Limitations in PAN-OS 10.2
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Limitations in PAN-OS 10.2
What are the limitations related to PAN-OS 10.2 releases?
The following are limitations
associated with PAN-OS 10.2.
Issue ID | Description |
---|---|
PAN-265738 |
NAT is not configurable when HA clusters are configured. HA clusters
don't support NAT.
|
PAN-247465 |
(PA-7080 only) The firewall does not support Aquantia 10G
SFP transceivers.
|
PAN-246825
|
ECMP is not supported for equal-cost routes where one or more of
those routes has a virtual router or logical router as the next hop.
None of the equal-cost routes will be installed in the Forwarding
Information Base (FIB).
|
PAN-240517 |
Enter any random username and password (or just press enter) in the
pop-up dialog on the satellite to retrigger the authentication
process in the following cases:
|
PAN-218067
|
By default, Next Generation firewalls and Panorama attempt to fetch
the device certificate or
Panorama device
certificate with each commit even when the firewall is
not using any Palo Alto Networks cloud
service.
You can prevent the firewall from attempting to fetch the device
certificate for the following firewalls:
To disable,
log in to the firewall CLI
or
Panorama CLI and enter the
following command:
|
PAN-215869
|
PAN-OS logs (MonitorLogs) experience a significant delay before they are
displayed if NetFlow (DeviceServer ProfilesNetFlow) is enabled on an interface (NetworkInterface). This may result in log loss if the volume of
delayed logs exceeds the logging buffer available on the
firewall.
The following firewalls are impacted:
|
PAN-207505
This issue is now resolved. See PAN-OS 11.0.0 Addressed
Issues.
|
Email schedules (MonitorPDF ReportsEmail Scheduler) are not supported for SaaS Application Usage (MonitorPDF ReportsSaaS Application Usage) reports.
|
PAN-205166
|
(PA-440, PA-450, and PA-460 firewalls only) The CLI does not
display system information about the power supply when entering the
show system environmentals command.
As a result, the CLI cannot be used to view the current status of
the power adapter.
Workaround: To manually interpret the status of the firewall's
power adapter, verify that your power cable connections are secure
and that the LED on the power adapter is on. If the LED is not
illuminated even though the power cable connections are secure, your
power adapter has failed.
|
PAN-190811
This issue is now resolved. See PAN-OS 10.2.2 Addressed Issues.
|
(PA-5450 only) Log interfaces must be configured to ensure
they are not in the same subnetwork as the management interface.
Configuring both interfaces in the same subnetwork can cause
connectivity issues and result in the wrong interface being used for
log forwarding.
|
PAN-181823
|
On a PA-5400 Series firewall (minus the PA-5450), setting the peer
port to forced 10M or 100M speed causes any multi-gigabit RJ-45
ports on the firewall to go down if they are set to Auto.
|
PAN-181229
|
On the Panorama management server, a Shared
tag (ObjectsTags) cannot be applied to a Shared
application filter (ObjectsApplication Filters).
|
PAN-174784
|
Up to 100,000 daily summary logs can be processed for Scheduled and
Run Now custom reports (MonitorManage Custom Reports) when configured for the last calendar day. This can
result in the generated report not displaying all relevant log data
generated in the last calendar day.
|
PAN-172144
| On a Panorama management server deployed on VMware ESXi
that is managing Dedicated Log Collectors, filtering traffic logs (MonitorLogsTraffic) using the (time_generated_geq)
filter does not return results for the specified Generate
Time if the Dedicated Log Collectors are in different
time zones. Workaround: Configure the same time zone for the
Dedicated Log Collectors you are querying.
|