01-25-2026 07:45 PM
Dear all,
I have this questions where I want to make sure first before doing an upgrade on my PA-820?
Recently I have gone through the customer advisory of the following: (Customer Advisory on Device Certificate Renewal for NGFW Devices in Active-Passive High Availability (HA) with Service Route) and the CVE of the following (CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal).
Now my PA-820 is configured with Service Route, but I want to make sure that I do the best practices and avoid any upcoming issues possible.
Through the Customer advisory it requires to upgrade the PAN-OS to 11.1.12.
while through the CVE it mentioned that PAN-OS versions 11.1.11 to 11.1.12 should be upgraded to 11.1.13 or later (11.1.13-h1).
Now my questions is that: Is PAN-OS version 11.1.13 or later remediated from the issues discussed in Customer Advisory and is it oke to upgrade to the version and fix the issues?
I would really appreciate urgent replies.
Thank you all.
01-26-2026 05:34 AM
Palo TAC preferred version is currently 11.1.13.
So I would go either with 11.1.13 or 11.1.13-h1.
11.1.13-h1 is preferred version plus some hotfixes. What exactly and if any of fixes affect your environment, you can see in release notes.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
