The WildFire analysis report on the firewall log viewer (MonitoringWildFire Submissions) does not display the following data fields: File Type, SHA-256, MD-5, and File Size".

Workaround: Download and open the WildFire analysis report in the PDF format using the link in the upper right-hand corner of the Detailed Log View.

In a WildFire appliance cluster, issuing the show cluster-all peers CLI command when a node within the cluster is being rebooted generates the following error: Server error : An error occured.

The sample analysis statistics that are returned when issuing the show wildfire local statistics CLI command in WildFire appliance cluster deployments may not accurately reflect the number of samples that have been processed.

The following WildFire appliance CLI command does not return a signature generation status as expected: show wildfire global signature-status. This does not corrupt or otherwise prevent the WildFire appliance from analyzing a sample.

The WildFire appliance might erroneously generate and log the following device certification error: Device certificate is missing or invalid. It cannot be renewed.

In WildFire appliance clusters, issuing the show cluster controller CLI command generates an error when an IPv6 address is configured for the management interface but not for the cluster interface.

Workaround: Ensure all WildFire appliance interfaces that are enabled use matching protocols (all IPv4 or all IPv6).

The number of registered WildFire appliances reported in Panorama (PanoramaManaged WildFire AppliancesFirewalls ConnectedView) does not accurately reflect the current status of connected WildFire appliances.

A Malformed Request error is displayed when you Test Connection for an email server profile (DeviceServer ProfilesEmail) using SMTP over TLS and the Password includes an ampersand (&).

PA-5410 and PA-5420 firewalls display the following error when you view the Block IP list (MonitorBlock IP):

On the Panorama management server, pushing a configuration change to firewalls leveraging SD-WAN erroneously show the auto-provisioned BGP configurations for SD-WAN as being edited or deleted despite no edits or deletions being made when you Preview Changes (CommitPush to DevicesEdit Selections or CommitCommit and PushEdit Selections).

When using a 10.2.2 Panorama to manage a Panorama Managed Prisma Access 3.1.2 deployment, allocating bandwidth for a remote network deployment fails (the OK button is grayed out).

Workaround: Retry the operation.

(PA-5450 firewall only) Trying to configure a custom payload format under DeviceServer ProfilesHTTP yields a Javascript error.

(PA-5450 firewall only) The Panorama web interface does not display any predefined template stack variables in the dropdown menu under DeviceSetupLog InterfaceIP Address.

Workaround: Configure the log interface IP address on the individual firewall web interface instead of on Panorama.

(PA-5450 firewall only) Upgrading to PAN-OS 10.2.2 while having a log interface configured can cause both the log interface and the management interface to remain connected to the log collector.

Workaround: Restart the log receiver service by running the following CLI command:

(PA-5450 firewall only) If the management interface and logging interface are configured on the same subnetwork, the firewall conducts log forwarding using the management interface instead of the logging interface.

(PA-5450 firewall only) Documentation for configuring the log interface is unavailable on the web interface and in the PAN-OS Administrator’s Guide.

On a firewall with Advanced Routing enabled, OSPFv3 peers using a broadcast link and a designated router (DR) priority of 0 (zero) are stuck in a two-way state after HA failover.

Workaround: Configure at least one OSPFv3 neighbor with a non-zero priority setting in the same broadcast domain.

On the Panorama management server, the Template Status displays no synchronization status (PanoramaManaged DevicesSummary) after a bootstrapped firewall is successfully added to Panorama.

Workaround: After the bootstrapped firewall is successfully added to Panorama, log in to the Panorama web interface and select CommitPush to Devices.

If you enable SCTP security using a Panorama template when SCTP INIT Flood Protection is enabled in the Zone Protection profile using Panorama and you commit all changes, the commit is successful but the SCTP INIT option is not available in the Zone Protection profile.

Workaround: Log out of the firewall and log in again to make the SCIT INIT option available on the web interface.

The configured Advanced Threat Prevention inline cloud analysis action for a given model might not be honored under the following condition: If the firewall is set to Hold client request for category lookup and the action set to Reset-Both and the URL cache has been cleared, the first request for inline cloud analysis will be bypassed.

On a firewall with Advanced Routing enabled, if there is also a logical router instance that uses the default configuration and has no interfaces assigned to it, this will result in terminating the management daemon and main routing daemon in the firewall during commit.

Workaround: Do not use a logical router instance with no interfaces bound to it.

Templates appear out-of-sync on Panorama after successfully deploying the CFT stack using the Panorama plugin for AWS.

Workaround: Use CommitPush to Devices to synchronize the templates.

On HA deployments on AWS and Azure, Panorama fails to populate match criteria automatically when adding dynamic address groups.

Workaround: Reboot the Panorama HA pair.

Using the CLI to add a RAID disk pair to an M-700 appliance causes the dmdb process to crash.

Workaround: Contact customer support to stop the dmdb process before adding a RAID disk pair to a M-700 appliance.

Static IP addresses are not recognized when "and" operators are used with IP CIDR range.

If you use multiple log forwarding cards (LFCs) on the PA-7000 series, all of the cards may not receive all of the updates and the mappings for the clients may become out of sync, which causes the firewall to not correctly populate the Source User column in the session logs.

On a PA-5400 Series firewall (minus the PA-5450), setting the peer port to forced 10M or 100M speed causes any multi-gigabit RJ-45 ports on the firewall to go down if they are set to Auto.

On the Panorama management server, pushing an unsupported Minimum Password Complexity (DeviceSetupManagement) to a managed firewall erroneously displays commit time out as the reason the commit failed.

When upgrading a CN-Series as a DaemonSet deployment to PAN-OS 10.2, CN-NGFW pods fail to connect to CN-MGMT pod if the Kubernetes cluster previously had a CN-Series as a DaemonSet deployment running PAN-OS 10.0 or 10.1.

Workaround: Reboot the worker nodes before upgrading to PAN-OS 10.2.

A user interface issue in PAN-OS renders the contents of the Inline ML tab in the URL Filtering Profile inaccessible on firewalls licensed for Advanced URL Filtering. Additionally, a message indicating that a License required for URL filtering to function is unavailable displays at the bottom of the UI. These errors do not affect the operation of Advanced URL Filtering or URL Filtering Inline ML.

Workaround: Configuration settings for URL Filtering Inline ML must be applied through the CLI. The following configuration commands are available:

When the firewall is deployed on N3 and N11 interfaces in 5G networks and 5G-HTTP/2 traffic inspection is enabled in the Mobile Network Protection Profile, the traffic logs do not display network slice SST and SD values.