Fixed an issue where SSL decryption certificates were not automatically configured. If decryption is required, you must configure certificate settings manually before pushing the configuration to the device.

To configure:

Fixed an issue where the firewall upgrades failed at the initial stage with the message: "Version 11.1.0 not downloaded / uploaded".

Fixed an issue where a commit would fail on the Firewall if a decryption policy is configured with SSL forward proxy did not include an SSL decrypt certificate. To avoid commit failure, ensure that an SSL decrypt certificate is configured.

Fixed an issue where configuring Snippets by navigating to ManageConfigurationNGFW and Prisma Access Overview and expanding the Configuration Scope to view Snippets resulted in commit failures on the firewall. The issue was caused by a key synchronization issue due to an HTTP server configuration option requiring a password.

Fixed an issue where a validation error appeared when assigning and pushing a snippet and rulebase with the same name. This occurred in the following navigation path:

Workaround: Use unique names for snippet and rulebase to avoid this error.

Fixed an issue The GP Portal node will get pruned if the interface is used in GP Portal is not local to the FW i.e. it has come from SCM.

Fixed an issue where editing an existing WebSec rule and saving it caused a partial push to the firewall, resulting in a validation job failure.

Fixed an issue where onboarding of mobile user failed with the tenant default configuration, due to the missing dir-sync configuration.

Fixed an issue where the certificate profile was missing in the GlobalProtect configuration within the imported snippet.

Fixed an issue where client certificates from Strata Cloud Manager pushed configurations were pruned during reverse transformation. This caused the certificates to be missing when pushing the associated snippet to the firewall.

Fixed an issue where interface and SSL/TLS service profiles from the Strata Cloud Manager pushed configurations were missing in the GlobalProtect portal. These profiles were pruned during reverse transformation to the Strata Cloud Manager.

Fixed an issue where Gateway Satellite Tunnel Monitoring and Network Settings were pruned after reverse transform and push to firewall 2, making them unavailable post push.

Fixed an issue where downgrading the firewall from Release 11.2.x to Release 10.2.using the software upgrade feature was not possible.

Fixed an issue where pushing a configuration that is referencing another serial number caused the push to fail on the targeted firewall pair.

Fixed an issue where all configurations in the client-less VPN node were being pruned when pushed to a different firewall.

Fixed an issue that caused the bootstrap process to fail due to a software installation error.

Fixed an issue where creating a decryption rule locally on the firewall using a cloned object name did not display the Conflict icon for the cloned object.

Fixed an issue where an error message appeared when navigating to Authentication ProfilesIdentity ServicesAuthenticationAuthentication Profiles page.

Fixed an issue where users had to create a new policy after adding an SLS license for firewalls to begin sending logs to SLS. Existing policies pushed before the license change will not send logs to SLS.

Fixed an issue where the HA cluster configuration displayed two clusters with the same name in the UI. Additionally, attempting to edit the HA pair resulted in a blank screen, preventing any modifications.

Workaround: Enable Mobile Users.

Fixed an issue where the target device count on the Schedules page displayed as zero, even though the associated rule had target devices.

Workaround: Clear the browser cache and reload the page. The target devices count should then display correctly.

Fixed an issue where configuring the Mobile User Infrastructure settings, if you click the Advanced Settings, the DDNS Configuration section appears in red, suggesting as a required configuration, though it is not.

As a workaround, collapse and reopen the Advanced Settings section. The DDNS Configuration section won't appear as required.

Fixed an issue where PAC files larger than approximately 150 KB was failing to upload to Strata Cloud Manager, resulting in a request failed with status code 414 error.

Fixed an issue where ConfigPush was failing due to Layer 3 Aggregate Ethernet group in the imported snippet.

Fixed an issue where the performance was impacted if the number of IP pools per project exceeded 50.

Fixed an issue where the Mobile UserDDNS Configuration page didn't show the previously configured Dynamic DNS settings.

As a workaround, click on a different section and then return to the Mobile UserDDNS Configuration.

Fixed an issue where, when setting up a forwarding profile, the forwarding profile Type was displayed as ZTNA Agent instead of Prisma Access Agent. Also, if you selected Add Forwarding Profile, the drop-down displayed ZTNA Agent instead of Prisma Access Agent.

Fixed an issue where custom certificates at the device level were moved up to All container in Strata Cloud Manager. When certificates were pushed from the Strata Cloud Manager, they were also being pushed along. If you do not want to push certificates to other devices, it's advisable to move the certificates to the device level.

Added a validation to check agent configuration is not set to tunnel or hybrid mode when Enable Portal only for Proxy Mode on GlobalProtect is enabled under GlobalProtect setup.

Fixed an issue where the push with an incomplete HA pair was not working. To support HA devices in an Auto VPN cluster, both devices in the HA pair must be present together in the cluster. There is no validation in place for this and will fail the push.

Fixed an issue where you were allowed to create more than one project with the same domain and user groups if the projects were configured from different configuration snippets.

Fixed an issue where the Bandwidth Management tab displayed a blank page if the MCW configuration was present under remote networks.

Call /spiffy/v1/bp/result/policies/security_rule for a tenant.

Result: id = 3 has old check_name 'The rule Description is not populated'. The response will contain the old name. Even when new BPA analysis has been completed - the check_name remains the same.

Fixed an issue where changing the configuration was necessary to generate the new BPA report.

Fixed an issue, where pushing any Auto VPN configuration changes resulted in all admin changes being applied to all devices within the pushed VPN cluster.

Fixed an issue, wherein enabling Remote Browser Isolation (RBI) without adding any infrastructure settings and subsequently pushing the configuration changes to a remote network led to a successful push, yet the RBI configuration remained unavailable on the firewall.

Fixed an issue, where the egress IP allowlist would update automatically upon navigating to WorkflowsPrisma Access SetupGlobalProtectPrisma Access Locations page.

Fixed an issue where the configured GlobalProtect IPSec Crypto profile couldn’t be deleted or cloned since the WorkflowsPrisma Access SetupGlobalProtectGlobalProtect AppGlobal App Settings page did not show the configured GlobalProtect IPSec Crypto profiles.

Fixed an issue where the IP Restrictions weren’t accurately enforced when configured with an IP address range.