Dataplane crash after upgrade to PANOS 8.1.15, 9.0.9 and 9.1.3

Dataplane crash after upgrade to PANOS 8.1.15, 9.0.9 and 9.1.3

1734
Created On 06/30/20 02:04 AM - Last Modified 07/07/25 20:38 PM


Symptom


  • Dataplane crash happening on firewall soon after upgrade to PANOS 8.1.15, 9.0.9 and 9.1.3
  • Crashes for the data plane happening at "pan_x509_output_time" and "pan_x509_output_validity"

Environment


  • firewall running PANOS 8.1.15, 9.0.9 or 9.1.3 with mentioned conditions.

Cause


Issue happens when following conditions are met:-

1- Forward proxy is enabled on the firewall
2- Server certificate is not trusted by the firewall
3- Server certificate has a Validity as NotBefore <= 1970/1/1 00:00:00 UTC

Resolution


Upgrade to PANOS 8.1.16, 9.0.10, 9.1.4

workaround is either of following:

1- Import server's certificate CA to firewall and mark it as "Trusted Root CA" so firewall can trust the certificate
2- Or, bypass decryption for such servers
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UbRCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language