BugZero | Palo Alto Networks BugID PAN-137233 - Fixed an issue where authenticating to GlobalProte...

Palo Alto Networks - Defect ID: PAN-137233

Fixed an issue where authenticating to GlobalProtect via expired SAML requests (waiting more than 10 minutes) still sent authentication to the SAML server. This invalidated the previously connected gateway and connected users to the second best gateway.

Palo Alto Networks - Defect ID: PAN-137233

Fixed an issue where authenticating to GlobalProtect via expired SAML requests (waiting more than 10 minutes) still sent authentication to the SAML server. This invalidated the previously connected gateway and connected users to the second best gateway.

Last updated on Invalid date

BugZero Risk Score
6.3 Medium

Overall: 6.3

Severity: 6.4

Community: 3.7

Lifecycle: 10.0

What is the BugZero Risk Score?

Palo Alto Networks Integration

Learn more about where this data comes from

Palo Alto Networks Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Views: 1

Description

The earliest recollection of this bug is traced back to PAN-OS 8.1.18 - July 22, 2025. This bug is fixed in PAN-OS versions 9.1.7, 8.1.18. Fixed an issue where authenticating to GlobalProtect via expired SAML requests (waiting more than 10 minutes) still sent authentication to the SAML server. This invalidated the previously connected gateway and connected users to the second best gateway. For more information: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-18-addressed-issues https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-7-addressed-issues

Change history

No changes to display

Top Palo Alto Networks Defects

6.5Defect ID: PAN-251895
Fixed an issue where enabling inline Cloud Analysis features caused a slow packet buffer leak, which resulted in performance issues and dropped traffic.
6.3Defect ID: PAN-291661
Fixed an issue on Panorama appliances and Log Collectors where, after an upgrade, Elasticsearch intermittently entered into a Red state before automatically recovering.
6.3Defect ID: PAN-298241
Fixed an issue where the NAT IP address pool was exhausted, which led to intermittent connectivity issues with call applications and outbound call failures. This occurred due to the firewall not properly releasing NAT dynamic ports back to the address pool.
6.3Defect ID: PAN-296752
Fixed an issue where the firewall experienced high management CPU usage and repeatedly rebooted when attempting to retrieve SMART data.
6.3Defect ID: PAN-268708
Fixed an issue where PDF summary and email reports displayed IPv6 addresses instead of IPv4 addresses.

Ready to prevent the next vendor outage?

Get a demo

Palo Alto Networks - Defect ID: PAN-137233

Fixed an issue where authenticating to GlobalProtect via expired SAML requests (waiting more than 10 minutes) still sent authentication to the SAML server. This invalidated the previously connected gateway and connected users to the second best gateway.

Palo Alto Networks - Defect ID: PAN-137233

Fixed an issue where authenticating to GlobalProtect via expired SAML requests (waiting more than 10 minutes) still sent authentication to the SAML server. This invalidated the previously connected gateway and connected users to the second best gateway.

Last updated on Invalid date

BugZero Risk Score6.3 Medium

Bug Details

Links

Top Palo Alto Networks Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.3 Medium