions in log collection. This issue occurred when the number of shards exceeded the cluster's maximum supported threshold of greater than 1000 shards per Elasticsearch instance.
|
PAN-301691 | Fixed an issue where BGP stopped responding with the error message Too many open files when pushing 1000 eBGP (External BGP) neighbor configurations. With this fix, the number of file descriptors for the BGP process is increased from 1024 to 8192.
|
PAN-301456 | Fixed an issue on Panorama where the debug system reset-ztp CLI command was unavailable.
|
PAN-300216 | Fixed an issue where, when SD-WAN Direct Internet Access was configured and traffic traversed the cellular interface without a NAT policy rule, intermittent cellular modem connectivity issues occurred, which caused the firewall to disconnect and reconnect to the cellular network.
To use this fix, run the CLI command set session teardown-upon-fwd-zonechange yes.
|
|
PAN-300138
|
Fixed an issue where DNS queries stalled or repeatedly time out due
to multiple DNS responses with different CNAME values causing
evasion false positive alerts.
|
PAN-299772 | (VM-Series firewalls in active/passive configurations only) Fixed an issue where, after an HA failover event, the newly active firewall DHCP client interfaces failed to obtain IP addresses automatically. This occurred because the DHCP client processes did not initiate the necessary DHCP discover or renew requests
|
PAN-297976 | Fixed an issue where the firewall experienced extended boot times after a reboot due to the configd process needing to rebuild the ACE catalog after detecting discrepancies that were caused by duplicate application checking between the ACE catalog and content.
|
|
PAN-297610
|
Fixed an issue where the firewall became unresponsive after an
upgrade due to the fsck command scanning drive
partitions in parallel with the root partition, which caused the
process to take an extended amount of time.
|
PAN-297005 | Fixed an issue where exporting custom reports resulted in empty CSV files.
|
|
PAN-296977
|
Fixed an issue where the web interface became unresponsive when
attempting to view Ethernet interface details
after applying a filter in NetworkInterfaces
|
|
PAN-296752
|
(PA-1410 Firewalls only) Fixed an issue where the firewall
experienced high management CPU usage and repeatedly rebooted when
attempting to retrieve SMART data.
|
|
PAN-296694
|
Fixed an issue where the firewall rebooted due to the
useridd process repeatedly restarting during an
IP-port data type writes to the redis from multiple sources such as
TSA or XML in a scale environment.
|
|
PAN-296535
|
Fixed an issue on the firewall where BGP peers disconnected when more
than 500 BGP neighbors were configured in a single Logical
Router
|
PAN-295899 | Fixed an issue where DNS resolution failed on Linux machines running GlobalProtect client version 6.2.6 when connected with DNS Security enabled. This occurred because the firewall incorrectly discarded DNS packets when processing multiple DNS requests or responses over the same session, even when no malicious verdict was received.
|
PAN-295342 | Fixed an issue where the pan_comm process stopped responding due to insufficient time allocated to read file descriptors when processing long messages.
|
PAN-295049 | Fixed an issue where the logrcvr process stopped responding due to memory allocation errors during Redis communication.
|
|
PAN-293985
|
Fixed an issue with the Panorama web interface where admin users were
unable to log in and received the error message 504:
Gateway Timeout.
|
|
PAN-292770
|
Fixed an issue where, after reinstalling the device certificate,
delayed telemetry data was displayed in AIOPS.
|
PAN-291661 | Fixed an issue on Panorama appliances and Log Collectors where, after an upgrade, Elasticsearch intermittently entered into a Red state before automatically recovering.
|
PAN-288388 | Fixed an issue where, after an EDL certificate update or repository migration, authentication failures caused the firewall to not fall back to the last successfully cached EDL entries, which led to policy rules that referenced the EDL to not be enforced.
|
|
PAN-287842
|
Fixed an issue where the comm process stopped responding
due to missing heartbeats, which resulted in a system alert and HA
communication loss on slot1.
|
PAN-285169 | Fixed an issue on Panorama where Kerberos superusers were unable to edit policy rules because the target device tab was grayed out.
|
|
PAN-281797
|
Fixed an issue where firewalls became unstable and stopped
responding, which resulted in an OOM condition.
|
|
PAN-280917
|
Fixed an issue on Panorama where the WildFire cloud URL contained an
extra period character, which prevented the retrieval of WildFire
analysis reports.
|
|
PAN-279829
|
Fixed an issue where NAT pool leaks occurred during a test when RTSP
traffic hit NAT rules.
|
|
PAN-270554
|
Fixed an issue where the GlobalProtect client (UWP) or metered
hotspot connections triggered TLS resumption fo GlobalProtect portal
authentication, which caused the portal authentication to fail with
a valid cert required error.
|
|
PAN-264131
|
Fixed an issue where the routed process core failed the
automation run.
|
PAN-209516 | Fixed an issue where, when creating an interface, an error occurred when you clicked OK without providing a value in the Tag field even though the field was not displayed as mandatory.
|
PAN-185731 | Fixed an issue where the firewall was unable to parse the URL path and host when the host header was located in a different packet, which resulted in the firewall not logging the URL path in the first packet.
The fix is disabled by default. The following CLI commands can be used to enable/disable the feature:
set system setting ctd url-crosspkt-host-path-caching enable
set system setting ctd url-crosspkt-host-path-caching disable
set system setting ctd url-crosspkt-host-path-caching default
|