PAN-OS 10.2.10-h17 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 10.2
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
-
- Content Inspection Features
- URL Filtering Features
- Panorama Features
- Networking Features
- GlobalProtect Features
- Management Features
- Decryption Features
- App-ID Features
- IoT Security Features
- Mobile Infrastructure Security Features
- Authentication Features
- Virtualization Features
- Hardware Features
- Enterprise Data Loss Prevention Features
-
- PAN-OS 10.2.11 Known Issues
- PAN-OS 10.2.11-h12 Addressed Issues
- PAN-OS 10.2.11-h10 Addressed Issues
- PAN-OS 10.2.11-h9 Addressed Issues
- PAN-OS 10.2.11-h6 Addressed Issues
- PAN-OS 10.2.11-h4 Addressed Issues
- PAN-OS 10.2.11-h3 Addressed Issues
- PAN-OS 10.2.11-h2 Addressed Issues
- PAN-OS 10.2.11-h1 Addressed Issues
- PAN-OS 10.2.11 Addressed Issues
-
- PAN-OS 10.2.10 Known Issues
- PAN-OS 10.2.10-h17 Addressed Issues
- PAN-OS 10.2.10-h14 Addressed Issues
- PAN-OS 10.2.10-h12 Addressed Issues
- PAN-OS 10.2.10-h10 Addressed Issues
- PAN-OS 10.2.10-h9 Addressed Issues
- PAN-OS 10.2.10-h7 Addressed Issues
- PAN-OS 10.2.10-h5 Addressed Issues
- PAN-OS 10.2.10-h4 Addressed Issues
- PAN-OS 10.2.10-h3 Addressed Issues
- PAN-OS 10.2.10-h2 Addressed Issues
- PAN-OS 10.2.10 Addressed Issues
-
- PAN-OS 10.2.9 Known Issues
- PAN-OS 10.2.9-h21 Addressed Issues
- PAN-OS 10.2.9-h19 Addressed Issues
- PAN-OS 10.2.9-h18 Addressed Issues
- PAN-OS 10.2.9-h16 Addressed Issues
- PAN-OS 10.2.9-h14 Addressed Issues
- PAN-OS 10.2.9-h11 Addressed Issues
- PAN-OS 10.2.9-h9 Addressed Issues
- PAN-OS 10.2.9-h1 Addressed Issues
- PAN-OS 10.2.9 Addressed Issues
-
- PAN-OS 10.2.8 Known Issues
- PAN-OS 10.2.8-h21 Addressed Issues
- PAN-OS 10.2.8-h19 Addressed Issues
- PAN-OS 10.2.8-h18 Addressed Issues
- PAN-OS 10.2.8-h15 Addressed Issues
- PAN-OS 10.2.8-h13 Addressed Issues
- PAN-OS 10.2.8-h10 Addressed Issues
- PAN-OS 10.2.8-h4 Addressed Issues
- PAN-OS 10.2.8-h3 Addressed Issues
- PAN-OS 10.2.8 Addressed Issues
-
- PAN-OS 10.2.7 Known Issues
- PAN-OS 10.2.7-h24 Addressed Issues
- PAN-OS 10.2.7-h21 Addressed Issues
- PAN-OS 10.2.7-h19 Addressed Issues
- PAN-OS 10.2.7-h18 Addressed Issues
- PAN-OS 10.2.7-h16 Addressed Issues
- PAN-OS 10.2.7-h12 Addressed Issues
- PAN-OS 10.2.7-h8 Addressed Issues
- PAN-OS 10.2.7-h6 Addressed Issues
- PAN-OS 10.2.7-h3 Addressed Issues
- PAN-OS 10.2.7-h1 Addressed Issues
- PAN-OS 10.2.7 Addressed Issues
PAN-OS 10.2.10-h17 Addressed Issues
Addressed issues for the PAN-OS 10.2.10-h17 general available hotfix
release.
| Issue ID | Description |
|---|---|
|
PAN-282236
| Fixed an issue where large IPv6 packets were reassembled incorrectly on the firewall when the packets arrived fragmented over an IPv4 tunnel. |
|
PAN-277234
|
Fixed an issue where a device group import resulted in a Security
policy rule being created with Application
set to none.
|
|
PAN-277135
|
Fixed an issue where the firewall stopped responding when a DNS
client closed or reset a TCP connection while the firewall was
sending a response.
|
|
PAN-276607
|
Fixed an issue where GlobalProtect users experienced DNS resolution
timeouts when using Prisma Access.
|
|
PAN-274570
|
Fixed an issue where the devsrvr process restarted after
a failed commit due to an invalid memory access.
|
|
PAN-273453
|
Fixed an issue where restarting the firewall did not initiate an
autocommit job, which caused the firewall to stop responding and the
HA interface to go down.
|
|
PAN-272395
|
Fixed an issue where informational logs caused the
distributord process log file to be frequently
overwritten.
|
|
PAN-271507
|
(PA-5450 firewalls only) Fixed an issue where the DPC on
slot 3 intermittently stopped responding due an
all_pktproc restart.
|
|
PAN-271351
|
A fix was made to address CVE-2025-0116.
|
|
PAN-271184
|
Fixed an issue where Device Telemetry failed due to an issue with the
encoding of characters in the log file path.
|
|
PAN-269677
|
Fixed an issue where Panorama did not check for a NULL pointer when
querying logs, which caused logs to not display on the web
interface.
|
|
PAN-269106
|
Fixed an issue where the wifclient stopped responding during server
certificate verification for MICA gRPC connections and caused the
dataplane to restart when using a cloud-based ML detection engine
(MICA). On certain platforms, this caused the firewall to reboot
periodically.
|
|
PAN-268823
|
Fixed an issue where Monitor > Log Display did
not display all logs when you applied a filter.
|
|
PAN-267097
|
Fixed an issue where the replay database size increased significantly
due to local and special configurations not being purged after
commits.
|
|
PAN-266695
|
Fixed an issue on Panorama where a cyclic nested address group
configuration caused the configd process to stop
responding after a commit.
|
|
PAN-266427
|
Fixed an issue on the firewall where, when a high number of SD-WAN
branch sites or interfaces were not connected, SD-WAN processes and
tund processes stopped responding due to a high
probing rate.
|
|
PAN-265900
|
Fixed an issue where the firewall stopped responding due to a
tund process or SD-WAN process restart.
|
|
PAN-264883
|
(PA-7080 appliances with LPCs only) Fixed an issue where
syslog forwarding over TCP stopped after upgrading.
|
|
PAN-264708
|
Fixed an issue where a selective push was blocked when a
configuration load was done.
|
|
PAN-264678
|
Fixed an issue where Preview Changes did not
display configuration changes in Commit and pushPush Scope.
|
|
PAN-263369
|
Fixed an issue where commits from Panorama to Panorama virtual
appliances failed with the error message Internal error during
commit processing. Commit/Validate failed after upgrading
Panorama.
|
|
PAN-262831
|
(PA-5400f Series firewalls only) Fixed an intermittent issue
where the all_task process stopped responding, which
caused the firewall to restart.
|
|
PAN-262540
|
Fixed an issue where application traffic transactions that reused TCP
ports did not work with decryption.
|
|
PAN-261673
|
(VM-Series firewalls on Microsoft Azure environments only)
Fixed an issue where, when Accelerated Networking was enabled,
traffic was dropped because of the
flow_parse_ip_hdr counter related
to an Nvidia driver issue.
|
|
PAN-260218
|
Fixed an issue where BGP Aggregate Advertise filters did not work as
expected when the summary option was enabled, and only summarized
routes were advertised.
|
|
PAN-259351
|
A fix was made to address CVE-2024-3393.
|
|
PAN-257601
|
(PA-5450 firewalls only) Fixed an issue where Networking
Cards (NC) experienced an internal link fault which caused path
monitoring failure on the Dataplane Processing Card (DPC).
|
|
PAN-256738
|
(VM-Series firewalls in HA configurations only) Fixed an
issue where BGP routes from the active firewall were lost when the
passive firewall was rebooted.
|
|
PAN-256223
|
Fixed an issue where device telemetry log collection filled the root
partition.
|
|
PAN-255323
|
(PA-7050 firewalls only) Fixed an issue where the Network
Processing Card (NPC), Data Processing Card (DPC), and Log
forwarding Card (LFC) remained in a starting state after an
unexpected power cycle.
|
|
PAN-254422
|
Fixed an issue where the firewall required a restart when an SD-WAN
policy rule was pushed from Panorama.
|
|
PAN-254403
|
Fixed an issue where not all syslog logs were displayed in MonitorMonitorSystem when FIPS mode was enabled.
|
|
PAN-254241
|
Fixed an issue where the firewall stopped responding due to a high
number of SD-WAN probes being sent.
|
|
PAN-252300
|
Fixed an issue where you were unable to select device groups in the
push scope for user accounts.
|
|
PAN-249384
|
Fixed an issue on Panorama where configuration locks were observed
during a partial rulebase commit.
|
|
PAN-249011
|
Fixed an issue where the firewall became unresponsive when committing
a configuration change with a large number of uncommitted changes in
the replay database.
|
|
PAN-243240
|
Fixed an issue where the using QoS caused packet buffer utilization
to increase exponentially and the PKI POOL
DFLT pool depleted until a reboot was
performed.
|
|
PAN-242479
|
Fixed an issue where a high number of packets caused high packet
descriptors on the firewall when handling EtherIP traffic.
|
|
PAN-238286
|
Fixed an issue where FTP control connections were lost after an HA
failover event.
|
|
PAN-230893
|
Added a CLI command to address an issue where system lock files
blocked authentication.
|
|
PAN-193285
|
Fixed an issue where the policy optimizer feature did not add entries
back to the mongodb database after removing them during
an upgrade or downgrade.
|