BugZero | Palo Alto Networks BugID PAN-303700 - Fixed an issue where GlobalProtect users were inco...

Palo Alto Networks - Defect ID: PAN-303700

Fixed an issue where GlobalProtect users were incorrectly dropped by the default Security policy rule after upgrading to PAN-OS 12.1.2 when IPv6 firewalling was disabled. This occurred due to policy rules configured with geographic regions matching traffic incorrectly.

Palo Alto Networks - Defect ID: PAN-303700

Fixed an issue where GlobalProtect users were incorrectly dropped by the default Security policy rule after upgrading to PAN-OS 12.1.2 when IPv6 firewalling was disabled. This occurred due to policy rules configured with geographic regions matching traffic incorrectly.

Last updated on December 16th, 2025

BugZero Risk Score
6.3 Medium

Overall: 6.3

Severity: 6.4

Community: 3.7

Lifecycle: 10.0

What is the BugZero Risk Score?

Palo Alto Networks Integration

Learn more about where this data comes from

Palo Alto Networks Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

The earliest recollection of this bug is traced back to PAN-OS 12.1.4 - December 16, 2025. This bug is fixed in PAN-OS versions 12.1.4. Fixed an issue where GlobalProtect users were incorrectly dropped by the default Security policy rule after upgrading to PAN-OS 12.1.2 when IPv6 firewalling was disabled. This occurred due to policy rules configured with geographic regions matching traffic incorrectly. For more information: https://docs.paloaltonetworks.com/ngfw/release-notes/12-1/pan-os-12-1-4-known-and-addressed-issues/pan-os-12-1-4-addressed-issues

Change history

2025-12-16 Added: 12.1.4

Top Palo Alto Networks Defects

6.3Defect ID: PAN-301496
Fixed an issue where the DNS cache capacity was insufficient for environments with a large number of FQDN address objects, which caused the firewall to repeatedly send DNS requests for the same FQDN objects even after it received valid responses.
6.3Defect ID: PAN-234977
Fixed an issue where, when a Layer 2 interface that was a member of a VLAN was down, all traffic transmitted over the VLAN was dropped.
6.3Defect ID: PAN-300372
( Panorama virtual appliances only ) Fixed an issue where maintenance mode was not accessible to do Factory Reset or switch to FIPSCC mode.
6.3Defect ID: PAN-299678
Fixed an issue where the firewall repeatedly rebooted when downgrading to an affected release.
6.3Defect ID: PAN-303700
Fixed an issue where GlobalProtect users were incorrectly dropped by the default Security policy rule after upgrading to PAN-OS 12.1.2 when IPv6 firewalling was disabled. This occurred due to policy rules configured with geographic regions matching traffic incorrectly.

Ready to prevent the next vendor outage?

Get a demo

Palo Alto Networks - Defect ID: PAN-303700

Fixed an issue where GlobalProtect users were incorrectly dropped by the default Security policy rule after upgrading to PAN-OS 12.1.2 when IPv6 firewalling was disabled. This occurred due to policy rules configured with geographic regions matching traffic incorrectly.

Palo Alto Networks - Defect ID: PAN-303700

Fixed an issue where GlobalProtect users were incorrectly dropped by the default Security policy rule after upgrading to PAN-OS 12.1.2 when IPv6 firewalling was disabled. This occurred due to policy rules configured with geographic regions matching traffic incorrectly.

Last updated on December 16th, 2025

BugZero Risk Score6.3 Medium

Bug Details

Links

Top Palo Alto Networks Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.3 Medium