Overview
Fixed memory corruption issues in PAN-OS 10.1.3 and 10.1.4 that caused the "pan_comm" process to stop responding and the dataplane to restart. These issues also caused GlobalProtect tunnels to fall back to SSL instead of IPSec due to the inadvertent encapsulation of the ICMP keepalive response from the firewall.
Impact
GP does not connect with IPSEC ESP and instead switches to SSL
root_cause
In original design, mix mode was not supported.If ssl tunnel and ipsec tunnel established together, their config are messed up.It caused tunnel failed.
