SMTP stops working as expected after PAN-OS upgrade

SMTP stops working as expected after PAN-OS upgrade

5955
Created On 02/05/25 08:58 AM - Last Modified 12/15/25 13:14 PM


Symptom


  • SMTP issues started after the PANOS upgrade.
  • Random emails are being lost
  • SMTP packets with a large client hello are not processed properly
  • StartTLS traffic in general
  • This issue can occur when a session ingresses the firewall with a large "ClientHello" message fragmented across multiple, potentially out-of-order, packets, and the firewall policy is not configured to decrypt the session.

 

Environment


  • PANOS 10.1.x
  • PANOS 10.2.x
  • PANOS 11.1.x
  • PANOS 11.2.x
  • SMTP
  • Decryption 

 

Cause


Software Issue.

    Resolution


    1. The issue is being addressed under PAN-279746
    2. The fix will be included in the following and above PAN-OS versions of 10.2.14, 11.1.8, 11.2.6, 11.2.8, 11.1.11, 10.2.17, 10.2.13-h5, 11.1.6-h4, 11.1.4-h14, 10.2.8-h22, 10.2.10-h16, 11.2.4-h6, 11.1.7-h2, 10.2.11-h14, 10.2.7-h28 

    Additional Information


    The issue can be resolved by creating an application override to bypass the problematic packet combination behavior.
    Other users also viewed:
    Actions
    • Print
    • Copy Link

      https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HEzECAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail