Operational Defect Database
BugZero updated this defect 4 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Palo Alto Networks | PAN-181116
Fixed an issue where, after upgrading to a PAN-OS 10.1 release, GlobalProtect tunnels fell back to SSL instead of IPSec due to the inadvertent encapsulation of the ICMP keepalive response from the firewall.
Last update date:
5/15/2024
Affected products:
Pan OS
Affected releases:
No affected releases provided.
Fixed releases:
10.1.4
10.1.5
Description:
The earliest recollection of this bug is traced back to PAN-OS 10.1.4 - May 15, 2024. This bug is fixed in PAN-OS versions 10.1.4, 10.1.5. Fixed an issue where, after upgrading to a PAN-OS 10.1 release, GlobalProtect tunnels fell back to SSL instead of IPSec due to the inadvertent encapsulation of the ICMP keepalive response from the firewall. Fixed memory corruption issues in PAN-OS 10.1.3 and 10.1.4 that caused the pan_comm process to stop responding and the dataplane to restart. These issues also caused GlobalProtect tunnels to fall back to SSL instead of IPSec due to the inadvertent encapsulation of the ICMP keepalive response from the firewall. For more information: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-4-known-and-addressed-issues/pan-os-10-1-4-h4-addressed-issues https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-5-known-and-addressed-issues/pan-os-10-1-5-addressed-issues
