>
    PAN-OS 10.0.3 Addressed Issues
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. PAN-OS 10.0 Addressed Issues
    4. PAN-OS 10.0.3 Addressed Issues
    Download PDF

    PAN-OS 10.0.3 Addressed Issues

    Table of Contents
    End-of-Life (EoL)

    PAN-OS 10.0.3 Addressed Issues

    PAN-OS® 10.0.3 addressed issues.
    Issue ID
    Description
    PAN-159431
    Fixed an issue in the web interface where the
    sd_wan
     interface option was not listed in the drop-down (
    Network > Interfaces > SD-WAN > SD-WAN Interface > Virtual Router > Static Routes > Virtual Router - Static Route - IPv4
    ).
    PAN-158808
    Fixed an issue where a hardware packet buffer leak occurred with the global counter
    ssl_hw_rsp_fpga_err
     when SSL decryption was enabled on the firewall.
    PAN-157710
    Fixed an issue where admin users with custom roles were unable to create VLANs.
    PAN-157091
    Fixed an issue where, in a Panorama template stack, adding a
    Source Address Exclusion
     (
    Network > Network Profiles > Zone Protection > Zone Protection Profile > Reconnaissance Protection
    ) did not work.
    PAN-157033
    Fixed an issue where local log collector stopped forwarding syslog messages to the syslog server. This was due to the firewall sourcing syslog traffic from the public IP address of the Panorama appliance instead of the private IP address.
    PAN-156766
    Fixed an issue where, after upgrading to PAN-OS 9.1.5, VM-Series firewalls in high availability (HA) configurations went into a non-functional state due to a virtual machine (VM) license mismatch.
    PAN-156478
    Fixed an issue where a process (allpktproc) restarted while processing SMTP traffic.
    PAN-156375
    Fixed an issue where multiple all_pktoproc daemons restarted while processing HTTP/2 traffic in sw_offload.
    PAN-156017
    Fixed an issue where a host information profile (HIP) report XML buffer caused a memory leak.
    PAN-155942
    Fixed an issue where the
    Dashboard
     incorrectly displayed the Log Forwarding Card (LFC) port status.
    PAN-155665
    Fixed an issue where, if an authentication profile was configured with an authorization type of
    none
    , users were inappropriately prompted for a password. Since the authentication type was set to
    none
    , any input was successful. This issue occurred when
    Allow Authentication with User Credentials OR Client Certificate
     to
    no
    .
    PAN-155563
    Fixed an intermittent issue where the Panorama Cloud Services plugin reported the following error for its Cortex Data Lake status:
    Failed to validate server certificate for endpoint api.paloaltonetworks.com
    .
    PAN-155453
    Fixed an issue in the configuration logs where the destination zone was masked by asterisks.
    PAN-155053
    Fixed an issue where user information in the Clientless VPN wasn't handled properly in HA configurations, which resulted in the firewall being unable to create more user sessions.
    PAN-154166
    (
    VM-500 and later firewalls only
    ) A new CLI command was added to increase the number of threads for handling incoming GlobalProtect connection requests when there is a high login rate and a slow authentication response from an external server.
    PAN-154093
    Fixed an issue where a process (httpd) restarted during Security Assertion Markup Language (SAML) logout sessions initiated from the IdP.
    PAN-153868
    Fixed an issue where firewall forwarding logs to Cortex Data Lake displayed
    License
     as gray and device connectivity as
    Error
     under
    Logging Service Status
    .
    PAN-153526
    (
    PA-7000 Series firewalls with 100G NPC (Network Processing Cards) only
    ) Fixed an issue where multicast groups were not set correctly, which caused ARP entries to display as
    incomplete
     and not update to correct values.
    PAN-153440
    Fixed an issue where firewalls repeatedly connected and disconnected to Cortex Data Lake due to a probing issue.
    PAN-153436
    Added CLI commands to increase thread limits to reduce task thread exhaustion on a process (configd).
    PAN-153228
    Fixed an issue where, when IPSec tunnels had
    tunnel-monitor
     enabled, tunnel activation was sent every 3 seconds, even when the configured value was different. With this fix, tunnel activation will be sent according to the configured intervals and thresholds.
    PAN-153107
    Fixed an issue where a dataplane process stopped responding while processing fragmented traffic on GPRS tunneling protocol (GTP-U) tunnels.
    PAN-152743
    Fixed an issue where, when initial flows from both directions reached the firewall at the same time, a race condition occurred, which caused the firewall to display the following error message:
    Duplicate flows detected while inserting <number>, flow <number> with the same key
    . The flow keys were identical due to the flows having the same SRC and DST ports.
    PAN-152677
    (
    VM-Series firewalls on Azure only
    ) Fixed an issue where packet buffers showed high values when Data Plane Development Kit (DPDK) was enabled.
    PAN-152253
    Fixed an issue where the Destination NAT with
    DNS Rewrite
     enabled and set to
    forward
     did not work when the destination IP address was a single IP address instead of an IP range.
    PAN-152003
    Fixed an issue where an email client was unable to open an attached file due to removal of part of the file name encoded in UTF-8 by the firewall CTD function for SMTP and NAT sessions.
    PAN-151888
    Fixed an issue where remote users were able to save log filters, which created a local user with the same username. With this fix, remote users cannot save a log filter.
    PAN-151754
    Fixed an issue where attempts to view or download the
    WildFire Analysis Report
     of a WildFire log from the web interface failed, which resulted in either a 500 server error, a blank page, or the following error message:
    Fetching WildFire server wildfire.paloaltonetworks.com:443 report failed!
    .
    PAN-151584
    Fixed an issue where the firewall changed the TTL (time-to-live) value in DNS responses to 0 when the firewall failed to resolve the DNS Security service, which caused a large amount of DNS requests to be sent to the DNS server.
    PAN-151486
    Fixed an issue where user activity reports failed to run when the firewall was in FIPS mode.
    PAN-151214
    Fixed an issue where an XML API call to display configuration logs truncated the
    change-preview
     field of the logs if the entry had more than 64 characters.
    PAN-150852
    Fixed an issue with SMTP that occurred when attachment file names were longer than the allocated buffer. If the file name was longer than the buffer and Layer 7 inspection was enabled, the file was dropped, which caused session errors and an email to not be sent.
    PAN-149915
    Fixed an issue where a Panorama virtual appliance was unable to manage more than 2,500 firewalls when 28 or more CPU cores were available.
    PAN-149703
    Fixed an issue where the firewall did not show RX/TX counters for the interface in the output
    show interface <interface>
     for M5/C5 instant types in Amazon Web Services (AWS).This caused SNMP polling to always poll RX/TX packets as 0.
    PAN-149547
    Fixed an issue where, after a change in Security policies, traffic logs for inner GTP-U sessions did not show
    IMSI
     or
    IMEI
     fields following a commit.
    PAN-149101
    Fixed an issue where the first SYN message of an FTP-DATA connection was dropped on non-session-owner appliances in an HA active/active configuration.
    PAN-147720
    Fixed an issue where the firewall management server crashed when a report with a duration of 7 or more days was run.
    PAN-147385
    Fixed an issue where firewall buffers were depleted with GTP traffic due to the mishandling of conflicting sessions.
    PAN-146236
    Fixed an issue where the firewall was unable to properly create stream control transmission protocol (SCTP) sessions for multi-homed environments when multiple endpoints on the same SCTP associations sent INIT/INIT-ACK chunks during handshakes.
    PAN-145733
    Fixed an issue where the
    SNMP INDEX
     for
    panZoneTable
     on the
    PAN-COMMON-MIB.my
     file did not work as expected, which led to entries in
    panZoneTable
     not being uniquely identified.
    PAN-144975
    Fixed an intermittent issue where a high traffic load in a Layer 2 deployment caused SNMP and Panorama health monitoring failures.
    PAN-144887
    (
    Panorama virtual appliances in high availability (HA) configurations with VMware NSX plugin only
    ) Fixed an issue where dynamic address group updates and configuration pushes failed when new plugins were installed or uninstalled, or when a process (configd) was restarted or reinitialized.
    PAN-144723
    A new CLI command was added to better handle SSL-decrypted sessions where TCP port numbers were reused before the TIME_WAIT period expired.
    PAN-135527
    Fixed an issue where verbose mode did not display additional data for the
    fe20 flow lookup
     command.
    PAN-134802
    Fixed an issue where the firewall was unable to handle GTP sessions for multiple APN connections from the same end user equipment.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.