PAN-OS 10.0.9 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 10.0 (EoL)
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
-
-
- Enterprise Data Loss Prevention Features
- IoT Security Features
- Content Inspection Features
- Decryption Features
- GlobalProtect Features
- Management Features
- Certificate Management Features
- Panorama Features
- Networking Features
- User-ID Features
- Policy Features
- Authentication Features
- WildFire Features
- Virtualization Features
- SD-WAN Features
- Mobile Infrastructure Security Features
- New Hardware Introduced with PAN-OS 10.0
- Changes to Default Behavior
- Associated Software and Content Versions
- Limitations
-
-
- PAN-OS 10.0.12 Known Issues
- PAN-OS 10.0.11 Known Issues
- PAN-OS 10.0.10 Known Issues
- PAN-OS 10.0.9 Known Issues
- PAN-OS 10.0.8 Known Issues
- PAN-OS 10.0.7 Known Issues
- PAN-OS 10.0.6 Known Issues
- PAN-OS 10.0.5 Known Issues
- PAN-OS 10.0.4 Known Issues
- PAN-OS 10.0.3 Known Issues
- PAN-OS 10.0.2 Known Issues
- PAN-OS 10.0.1 Known Issues
- Known Issues for the CN-Series on Version 10.0
-
-
-
- PAN-OS 10.0.12-h6 Addressed Issues
- PAN-OS 10.0.12-h5 Addressed Issues
- PAN-OS 10.0.12-h4 Addressed Issues
- PAN-OS 10.0.12-h3 Addressed Issues
- PAN-OS 10.0.12-h1 Addressed Issues
- PAN-OS 10.0.12 Addressed Issues
- PAN-OS 10.0.11-h4 Addressed Issues
- PAN-OS 10.0.11-h3 Addressed Issues
- PAN-OS 10.0.11-h1 Addressed Issues
- PAN-OS 10.0.11 Addressed Issues
- PAN-OS 10.0.10-h1 Addressed Issues
- PAN-OS 10.0.10 Addressed Issues
- PAN-OS 10.0.9 Addressed Issues
- PAN-OS 10.0.8-h11 Addressed Issues
- PAN-OS 10.0.8-h10 Addressed Issues
- PAN-OS 10.0.8-h8 Addressed Issues
- PAN-OS 10.0.8-h4 Addressed Issues
- PAN-OS 10.0.8 Addressed Issues
- PAN-OS 10.0.7 Addressed Issues
- PAN-OS 10.0.6 Addressed Issues
- PAN-OS 10.0.5 Addressed Issues
- PAN-OS 10.0.4 Addressed Issues
- PAN-OS 10.0.3 Addressed Issues
- PAN-OS 10.0.2 Addressed Issues
- PAN-OS 10.0.1 Addressed Issues
- PAN-OS 10.0.0 Addressed Issues
End-of-Life (EoL)
PAN-OS 10.0.9 Addressed Issues
PAN-OS® 10.0.9 addressed issues.
Issue ID | Description |
---|---|
WF500-5513 | Fixed an issue where cloud queries failed,
which generated system logs. The issue occurred because a hash was
not found in the cloud. |
PAN-184445 | Fixed an issue where, after upgrading Panorama,
when Share Unused Address and Service Objects with Devices was
unchecked, address objects using tags to dynamic address groups
were removed after a full commit. |
PAN-183754 | Fixed an issue on firewalls in high availability
(HA) active/passive configurations where, when the passive firewall
was reloaded, not all session information from the active firewall
was duplicated to the passive firewall. |
PAN-181360 | Fixed an issue where staggering scheduled
dynamic updates from Panorama to firewalls only worked for the first
scheduled group and failed for the remaining groups of the same
type. |
PAN-181309 | Fixed an issue where Panorama was inaccessible
due to the configd process not responding. |
PAN-180934 | Fixed an issue where, when decrypting at
TLS1.3, websites failed to load due to the firewall incorrectly
handling payload padding from the server. |
PAN-179886 | Fixed an issue where new tunnels were unable
to be established for Elasticsearch due to faulty logic that prevented
old tunnels to be removed when a node went down. |
PAN-179543 | Fixed an issue where the flow_mgmt process stopped
responding when attempting to clear the session table, which caused
the dataplane to restart. |
PAN-179146 | (VM-Series firewalls on Hyper-V only)
Fixed an issue where packet length was calculated incorrectly, which
caused 4 extra bytes to be added to the end of the frame in VLAN-tagged
traffic. |
PAN-178961 | Fixed an issue where a process (authd)
stopped responding due to incorrect context handling. |
PAN-178953 | Fixed an issue with the GlobalProtect Clientless
VPN where, when an application sent a negative max age value on
a cookie, part of the cookie was retained by PAN-OS and used for
the subsequent connection on the user session. |
PAN-177762 | Fixed an issue where wificlient in
PAN-OS 10.0 and later releases caused processing delays, on-chip
descriptor spikes, and buffer usage. |
PAN-177571 | Fixed an issue where, when creating a certificate
name, you could set a character limit that exceeded what the decryption
profile configuration was able to support. |
PAN-177363 | Fixed an issue where, when system logs and
configuration logs on a dedicated log collector system were forwarded
to a Panorama management server in Management Only mode, the logs
were not ingested and were dropped. This caused the dedicated log
collector system to not be viewable on a Panorama appliance in Management
Only mode. |
PAN-176719 | Fixed an issue with proxy session handling
where the server leg closed early, which caused client issues if
the proxy session client leg was experiencing network issues. |
PAN-176392 | (PA-7000 Series firewalls only)
Fixed a an issue where persistent sessions did not properly age
out when removing a Data Processing Card (DPC). |
PAN-176341 | Fixed an issue where a delay to detect when
an interface was down after a cable pull caused traffic to be black-holed
to the downed link for 10 or more seconds. |
PAN-176280 | Fixed an intermittent issue on Panorama
where querying logs via the web interface or API did not return
results. |
PAN-176054 | Fixed an intermittent issue where users
did not have access to resources due to a host information profile
(HIP) check failure that was caused by the HIP data not being synced
between the management plane and the dataplane. |
PAN-176032 | Fixed an issue where a process (authd)
stopped responding, which caused authentication to fail. |
PAN-175923 | Fixed an issue where a process (tund)
stopped responding when enabling IPSec tunnel monitoring. |
PAN-175652 | Fixed an issue where SSL decryption failed
for websites when they were accessed from Google Chrome version
92 or higher. |
PAN-175399 | Fixed an issue where enabling Use proxy to fetch logs from Cortex Data Lake caused
Panorama to not show logs when queried. |
PAN-175307 | Fixed an issue where Panorama commits were
slower than expected and the configd process stopped
responding due to a memory leak. |
PAN-175211 | Fixed a memory leak issue in the (mgmtsrvr) process. |
PAN-175141 | Fixed an intermittent issue where IP address-to-username mappings
were not created on a redistribution client if a logout and login message
shared the same timestamp. |
PAN-174998 | (M-200 and M-500 appliances only)
Fixed a capacity issue that was caused by high operational activity
and large configurations. This fix increases the virtual memory
limit on the configd process to 32GB. |
PAN-174894 | Fixed an issue where, when the time-to-live
(TTL) value for symmetric MAC entries weren't updated to other dataplanes
and HA peers, timeouts occurred for traffic using policy-based forwarding
(PBF) with symmetric returns. |
PAN-174886 | Fixed an issue where scheduled customer
reports displayed as empty when the configured destination was an
address group. |
PAN-174864 | Fixed an issue on the Panorama interface
where Deploying Master Key to low-end devices resulted
in a Failed to communicate message, even
when the new master key was updated on the end device. This issue
occurred because a master key deployment had insufficient time to
process due to a connection timeout. |
PAN-174781 | Fixed an issue where the firewall did not
send an SMTP 541 error message to the email client after detecting
a malicious file attachment. |
PAN-174709 | Fixed an out-of-memory (OOM) condition that
occurred due to multiple parallel jobs being created by the scheduled
log export feature. |
PAN-174347 | Fixed an issue where sequence numbers were
calculated incorrectly for traffic that was subject to Session Initiation
Protocol (SIP) application-level gateway (ALG) when SIP TCP Clear
Text Proxy was disabled. |
PAN-174244 | Fixed an issue where a sudden increase in
URL data approached the maximum cache capacity of the firewall. |
PAN-174161 | Fixed an issue in Panorama that occurred
when attempting to disable override on an
object from a child device group did not work after cloning and
renaming the object. |
PAN-174055 | Fixed an issue where SNMP readings reported
as 0 for dataplane interface packet statistics for Amazon Web Services
(AWS) m5n.4xlarge instance types. This issue occurred because the
physical port counters read from MAC addresses were reported as
0. |
PAN-173978 | Fixed an issue where the Elasticsearch process
continuously restarted if zero-length files were present. |
PAN-173753 | Fixed an issue where a bar or point on a Network Monitor graph
had to be clicked more than once to properly redirect to the corresponding
ACC report. |
PAN-173545 | Fixed an issue where exporting a device
summary to CSV failed and displayed the following error message: Error while exporting. |
PAN-173509 | Fixed an issue where Superuser administrators
with read-only privileges (Device > Administrators and
Panorama > Administrators) were unable to view the hardware
ACL blocking setting and duration in the CLI using the following commands:
|
PAN-173453 | Fixed an issue where multiple heartbeat
failures occurred, which resulted in HA failover. |
PAN-173157 | Fixed an issue with the HA1 monitor hold
timer where the configured value was not assigned to the HA1 backup
interface, which used the default hold timer (3000 milliseconds),
which resulted in failover events taking longer than expected. |
PAN-173076 | (Panorama appliances in FIPS mode only)
Fixed an issue where the FIPS Panorama / FIPS firewall schema didn't
prune non-FIPS options from the Clientless VPN. |
PAN-172890 | (PA-800 Series firewalls only)
Fixed an issue where the firewall became unresponsive when an enhanced
small form-factor pluggable (SFP+) module was inserted in the SFP
port. |
PAN-172775 | Fixed an issue in Panorama where the configd process
stopped responding due to a memory issue with memcpy bson_append. |
PAN-172748 | (VM-Series firewalls only) Fixed
an issue where a process (all_task) stopped responding. |
PAN-172396 | Fixed a memory leak issue related to the useridd process. |
PAN-172324 | Fixed an issue on the Panorama web interface
where custom vulnerability signature IDs weren't populated in the
drop-down when creating a custom combination signature. |
PAN-172316 | Fixed an issue where the internal interface
flow control that caused the monitoring process to incorrectly determine
the interface to be malfunctioning. |
PAN-172243 | Fixed an issue where NetFlow traffic triggered
a packet buffer leak. |
PAN-172200 | Fixed an issue where a process (configd) restarted
due to memory corruption in the show dynamic-address-group CLI
command during commits, commit and push operations, and HA Panorama
syncs. |
PAN-171869 | Fixed an issue where HIP profile objects
in security policies and authentication policies were still visible
in the CLI even after replacing them with source HIP and destination
HIP objects. |
PAN-171696 | (PA-800 and PA-400 Series firewalls
and PA-220 firewalls only) Fixed an issue where the management
plane CPU was incorrectly reported to be high. |
PAN-171497 | Fixed an issue where, after a local user
group is updated by adding or removing users, the local user group
is removed from groupdb. |
PAN-171380 | Fixed an issue where loading configuration
versions in Panorama added unnecessary IDs to the configuration. |
PAN-171367 | Fixed an issue in active/active HA configuration
where session disconnected during an upgrade from a PAN-OS 9.0 release
to a PAN-OS 9.1 release. |
PAN-171159 | Fixed a memory leak on the configd process
on Panorama caused during multi-clone operations for rules. |
PAN-170997 | Fixed an issue where FQDN service routes
were not installed after a system reboot. |
PAN-170603 | Fixed an issue where, when the Elasticsearch
startup timestamp occurred exactly on the second, an internal variable
was set incorrectly, which resulted in failed customer reports and
no ACC data to display. |
PAN-170466 | Fixed an memory reference issue related
to the devsrvr process that caused the process to stop responding. |
PAN-169899 | Fixed an issue on firewalls with offload
processors where the ECMP forced symmetric return feature didn't
work for CRE traffic after the session was offloaded. |
PAN-169433 | Fixed an issue on Panorama where clicking Run Now for
a custom report with 32 or more filters in the Query Builder returned
the following message: No matching records. |
PAN-169347 | Fixed an issue where a process (authd)
stopped responding due to an invalid null pointer. |
PAN-169300 | Debug logs were added to troubleshoot WildFire
submission issues. |
PAN-169212 | Fixed an issue where information level logs
caused a configd logs to fill. |
PAN-169173 | Fixed an issue where, if you continuously
performed partial commits of a configuration with a high number
of dynamic address groups, Panorama became unresponsive and commits
were slower than expected. |
PAN-168339 | Fixed an issue where replacing SSL certificates
for inbound management traffic did not work when Block
Private Key Export was enabled. |
PAN-168189 | Fixed an issue where, even when there was
active multicast traffic, the firewall sent Protocol Independent
Multicast (PIM) prune messages. |
PAN-168178 | Fixed an issue where the logrcvr process continuously
restarted to due incorrect data. |
PAN-167762 | Fixed an issue where ICMP sessions didn't
display SD-WAN policy name or site name information in the traffic
logs. |
PAN-167560 | Fixed an issue where the Panorama appliance
didn't return inherited device group locations pertaining to Security
policies for REST API queries. |
PAN-167259 | (PA-3220 firewalls on PAN-OS 10.0.3
only) Fixed an issue where, after manually uploading WildFire
images, the dropdown did not display any available files to choose
from. |
PAN-166978 | Fixed an issue where the URL-Filtering cloud
connection failed with the following error message: bind failed with errno 97. |
PAN-166202 | Fixed an issue with an extra character in
HTTP Strict Transport Security (HSTS) regression tests when accessing
the GlobalProtect gateway. |
PAN-166180 | Fixed an issue where SNMPV3 traps were not
processed by the snmptrap receiver
after a firewall reboot. |
PAN-166091 | Fixed an issue where the firewall dropped
PBF keepalive responses. |
PAN-165660 | Fixed an issue where, in scenarios with
Fragmented SIP, the first packet arrived out of order, bypassing
App-ID and Content and Threat Detection (CTD). With this fix, the
out-of-order packet is transmitted after it has been queued and
processed by APP-ID and CTD. |
PAN-165147 | Fixed an issue where, when there was a high
volume of traffic for sessions with Application Block
Pages enabled, other regular packets were dropped. |
PAN-164997 | Fixed an issue where special characters
in web interface description Overview fields
displayed as their respective HTML ASCII character references. |
PAN-164631 | Fixed an issue where the stats
dump report was empty. |
PAN-163030 | Fixed an issue where restarting the devsrvr process
caused new GlobalProtect connections to fail with the error message required client certificate not found.
This issue occurred due to a key mismatch between the dataplane
and the management plane. |
PAN-161726 | Fixed an issue where the show high-availability all output
incorrectly displayed the VM-Series firewall license type on physical
firewalls. |
PAN-161496 | Fixed an issue when calculating the incremental
checksum after a post-NAT translation where the arguments to pan_in_cksm32_diff overflowed
the 32-bit integer. |
PAN-161031 | Fixed an issue where authentication via
the LDAP server failed in FIPS-CC mode when the LDAP server profile
was configured with the root certificate chain and Verify
server certificate for SSL sessions options enabled. |
PAN-160825 | (Panorama virtual appliances only)
Fixed an issue where, when GPRS tunneling protocol (GTP) stateful
inspection was enabled, GTP packets carrying NTP traffic with the
destination port UDP2152 were identified as GTP-in-GTP in GTP and
logged as critical severity in the GTP logs. |
PAN-159835 | Fixed an issue where, after an upgrade,
the following error message was displayed: Not enough space to load content to SHM. |
PAN-159295 | Fixed an issue where scheduled configuration
export files saved in the /tmp folder weren't periodically purged,
which caused the root partition to fill up. |
PAN-159225 | Fixed an issue where the web interface did
not display Missing Patches in the HIP logs. |
PAN-159210 | Fixed an issue where timed-out DNS Security
queries produced incorrect system log entries indicating cloud service connection refused.
With this fix, timed-out queries are correctly logged as cloud query timeout. |
PAN-158369 | Fixed an issue where applications did not
work via the Clientless VPN when they were configured on a vlan
interface |
PAN-156545 | Fixed an issue where exporting a backup
to a server with an Elliptic Curve Digital Signature Algorithm (ECDSA)
key failed when ECDSA was a valid key type. |
PAN-156289 | Fixed an issue where the default severities
for Content Update errors were inaccurate. |
PAN-155059 | Fixed an issue on Panorama where, when Retrieving Content
'WildFire' information failed, the error message No records found incorrectly displayed
as High severity. |
PAN-151302 | (PA-7000 Series firewalls with Log Forwarding
Cards (LFC) only) Fixed an issue where the logging rate for
the LFC was not displayed in Panorama > Managed Devices
> Health. |
PAN-150848 | Fixed an issue where the firewall dropped
TCP FIN traffic due to the server-to-client FIN traffic being out
of order. |
PAN-147256 | (Firewalls in HA configurations only)
Fixed an issue where connections to the SafeNet hardware security
module (HSM) were lost after upgrading to a new major PAN-OS release. |
PAN-146737 | Fixed an issue where, when running the show running application statistics CLI
command, the packets value in the output
rolled over before the session value. |