>
    Strata Copilot
    PAN-OS 9.1.12 Addressed Issues
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. PAN-OS 9.1 Addressed Issues
    4. PAN-OS 9.1.12 Addressed Issues
    Download PDF

    PAN-OS 9.1.12 Addressed Issues

    Table of Contents
    End-of-Life (EoL)

    PAN-OS 9.1.12 Addressed Issues

    PAN-OS® 9.1.12 addressed issues.
    Issue ID
    Description
    PAN-181076
    Fixed an issue where commit failures occurred when an External Dynamic List (EDL) that contained many IP addresses was used in a Security policy.
    PAN-179750
    A CLI command was added to set the virtual memory limit in dedicated log collectors.
    PAN-179581
    Fixed an issue on firewalls in high availability configurations where a process (brdagent) stopped responding on a suspended active peer, which caused the suspended firewall to continue sending traffic.
    PAN-179356
    (5200-Series firewalls only) Fixed an issue where configuration commits failed due to the dataplane running out of memory in the policy cache.
    PAN-178953
    Fixed an issue with the GlobalProtect Clientless VPN where, when an application sent a negative max age value on a cookie, part of the cookie was retained by PAN-OS and used for the subsequent connection on the user session.
    PAN-178363
    Fixed an issue where a process (mgmtsrvr) wasn't restarted after the virtual memory limit was exceeded.
    PAN-176862
    (VM-Series firewalls only) Fixed an issue where the firewall didn't attempt to connect to a log collector when the management IP address used DHCP.
    PAN-176461
    Fixed an issue where a process (mdb) stopped responding after downgrading from a PAN-OS 9.1 release to an earlier release due to discrepancies in the mongodb process version.
    Note: To utilize this fix, first install a PAN-OS 9.0 release on the web interface, and then, prior to reboot, run the following CLI command: debug mongo clear instance mdb.
    PAN-176364
    Fixed an issue where multiple operations (such as a commit or dynamic updates) failed due to a race condition in the cryptod fallback mechanism.
    PAN-176131
    Fixed an issue where the Simple Network Management Protocol (SNMP) object identifier (OID) for panSessionCps did not show the correct session count.
    PAN-176032
    Fixed an issue where a process (authd) process stopped responding, which caused authentication to fail.
    PAN-175934
    Fixed an issue where packed-based zone protection settings (such as Strict IP Address Check) were not applied to return traffic.
    PAN-175652
    Fixed an issue where SSL decryption failed for websites when they were accessed from Google Chrome version 92 or higher.
    PAN-175307
    Fixed an issue where Panorama commits were slower than expected and the configd process stopped responding due to a memory leak.
    PAN-174894
    Fixed an issue where, when the time-to-live (TTL) value for symmetric MAC entries weren't updated to other dataplanes and HA peers, timeouts occurred for traffic using policy-based forwarding (PBF) with symmetric returns.
    PAN-174886
    Fixed an issue where scheduled customer reports displayed as empty when the configured destination was an address group.
    PAN-174864
    Fixed an issue on the Panorama interface where Deploying Master Key to low-end devices resulted in a Failed to communicate message, even when the new master key was updated on the end device. This issue occurred because a master key deployment had insufficient time to process due to a connection timeout.
    PAN-174161
    Fixed an issue in Panorama that occurred when attempting to disable override on an object from a child device group did not work after cloning and renaming the object.
    PAN-174055
    Fixed an issue where SNMP readings reported as 0 for dataplane interface packet statistics for Amazon Web Services (AWS) m5n.4xlarge instance types. This issue occurred because the physical port counters read from MAC addresses were reported as 0.
    PAN-173978
    Fixed an issue where the Elasticsearch process continuously restarted if zero-length files were present.
    PAN-173893
    Fixed a memory leak issue related to the (useridd) process that occurred when group mapping is enabled.
    PAN-173753
    Fixed an issue where a bar or point on a Network Monitor graph had to be clicked more than once to properly redirect to the corresponding ACC report.
    PAN-173545
    Fixed an issue where exporting a device summary to CSV failed and displayed the following error message: Error while exporting.
    PAN-173509
    Fixed an issue where Superuser administrators with read-only privileges (Device > Administrators and Panorama > Administrators) were unable to view the hardware ACL blocking setting and duration in the CLI using the following commands:
    • show system setting hardware-acl-blocking-enable
    • show system setting hardware-acl-blocking-duration
    PAN-173157
    Fixed an issue with the HA1 monitor hold timer where the configured value was not assigned to the HA1 backup interface, which used the default hold timer (3000 milliseconds), which resulted in failover events taking longer than expected.
    PAN-173076
    (Panorama appliances in FIPS mode only) Fixed an issue where the FIPS Panorama / FIPS firewall schema didn't prune non-FIPS options from the GlobalProtect Clientless VPN.
    PAN-172834
    Fixed a memory leak issue related to the useridd process that occurred when processing IP-address-to-username mappings.
    PAN-172783
    Fixed an issue on an HA active/passive configuration where old GPRS tunneling protoc0l (GTP-U) tunnel sessions did not sync to the passive firewall during some upgrades, such as upgrading from a PAN-OS 8.1 release version to a 9.0 release version or upgrading from a 9.0 release version to a 9.1 release version.
    PAN-172775
    Fixed an issue in Panorama where the configd process stopped responding due to a memory issue with memcpy bson_append.
    PAN-172748
    (VM-Series firewalls only) Fixed an issue where a process (all_task) stopped responding.
    PAN-172396
    Fixed a memory leak issue related to the useridd process.
    PAN-172324
    Fixed an issue on the Panorama web interface where custom vulnerability signature IDs weren't populated in the drop-down when creating a custom combination signature.
    PAN-172316
    Fixed an issue where the internal interface flow control that caused the monitoring process to incorrectly determine the interface to be malfunctioning.
    PAN-172200
    Fixed an issue where a process (configd) restarted due to memory corruption in the show dynamic-address-group CLI command during commits, commit and push operations, and high availability Panorama syncs.
    PAN-171696
    (PA-800 and PA-400 Series firewalls and PA-220 firewalls only) Fixed an issue where the management plane CPU was incorrectly reported to be high.
    PAN-171367
    Fixed an issue in active/active HA configuration where session disconnected during an upgrade from a PAN-OS 9.0 release to a PAN-OS 9.1 release.
    PAN-171203
    Fixed an issue in an HA configuration where, when one firewall was active and its peer was in a suspended state, the suspended firewall continued to send traffic, which triggered the detection of duplicate MAC addresses.
    PAN-171159
    Fixed a memory leak on the configd process on Panorama caused during multi-clone operations for rules.
    PAN-170936
    Fixed an issue where the firewall egressed offloaded frames out of order after an explicit commit (Commit on the firewall or Commit All Changes on Panorama) or an implicit comment such as an Antivirus update, Dynamic Update, or WildFire update.
    Note This issue persists for a network-related configuration and commit.
    PAN-170595
    Fixed an issue with Content and Threat Detection where traffic patterns created a bus error, which caused the all_pktproc process to stop responding and the dataplane to restart.
    PAN-170466
    Fixed an memory reference issue related to the devsrvr process that caused the process to stop responding.
    PAN-169899
    Fixed an issue on firewalls with offload processors where the ECMP forced symmetric return feature didn't work for CRE traffic after the session was offloaded.
    PAN-169347
    Fixed an issue where a process (authd) stopped responding due to an invalid null pointer.
    PAN-169300
    Debug logs were added to troubleshoot WildFire submission issues.
    PAN-169173
    Fixed an issue where, if you continuously performed partial commits of a configuration with a high number of Dynamic Address Groups, Panorama became unresponsive and commits were slower than expected.
    PAN-168261
    Fixed a cosmetic issue where the WildFire submission log displayed the sha256 of the original email link.
    PAN-168189
    Fixed an issue where, even when there was active multicast traffic, the firewall sent Protocol Independent Multicast (PIM) prune messages.
    PAN-167560
    Fixed an issue where the Panorama appliance didn't return inherited device group locations pertaining to Security policies for REST API queries.
    PAN-167329
    Fixed an issue where Zero Touch Provisioning (ZTP) flow did not complete.
    PAN-167115
    Fixed an issue where, after upgrading to 10.0.3, admin sessions on Panorama were not logged out after the idle timeout expired.
    PAN-167087
    Fixed an issue where the focus was not set on the free text field when requesting a token code on the Authentication Portal.
    PAN-166686
    Fixed an issue where EDNS responses dropped when the original request was DNS.
    PAN-166202
    Fixed an issue with an extra character in HTTP Strict Transport Security (HSTS) regression tests when accessing the GlobalProtect gateway.
    PAN-166180
    Fixed an issue with snmpv3 trap not processed by snmptrap receiver after firewall reboot.
    PAN-166091
    Fixed an issue where the firewall dropped policy-based forwarding (PBF) keepalive responses.
    PAN-165433
    Fixed an intermittent issue where Cortex Data Lake failed to reconnect after a disconnect if a management IP address used for logging had an IP address assignment type of DHCP.
    PAN-165147
    Fixed an issue where, when there was a high volume of traffic for sessions with Application Block Pages enabled, other regular packets were dropped.
    PAN-162374
    Fixed an issue where the firewall rebooted unexpectedly and displayed the following message: Reboot SYSTEM REBOOT Masterd Initiated.
    PAN-162174
    Fixed an issue where, when the firewall received a configuration from Panorama with no URL category, it was automatically configured as Any.
    PAN-161964
    Fixed an issue where email header from fields in threat logs were truncated due to line folding in the original message.
    PAN-161940
    Fixed an issue where the firewall did not honor the peer RX interval timeout in a Bidirectional Forwarding Detection (BFD) INIT state.
    PAN-161726
    Fixed an issue where the show high-availability all output incorrectly displayed the VM-Series firewall license type on physical firewalls.
    PAN-161496
    Fixed an issue when calculating the incremental checksum after a post-NAT translation where the arguments to pan_in_cksm32_diff overflowed the 32-bit integer.
    PAN-161031
    Fixed an issue where authentication via LDAP server failed in FIPS-CC mode when the LDAP server profile was configured with the root certificate chain and Verify server certificate for SSL sessions options enabled.
    PAN-160708
    Fixed an issue where the dataplane restarted after configuring a deny_all policy.
    PAN-158931
    Fixed an issue where the email header subject field in the threat logs were truncated due to line folding in the original message.
    PAN-158753
    (Panorama virtual appliances in Legacy mode only) Fixed an issue where GlobalProtect logs were not forwarded to the external syslog server over TCP.
    PAN-158056
    Fixed an issue where DDNS updates generated contradictory system logs, the first displaying that the update failed with critical severity and the second displaying that the update was successful.
    PAN-157365
    (PA-7050 firewalls only) Fixed an issue where a process (all_pktproc) stopped responding after an upgrade.
    PAN-156478
    Fixed an issue where a process (allpktproc) restarted while processing SMTP traffic.
    PAN-155448
    Fixed an issue where credential detection didn't work in IP address-to-username mapping mode because the firewall compared the unnormalized IP-address-to-username mapping format to the normalized username extracted from the payload where the username and password were submitted.
    PAN-154305
    Fixed an issue where a process (mgmtsrvr) stopped responding when a license fetch operation was performed.
    PAN-153527
    Fixed an issue where DNS security wasn't triggered when the DNS Security profile was incorrectly internally duplicated to a null DNS Security profile.
    PAN-151264
    Fixed an issue where using the ampersand (&) character in URLs submitted via XML API caused an error.
    PAN-150848
    Fixed an issue where the firewall dropped TCP FIN traffic due to the server-to-client FIN traffic being out of order.
    PAN-150445
    Fixed an issue where the firewall did not translate IP addresses in Layer 7 payloads as per NAT translation for Oracle Application Server traffic.
    PAN-149314
    Fixed an issue where lookup of a security rule with a custom URL category on a multi-virtual system (vsys) failed when vsys<id>+ was not in the beginning the category name.
    PAN-148554
    Fixed an issue where the user was able to bypass URL credential phishing by changing the username from lower case to upper case.
    PAN-147256
    (Firewalls in HA configurations only) Fixed an issue where connections to the SafeNet hardware security module (HSM) were lost after upgrading to a new major PAN-OS release.
    PAN-147228
    Fixed an issue where an application's domain name didn't resolve if the cache was disabled on the DNS Proxy object being used in the GlobalProtect Clientless VPN.
    PAN-145833
    (PA-3200 Series firewalls only) Fixed an issue where the firewall stopped recording dataplane diagnostic data in dp-monitor.log after a few hours of uptime.
    PAN-144340
    (PA-7000 Series firewalls only) Fixed an issue where some slots in the firewall did not get registered as up in a process (useridd), which caused the process to ignore IP address-to-user mappings to those slots.
    PAN-141454
    Fixed an issue where the output of the CLI command show running resource-monitor ingress-backlogs displayed an incorrect total utilization value.
    PAN-141037
    Fixed an issue where Windows-1252 encoded filenames triggered an Unknown Binary File (52081) type signature.
    PAN-129147
    Fixed an intermittent issue on the web interface where new threat IDs did not appear under Exception settings (Objects > Security Profiles > Anti-Spyware > Exceptions or Objects > Security Profiles > Vulnerability Protection > Exceptions).
    PAN-128590
    Fixed an issue where connection collisions occurred between BGP peers.
    PAN-123935
    (PA-3200 Series firewalls only) Fixed an issue where packets with a specific MAC address were misinterpreted as 802.1QA tunneled packets, which resulted in incorrect VLAN tags that caused the packets to be dropped.
    PAN-119198
    Fixed an issue where ECMP strict-source-path did not work with IPSec.
    PAN-113046
    (PA-5200 Series firewalls only) Fixed an issue where a process (brdagent) stopped responding, which caused the management plane to stop responding.
    PAN-112674
    Fixed an issue where an escape ( \ ) character was added to HTTP logs when a log contained a comma.

    © 2026 Palo Alto Networks, Inc. All rights reserved.