BugZero | Palo Alto Networks BugID PAN-137233 - Fixed an issue where authenticating to GlobalProte...

OPERATIONAL DEFECT DATABASE

...

BugZero | Palo Alto Networks BugID PAN-137233 - Fixed an issue where authenticating to GlobalProte...

Palo Alto Networks - Defect ID: PAN-137233

Fixed an issue where authenticating to GlobalProtect via expired SAML requests (waiting more than 10 minutes) still sent authentication to the SAML server. This invalidated the previously connected gateway and connected users to the second best gateway.

Palo Alto Networks - Defect ID: PAN-137233

Fixed an issue where authenticating to GlobalProtect via expired SAML requests (waiting more than 10 minutes) still sent authentication to the SAML server. This invalidated the previously connected gateway and connected users to the second best gateway.

Last updated on Invalid date

BugZero Risk Score
6.3 Medium

Overall: 6.3

Severity: 6.4

Community: 3.7

Lifecycle: 10.0

What is the BugZero Risk Score?

Palo Alto Networks Integration

Learn more about where this data comes from

Palo Alto Networks Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

The earliest recollection of this bug is traced back to PAN-OS 8.1.18 - July 22, 2025. This bug is fixed in PAN-OS versions 9.1.7, 8.1.18. Fixed an issue where authenticating to GlobalProtect via expired SAML requests (waiting more than 10 minutes) still sent authentication to the SAML server. This invalidated the previously connected gateway and connected users to the second best gateway. For more information: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-18-addressed-issues https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-7-addressed-issues

Change history

No changes to display

Top Palo Alto Networks Defects

6.3Defect ID: PAN-289383
( PA-800 series firewalls only ) Upgrading firewalls to PAN-OS 11.0 or later causes SFP ports to go non-operational when the firewall uses forced port mode and the connected peer device operates without auto-negotiation. Workaround: Enable auto-negotiation on the connected peer firewall.
6.3Defect ID: PAN-271438
Fixed an issue where the firewall calculated available memory incorrectly on CENTOS devices, which caused the firewall to display high memory usage alerts even when sufficient memory was available.
6.3Defect ID: PAN-281776
Fixed an issue on the Panorama web interface where the error message PPPoEv6 Client Interface cannot be enabled with DHCPv6 client was generated when overriding aggregate interfaces even when no DHCPv6 or PPPoE was configured.
6.3Defect ID: PAN-260661
Fixed an issue where daily email reports generated from the custom report did not display the report details in PDF or CSV files.
6.3Defect ID: PAN-294179
On the page, some commit versions might display incorrect or missing data. Fields such as, , , and might not be visible for some commit versions. Sometimes, commit versions can disappear after a refresh and the commit description field might display corrupted characters.

Palo Alto Networks Integration

Learn more about where this data comes from

Palo Alto Networks Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Palo Alto Networks - Defect ID: PAN-137233

Fixed an issue where authenticating to GlobalProtect via expired SAML requests (waiting more than 10 minutes) still sent authentication to the SAML server. This invalidated the previously connected gateway and connected users to the second best gateway.

Palo Alto Networks - Defect ID: PAN-137233

Fixed an issue where authenticating to GlobalProtect via expired SAML requests (waiting more than 10 minutes) still sent authentication to the SAML server. This invalidated the previously connected gateway and connected users to the second best gateway.

Last updated on Invalid date

BugZero Risk Score6.3 Medium

Bug Details

Links

Top Palo Alto Networks Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.3 Medium