PAN-OS 11.0.1 Addressed Issues
Focus
Focus

PAN-OS 11.0.1 Addressed Issues

Table of Contents

PAN-OS 11.0.1 Addressed Issues

PAN-OSĀ® 11.0.1 addressed issues.
Issue ID
Description
PAN-231823
A fix was made to address CVE-2024-5916.
PAN-216656
Fixed an issue where the firewall was unable to fully process the user list from a child group when the child group contained more than 1,500 users.
PAN-215911
Fixed an issue that resulted in a race condition, which caused the configd process to stop responding.
PAN-215488
Fixed an issue where an expired Trusted Root CA was used to sign the forward proxy leaf certificate during SSL Decryption.
PAN-210561
Fixed an issue where the all_task process repeatedly restarted due to missed heartbeats.
PAN-210513
Fixed an issue where Captive Portal authentication via SAML did not work.
PAN-210481
Fixed an issue where botnet reports were not generated on the firewall.
PAN-210449
Fixed an issue where the value for shared objects used in policy rules were not displayed on multi-vsys firewalls when pushed from Panorama.
PAN-210331
Fixed an issue where the firewall did not send device telemetry files to Cortex Data Lake with the error message send the file to CDL receiver failed.
PAN-210327
(PA-5200 Series firewalls only) Fixed an issue where upgrading to PAN-OS 10.1.7, an internal loop caused an increase in the packets received per second.
PAN-210237
Fixed an issue where system logs generated by Panorama for commit operations showed the severity as High instead of Informational.
PAN-210080
Fixed an issue where the useridd process stopped responding when add and delete member parameters in an incremental sync query were empty.
PAN-209799
Fixed an issue where logging was not disabled on passive nodes, which caused the logrcvr to stop responding.
PAN-209491
Fixed an issue on the web interface where the Session Expire Time displayed a past date if the device time was in December.
PAN-209069
Fixed an issue where IP addresses in the X-Forwarded-For (XFF) field were not logged when the IP address contained an associated port number.
PAN-209036
Fixed an issue where the dataplane restarted, which led to slot failures occurring and a core file being generated.
PAN-208987
(PA-5400 Series only) Fixed an issue where packets were not transmitted from the firewall if its fragments were received on different slots. This occurred when aggregate ethernet (AE) members in an AE interface were placed on a different slot.
PAN-208922
A fix was made to address an issue where an authenticated administrator was able to commit a specifically created configuration to read local files and resources from the system (CVE-2023-38046).
PAN-208930
(PA-7000 Series firewalls only) Fixed an issue where auto-tagging in log forwarding did not work.
PAN-208902
Fixed an issue where, when a client sent a TCP/FIN packet, the firewall displayed the end reason as aged-out instead of tcp-fin.
PAN-208724
Fixed an issue where port pause frame settings did not work as expected and incorrect pause frames occurred.
PAN-208718
Additional debug information was added to capture internal details during traffic congestion.
PAN-208711
(PA-5200 Series firewalls only) The CLI command debug dataplane set pow no-desched yes/no was added to address an issue where the all_pktproc process stopped responding and caused traffic issues.
PAN-208537
Fixed an issue where the licensed-device-capacity was reduced when multiple device management license key files were present.
PAN-208525
Fixed an issue where Security policy rules with user groups did not match when Kerberos authentication was configured for explicit proxy.
PAN-208485
Fixed an issue where NAT policies were not visible on the CLI if they contained more than 32 characters.
PAN-208343
Fixed an issue where telemetry regions were not visible on Panorama.
PAN-208157
Fixed an issue where malformed hints sent from the firewall caused the logd process to stop responding on Panorama, which caused a system reboot into maintenance mode.
PAN-207940
Fixed an issue where platforms with RAID disk checks were performed weekly, which caused logs to incorrectly state that RAID was rebuilding.
PAN-207740
Fixed an issue that resulted in a race condition, which caused the configd process to stop responding.
PAN-207738
Fixed an issue where the ocsp-next-update-time CLI command did not execute for leaf certificates with certificate chains that did not specify OCSP or CRL URLs. As a result, the next update time was 60 minutes even if a different time was set.
PAN-207663
Fixed a Clientless VPN issue where JSON stringify caused issues with the application rewrite.
PAN-207629
Fixed an issue where a selective push to firewalls failed if the firewalls were enabled with multiple vsys and the push scope contained shared objects in device groups.
PAN-207610
(PA-5200 Series and PA-7000 Series firewalls only) Fixed an issue where Log Admin Activity was not visible on the web interface.
PAN-207601
Fixed an issue where URL cloud connections were unable to resolve the proxy server hostname.
PAN-207426
Fixed an issue where a selective push did not include the Share Unused Address and Service Objects with Devices option on Panorama, which caused the firewall to not receive the objects during the configuration push.
PAN-207400
Fixed an issue on Octeon based platforms where fragmented VLAN tagged packets dropped on an aggregate interface.
PAN-207390
Fixed an issue where, even after disabling Telemetry, Telemetry system logs were still generated.
PAN-207260
A commit option was enabled for Device Group and Template administrators after a password change.
PAN-207045
(PA-800 Series firewalls only) Fixed an issue where PAN-SFP-SX transceivers used on ports 5 to 8 did not renegotiate with peer ports after a reload.
PAN-206963
(M-700 Appliances only) A CLI command was added to check the status of each physical port of a bond1 interface.
PAN-206858
Fixed an issue where a segmentation fault occurred due to the useridd process being restarted.
PAN-206755
Fixed an issue when a scheduled multi-device group push occurred, the configd process stopped responding, which caused the push to fail.
PAN-206684
(PA-7000 Series firewalls with Log Forwarding Cards (LFCs) only) Fixed an issue where, after upgrading the firewall from a PAN-OS 10.0 release to a PAN-OS 10.1 release, the firewall did not duplicate logs to local log collectors or to Cortex Data Lake when a device certificate was already installed.
PAN-206658
Fixed a timeout issue in the Intel ixgbe driver that resulted in internal path monitoring failure.
PAN-206466
Fixed an issue where the push scope was displaying duplicate shared objects for each device group that were listed under the shared-object group.
PAN-206393
(PA-5280 firewalls only) Fixed an issue where memory allocation errors caused decryption failures that disrupted traffic with SSL forward proxy enabled.
PAN-206382
Fixed an issue where authentication sequences were not populated in the drop down when selecting authentication profiles during administrator creation in a template.
PAN-206251
(PA-7000 Series firewalls with Log Forwarding Cards (LFCs) only) Fixed an issue where the logrcvr process did not send the system-start SNMP trap during startup.
PAN-206233
Fixed an issue where the pan_comm process stopped responding when a content update and a cloud application update occurred at the same time.
PAN-206128
(PA-7000 Series firewalls with NPCs (Network Processing Cards) only) Improved debugging capability for an issue where the firewall restarted due to heartbeat failures and then failed with the following error message: Power not OK.
PAN-206069
Fixed an issue where the firewall was unable to boot up on older Intel CPUs.
PAN-206017
Fixed an issue where the show dos-protection rule command displayed a character limit error.
PAN-206005
(PA-1400 Series, PA-3400 Series, and PA-5440 firewalls only) Fixed an issue where the l7_misc memory pool was undersized and caused connectivity loss when the limit was reached.
PAN-205877
(PA-5450 firewalls only) Added debug commands for an issue where a MAC address flap occurred on a neighbor firewall when connecting both MGT-A and MGT-B interfaces.
PAN-205829
Fixed an issue where logs did not display Host-ID details for GlobalProtect users despite having a quarantine Security policy rule. This occurred due to a missed local cache lookup.
PAN-205804
Fixed an issue on Panorama where a WildFire scheduled update for managed devices triggered multiple UploadInstall jobs per minute.
PAN-205729
(PA-3200 Series and PA-7000 Series firewalls only) Fixed an issue where the CPLD watchdog timeout caused the firewall to reboot unexpectedly.
PAN-205699
Fixed an issue where the cloud plugin configuration was automatically deleted from Panorama after a reboot or a configd process restart.
PAN-205698
Fixed an issue where GlobalProtect authentication did not work on Apple MacOS devices when the authentication method used was CIE with SAML Authentication.
PAN-205590
Fixed an issue where the fan tray fault LED light was on even though no alarm was reported in the system environment.
PAN-205453
Fixed an issue where running reports or queries under a user group caused the reportd process to stop responding.
PAN-205396
Fixed an issue where SD-WAN adaptive SaaS path monitoring did not work correctly during a next hop link down failure.
PAN-205260
Fixed an issue where there was an IP address conflict after a reboot due to a transaction ID collision.
PAN-205255
Fixed a rare issue that caused the dataplane to restart unexpectedly.
PAN-205231
Fixed an issue where a commit operation remained at 55% for longer than expected if more than 7,500 Security policy rules were configured.
PAN-205211
Fixed an issue where the reportd process stopped responding while querying logs (Monitor > Logs > <logtype>).
PAN-205096
Fixed an issue where promoted sessions were not synced with all cluster members in an HA cluster.
PAN-204749
Fixed an issue where sudden, large bursts of traffic destined for an interface that was down caused packet buffers to fill, which stalled path monitor heartbeat packets.
PAN-204581
Fixed an issue where, when accessing a web application via the GlobalProtect Clientless VPN, the web application landing page continuously reloaded.
PAN-204575
(PA-7000 Series firewalls with Log Forwarding Cards (LFCs) only) Fixed an issue where the firewall did not forward logs to the log collector.
PAN-204572
Fixed an issue where python scripts were not working as expected.
PAN-204456
Fixed an issue related to the logd process that caused high memory consumption.
PAN-204335
Fixed an issue where Panorama became unresponsive, and when refreshed, the error 504 Gateway not Reachable was displayed.
PAN-203964
(Firewalls in FIPS-CC mode only) Fixed an issue where the firewall went into maintenance mode due to downloading a corrupted software image, which resulted in the error message FIPS-CC failure. Image File Authentication Error.
PAN-203851
Fixed an issue with firewalls in HA configurations where host information profile (HIP) sync did not work between peer firewalls.
PAN-203681
(Panorama appliances in FIPS-CC mode only) Fixed an issue where a leaf certificate was unable to be imported into a template stack.
PAN-203663
Fixed an issue where administrators were unable to change the password of a local database for users configured as a local admin user via an authentication profile.
PAN-203453
Fixed an issue on Panorama where the log query failed due to a high number of User-ID redistribution messages.
PAN-203430
Fixed an issue where, when the User-ID agent had collector name/secret configured, the configuration was mandatory on clients on PAN-OS 10.0 and later releases.
PAN-203339
Fixed an issue where services failed due to the RAID rebuild not being completed on time.
PAN-203147
(Firewalls in FIPS-CC mode only) Fixed an issue where the firewall unexpectedly rebooted when downloading a new PAN-OS software image.
PAN-203137
(PA-5450 firewalls only) Fixed an issue where HSCI ports did not come up when QSFP DAC cables were used.
PAN-202543
An enhancement was made to improve path monitor data collection by verifying the status of the control network.
PAN-202248
Fixed an issue where, due to a tunnel content inspection (TCI) policy match, IPSec traffic did not pass through the firewall when NAT was performed on the traffic.
PAN-201701
Fixed an issue where the firewall generated system log alerts if the raid for a system or log disk was corrupted.
PAN-201580
Fixed an issue where the useridd process stopped responding due to an invalid vsys_id request.
PAN-200845
(M-600 Appliances in Management-only mode only) Fixed an issue where XML API queries failed due to the configuration size being larger than expected.
PAN-200160
Fixed a memory leak issue on Panorama related to the logd process that caused an out-of-memory (OOM) condition.
PAN-200116
Fixed an issue where Elasticsearch displayed red due to frequent tunnel check failures between HA clusters.
PAN-199965
Fixed an issue where the reportd process stopped responding on log collectors during query and report operations due to a race condition between request handling threads.
PAN-199807
Fixed an issue where the dataplane frequently restarted due to high memory usage on wifclient.
PAN-196597
Fixed an issue where the dnsproxyd process stopped responding due to corruption.
PAN-198306
Fixed an issue where the useridd process stopped responding when booting up the firewall.
PAN-198266
Fixed an issue where, when predicts for UDP packets were created, a configuration change occurred that triggered a new policy lookup, which caused the dataplane stopped responding when converting the predict. This resulted in a dataplane restart.
PAN-198038
A CLI command was added to address an issue where long-lived sessions were aging out even when there was ongoing traffic.
PAN-197872
Fixed an issue where the useridd process generated false positive critical errors.
PAN-197298
Fixed an issue where the audit comment archive for Security rule changes output had overlapping formats.
PAN-196410
Fixed an issue where you were unable to customize the risk value in Risk-of-app.
PAN-195756
Fixed an issue that caused an API request timeout when parsing requests using large header buffers.
PAN-194805
Fixed an issue where scheduled configuration backups to the SCP server failed with error message No ECDSA host key is known.
PAN-194068
(PA-5200 Series firewalls only) Fixed an issue where the firewall unexpectedly rebooted with the log message Heartbeat failed previously.
PAN-192513
Fixed an issue where log migration did not work when converting a Legacy mode Panorama appliance to Log Collector mode.
PAN-192282
(PA-415 and PA-445 firewalls only) Fixed an issue where, in 1G mode, the MGT and Ethernet 1/1 port LEDs incorrectly displayed as amber instead of green.
PAN-191222
Fixed an issue where Panorama became inaccessible when after a push to the collector group.
PAN-190502
Fixed an issue where the Policy filter and Policy optimizer filter were required to have the exact same syntax, including nested conditions with rules that contained more than one tag when filtering via the neq operator.
PAN-189335
Fixed an issue where the varrcvr process restarted repeatedly, which caused the firewall to restart.
PAN-189200
Fixed an issue where sinkholes did not occur for AWS Gateway Load Balancer dig queries.
PAN-186412
Fixed an issue where invalid packet-ptr was seen in work entries.
PAN-186270
Fixed an issue where, when HA was enabled and a dynamic update schedule was configured, the configd process unexpectedly stopped responding during configuration commits.
PAN-183375
Fixed an issue where traffic arriving on a tunnel with a bad IP address header checksum was not dropped.
PAN-180948
Fixed an issue where an external dynamic list fetch failed with the error message Unable to fetch external dynamic list. Couldn't resolve host name. Using old copy for refresh.
PAN-179174
Fixed an issue where exported PDF report of the ACC was the incorrect color after upgrading from a PAN-OS 10.1 or later release.
PAN-178594
Fixed an issue where the descriptions of options under the set syslogng ssl-conn-validation CLI command were not accurate.
PAN-175142
Fixed an issue on Panorama where executing a debug command caused the logrcvr process to stop responding.
PAN-170414
Fixed an issue related to an OOM condition in the dataplane, which was caused by multiple panio commands using extra memory.