PAN-OS 10.2.8-h19 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Configure Response Pages
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Configure Passwordless Authentication
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
-
- Certificate Revocation List (CRL)
- Online Certificate Status Protocol (OCSP)
- Configure an OCSP Responder
- Configure Revocation Status Verification of Certificates Used for Device or User Authentication
- Configure Revocation Status Verification of Certificates Used for SSL/TLS Decryption
- Enable an HTTP Proxy for OCSP Status Checks
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
- Revoke and Renew Certificates
-
- HA Modes
- HA Links and Backup Links
- HA Ports on Palo Alto Networks Firewalls
- Device Priority and Preemption
- Failover
- Floating IP Address and Virtual MAC Address
- ARP Load-Sharing
- HA Timers
- Session Owner
- Session Setup
-
- Configure Active/Active HA
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Use the App Scope Reports
- Monitor Applications and Threats
- Monitor Block List
-
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- Streamlined App-ID Policy Rules
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Sorting and Filtering Security Policy Rules
- Clear Application Usage Data
- Migrate Port-Based to App-ID Based Security Policy Rules
- Rule Cloning Migration Use Case: Web Browsing and SSL Traffic
- Add Applications to an Existing Rule
- Identify Security Policy Rules with Unused Applications
- High Availability for Application Usage Statistics
- How to Disable Policy Optimizer
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
- Zone Defense Tools
- How Do the Zone Defense Tools Work?
- Firewall Placement for DoS Protection
-
- Configure Reconnaissance Protection
- Configure Packet Based Attack Protection
- Configure Protocol Protection in Strata Cloud Manager
- Use Case: Non-IP Protocol Protection Between Security Zones on Layer 2 Interfaces
- Use Case: Non-IP Protocol Protection Within a Security Zone on Layer 2 Interfaces
- Configure Ethernet SGT Protection
-
- Networking
- Configure Virtual Routers
- Configure Service Routes
- Configure RIP
- Configure Route Redistribution
-
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- DHCP Address Allocation Methods
- DHCP Leases
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
- View DHCP Server Information
- Clear DHCP Leases
- View DHCP Client Information
- Gather Debug Output about DHCP
-
- DNS Proxy Object
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Policy Rules
- Source NAT
- Destination NAT
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
- Destination NAT Example—One-to-One Mapping
- Destination NAT with Port Translation Example
- Destination NAT Example—One-to-Many Mapping
- Source and Destination NAT Example
- Virtual Wire Source NAT Example
- Virtual Wire Static NAT Example
- Virtual Wire Destination NAT Example
-
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Configure a Logical Router
- Configure a Loopback Interface
- Configure a Tunnel Interface
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
- CLI Cheat Sheet: Device Management
- CLI Cheat Sheet: User-ID
- CLI Cheat Sheet: HA
- CLI Cheat Sheet: Networking
- CLI Cheat Sheet: Virtual Systems (Vsys)
- CLI Cheat Sheet: Panorama
- CLI Cheat Sheet: CTD Evasion Detection
- CLI Cheat Sheet: Content-ID
-
- Set Commands Introduced in PAN-OS 11.1
- Set Commands Removed in PAN-OS 11.1
- Set Commands Introduced in PAN-OS 121
- Set Commands Removed in PAN-OS 121
- Show Commands Introduced in PAN-OS 12.1
- Set Commands Introduced in PAN-OS 11.2
- Set Commands Changed in PAN-OS 11.2
- Set Commands Removed in PAN-OS 11.2
- Show Commands Introduced in PAN-OS 11.2
- Show Commands Removed in PAN-OS 11.2
- Show Commands Introduced in PAN-OS 11.1
- Show Commands Removed in PAN-OS 121
- Load Commands Introduced in PAN-OS 12.1
- Load Commands Removed in PAN-OS 12.1
-
-
- Upgrade a Firewall to the Latest PAN-OS Version (API)
- Show and Manage GlobalProtect Users (API)
- Query a Firewall from Panorama (API)
- Upgrade PAN-OS on Multiple HA Firewalls through Panorama (API)
- Automatically Check for and Install Content Updates (API)
- Enforce Policy using External Dynamic Lists and AutoFocus Artifacts (API)
- Configure SAML 2.0 Authentication (API)
- Quarantine Compromised Devices (API)
- Manage Certificates (API)
- Apply User-ID Mapping and Populate Dynamic Groups (API)
-
- Work With Objects (REST API)
- Create a Security Policy Rule (REST API)
- Work with Policy Rules on Panorama (REST API)
- Configure a Security Zone (REST API)
- Configure an SD-WAN Interface (REST API)
- Create an SD-WAN Policy Pre Rule (REST API)
- Create a Tag (REST API)
- Configure an Ethernet Interface (REST API)
- Update a Virtual Router (REST API)
- Work With Decryption (APIs)
-
-
PAN-OS 10.2
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- Content Inspection Features
- URL Filtering Features
- Panorama Features
- Networking Features
- GlobalProtect Features
- Management Features
- Decryption Features
- App-ID Features
- IoT Security Features
- Mobile Infrastructure Security Features
- Authentication Features
- Virtualization Features
- Hardware Features
- Enterprise Data Loss Prevention Features
-
- PAN-OS 10.2.13 Known Issues
- PAN-OS 10.2.13-h10 Addressed Issues
- PAN-OS 10.2.13-h7 Addressed Issues
- PAN-OS 10.2.13-h5 Addressed Issues
- PAN-OS 10.2.13-h4 Addressed Issues
- PAN-OS 10.2.13-h3 Addressed Issues
- PAN-OS 10.2.13-h2 Addressed Issues
- PAN-OS 10.2.13-h1 Addressed Issues
- PAN-OS 10.2.13 Addressed Issues
-
- PAN-OS 10.2.11 Known Issues
- PAN-OS 10.2.11-h12 Addressed Issues
- PAN-OS 10.2.11-h10 Addressed Issues
- PAN-OS 10.2.11-h9 Addressed Issues
- PAN-OS 10.2.11-h6 Addressed Issues
- PAN-OS 10.2.11-h4 Addressed Issues
- PAN-OS 10.2.11-h3 Addressed Issues
- PAN-OS 10.2.11-h2 Addressed Issues
- PAN-OS 10.2.11-h1 Addressed Issues
- PAN-OS 10.2.11 Addressed Issues
-
- PAN-OS 10.2.10 Known Issues
- PAN-OS 10.2.10-h21 Addressed Issues
- PAN-OS 10.2.10-h18 Addressed Issues
- PAN-OS 10.2.10-h17 Addressed Issues
- PAN-OS 10.2.10-h14 Addressed Issues
- PAN-OS 10.2.10-h12 Addressed Issues
- PAN-OS 10.2.10-h10 Addressed Issues
- PAN-OS 10.2.10-h9 Addressed Issues
- PAN-OS 10.2.10-h7 Addressed Issues
- PAN-OS 10.2.10-h5 Addressed Issues
- PAN-OS 10.2.10-h4 Addressed Issues
- PAN-OS 10.2.10-h3 Addressed Issues
- PAN-OS 10.2.10-h2 Addressed Issues
- PAN-OS 10.2.10 Addressed Issues
-
- PAN-OS 10.2.9 Known Issues
- PAN-OS 10.2.9-h21 Addressed Issues
- PAN-OS 10.2.9-h19 Addressed Issues
- PAN-OS 10.2.9-h18 Addressed Issues
- PAN-OS 10.2.9-h16 Addressed Issues
- PAN-OS 10.2.9-h14 Addressed Issues
- PAN-OS 10.2.9-h11 Addressed Issues
- PAN-OS 10.2.9-h9 Addressed Issues
- PAN-OS 10.2.9-h1 Addressed Issues
- PAN-OS 10.2.9 Addressed Issues
-
- PAN-OS 10.2.8 Known Issues
- PAN-OS 10.2.8-h21 Addressed Issues
- PAN-OS 10.2.8-h19 Addressed Issues
- PAN-OS 10.2.8-h18 Addressed Issues
- PAN-OS 10.2.8-h15 Addressed Issues
- PAN-OS 10.2.8-h13 Addressed Issues
- PAN-OS 10.2.8-h10 Addressed Issues
- PAN-OS 10.2.8-h4 Addressed Issues
- PAN-OS 10.2.8-h3 Addressed Issues
- PAN-OS 10.2.8 Addressed Issues
-
- PAN-OS 10.2.7 Known Issues
- PAN-OS 10.2.7-h24 Addressed Issues
- PAN-OS 10.2.7-h21 Addressed Issues
- PAN-OS 10.2.7-h19 Addressed Issues
- PAN-OS 10.2.7-h18 Addressed Issues
- PAN-OS 10.2.7-h16 Addressed Issues
- PAN-OS 10.2.7-h12 Addressed Issues
- PAN-OS 10.2.7-h8 Addressed Issues
- PAN-OS 10.2.7-h6 Addressed Issues
- PAN-OS 10.2.7-h3 Addressed Issues
- PAN-OS 10.2.7-h1 Addressed Issues
- PAN-OS 10.2.7 Addressed Issues
-
PAN-OS 12.1
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > SaaS Tenant List
- Objects > Custom Objects > SaaS User List
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > Interfaces > PoE
- Network > Interfaces > Cellular
- Network > Interfaces > Fail Open
- Network > VLANs
- Network > Virtual Wires
-
- Network > Routing > Logical Routers > General
- Network > Routing > Logical Routers > Static
- Network > Routing > Logical Routers > OSPF
- Network > Routing > Logical Routers > OSPFv3
- Network > Routing > Logical Routers > RIPv2
- Network > Routing > Logical Routers > BGP
- Network > Routing > Logical Routers > Multicast
-
- Network > Routing > Routing Profiles > BGP
- Network > Routing > Routing Profiles > BFD
- Network > Routing > Routing Profiles > OSPF
- Network > Routing > Routing Profiles > OSPFv3
- Network > Routing > Routing Profiles > RIPv2
- Network > Routing > Routing Profiles > Filters
- Network > Routing > Routing Profiles > Multicast
- Network > Proxy
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
- Network > Network Profiles > MACsec Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Setup > ACE
- Device > Setup > Quantum
- Device > Setup > PAN-OS Security
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > Delegation Profile
- Device > IoT Security > DHCP Server Log Ingestion
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > SCP
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Upgrade Check
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
- Device > Policy Recommendation > IoT or SaaS > Import Policy Rule
-
- Device > User Identification > Connection Security
- Device > User Identification > Terminal Server Agents
- Device > User Identification > Group Mapping Settings
- Device > User Identification> Trusted Source Address
- Device > User Identification > Authentication Portal Settings
- Device > User Identification > Cloud Identity Engine
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Firewall Clusters
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
PAN-OS 10.2.8-h19 Addressed Issues
Addressed issues for the PAN-OS 10.2.8-h19 general available hotfix
release.
|
Issue ID
|
Description
|
|---|---|
|
PAN-259351
|
A fix was made to address CVE-2024-3393.
|