Fixed an issue where polling failed for ethernet interfaces
PAN-OS 11.2.7-h1 Addressed Issues
22-July-2025
- PAN-294436: Fixed an issue where polling failed for ethernet interfaces due to the physical port counters read from the MAC being 0.
- PAN-293842: Fixed an issue where the hybrid-SWG service proxy stopped working after upgrading to PAN-OS 11.1.6-h13 due to the firewall failing to establish the listening interface.
- PAN-293673: Fixed an issue where the firewall stopped all tasks due to an OOM condition caused by a scheduled log export using FTP to an external FTP server.
- PAN-292503: Fixed an issue on the firewall where the source and destination NAT IP addresses did not display in traffic and threat logs.
- PAN-291060: Fixed an issue where commits failed due to the configured connected gateway IPv6 address in the NAT64 policy exceeding the 31 character limit.
- PAN-290996: Fixed an issue where SNMP walks returned a value of 0 for the CPS (Connections Per Second) per vsys on firewalls after upgrading to PAN-OS 11.1.6-h3, even when active connections were present.
- PAN-290088: Fixed an issue where a memory leak occurred related to the configd process when pushing configurations from Panorama to a firewall. This occurred when the configurations contained shared policy rules.
- PAN-289714: (Prisma Access only) Fixed an issue where persistent commit failures occurred due to a missing transformation script when downgrading from PAN-OS 10.2.0 to PAN-OS 10.1.0.
- PAN-289268: Fixed an issue where internet access through Secure Web Gateway (SWG) proxy nodes did not work when the default internet access policy rule source user was not known-user.
- PAN-288939: Fixed an issue where the logrcvr process stopped responding due to an invalid SSL context being used for socket communication, which caused commits to fail.
- PAN-284878: (Firewalls in active/passive HA configurations only) Fixed an issue where commits failed due the useridd process restarting.
- - PAN-284003: Fixed an issue where clients did not receive a valid response when searching a website due to a compression error.
- PAN-280409: Fixed an issue where the popup window did not appear as expected for Clientless VPN users.
- PAN-279901: Fixed an issue where the firewall dropped client hello packets when decryption was enabled, which prevented access to certain websites. This occurred when the client hello packet was truncated, the accumulation proxy assumed that the first packet contains at least 5 bytes, or out-of-order packets were waiting in L4 TCP.
- PAN-279690: Fixed an issue where the all_pktproc process stopped responding, which caused the firewall to unexpectedly restart.
- PAN-279415: Fixed an issue where service routes configured to use a data plane interface incorrectly used the management plane interface for traffic transmission. This issue affected syslog and CRL status traffic when a custom service route was not configured.
- PAN-276616: Fixed an issue on the firewall where half-duplex settings on Ethernet were not visible.
- PAN-271810: Fixed an issue where auto-negotiation advertised and negotiated 10/100 half and full duplex.
- PAN-268787: Fixed an issue where users were unable to log in to Panorama and the following error message was displayed: Timed out while getting config lock. Please try again. This occurred when pushing configurations to a large number of devices.
- PAN-255860: (PA-5200 firewalls only) Fixed an issue where the all_pktproc process stopped responding when the firewall was under a heavy traffic load.
- PAN-252706: Fixed an issue where the URL filtering response page for Continue and Override did not work with IPv6 Router Advertisement (RA) or Multicast Listener Query (MLQ) for IPv6-to-IPv6 and IPv6-to-IPv4 traffic.