PAN-OS 10.0.0 Addressed Issues

PAN-OS® 10.0.0 addressed issues.
Issue ID
Description
PAN-150515
Fixed an issue where, after installing the device certificate on a new Panorama appliance, Panorama was unable to connect to the IoT Security edge service.
PAN-150172
Fixed an issue where dataplane processes restarted when attempting to access websites that had the
NotBefore
attribute less than or equal to Unix Epoch Time in the server certificate with forward proxy enabled.
PAN-149687
Fixed an issue where, when installing an IoT Security evaluation license on a firewall, the
Device Object
page in the firewall web interface incorrectly displayed a message that a license is required for the page to function, even though the page functions correctly.
PAN-148676
Fixed an issue where the
panlogs
directory reached 100% utilization on the firewall due to early calculation of the .size file.
PAN-147996
(
PA-7000b Series firewalls only
) Fixed a buffer overflow issue.
PAN-147285
Fixed an issue where host information profile (HIP) details were not available on Panorama even when a HIP redistribution configuration was in place.
PAN-147254
jQuery was updated to 3.5.1.
PAN-146531
Fixed an issue where conversion from Panorama mode to logger mode was enabled even when an admin user named admin did not exist in the configuration, which caused access to the appliance to be lost.
PAN-146506
Fixed an issue where memory usage on a process (useridd) was high, which caused the process to restart on the firewall acting as the User-ID redistribution agent. This issue occurred when multiple clients requested IP address-to-user mappings at the same time.
PAN-146373
(
VM-Series firewalls only
) Fixed an issue where a memory leak occurred on a process (vm_agent) due to host synchronization check.
PAN-145929
Fixed an issue where, after upgrading the passive firewall, the stream control transmission protocol (SCTP) sessions synced from the active firewall did not retain the rule information, and, after failover, SCTP stateful inspection did not work.
PAN-145305
Fixed an issue where an inconsistent PAN-DB cloud connection caused the firewall to negotiate the incorrect version and decode the cloud responses with the incorrect format.
PAN-145302
Fixed an issue where the high availability (HA) peer device did not preserve its import configuration when the mode was active/active and VR sync was disabled.
PAN-145142
Fixed an issue where Panorama running 9.0.8 allowed a user with the admin role Device Group and Template to create templates and template stacks.
PAN-144670
Fixed an issue where the multi-factor authentication (MFA) timestamp was not redistributed across the virtual system (vsys) when the IP address-to-user mapping type was
UIA
.
PAN-144646
Fixed an issue where a process (varrcvr) stopped responding on the PA-7000 Series Log Forwarding Card (LFC) when it received a verdict from the WildFire cloud.
PAN-144492
Fixed an issue where traffic matched an incorrect URL filtering profile due to a similarity in the MD5 hashes between the URL filtering profiles.
PAN-143090
Fixed an issue where the firewall silently dropped TCP out-of-order packets.
PAN-142853
Fixed an issue on Panorama where commits failed, referring to a portion of the configuration that was not changed.
PAN-142219
Fixed an issue where a Panorama log query did not work for closed indices.
PAN-141515
Fixed an issue where a service object with a destination port that is pushed from Panorama displays as
[object Object]
on the firewall.
PAN-140747
Fixed an issue where the firewall failed to establish SFTP firewall-server connections when SSH decryption was enabled.
PAN-140298
Fixed an issue where after the firewall connected and sent a registration message to the logging service, there was no registration response and the
log-fwd-ctrl
command was sent back to the firewall. As a result, the firewall stayed connected but was not registered and did not forward logs until the next commit triggered a reconnect.
PAN-139264
Fixed an issue where the Elasticsearch cluster status displayed in yellow due to a missing replica serial number.
PAN-138985
Fixed an issue where firewalls did not connect to AutoFocus with the following error message:
failed to get proxy info
.
PAN-138870
Fixed an issue where a process (configd) restarted and administrators received one of the following error messages:
Timed out while getting config lock. Please try again
or
Please wait while the server reboots...
due to a database error.
PAN-138003
Fixed an issue where a process (rasmgr) exited, which caused the firewall to reboot due to a null pointer dereference error when
usr_info
was null.
PAN-137671
Fixed an issue where testing and confirming server connections from
Panorama > Server profiles > HTTP > Test Server Connection
did not work.
PAN-137661
Fixed an issue where certain packets destined to untagged subinterfaces were silently dropped on multi-dataplane platforms.
PAN-136844
Fixed an issue for S11 traffic where if the Modify Bearer Request message came after 30 seconds of Create Session Response message, the firewall dropped the Modify Bearer Request packet. This fix increases this time to 90 seconds.
PAN-136635
Fixed an issue where HIP-related objects were missing transformation logic, which caused commit failures.
PAN-136239
Fixed an issue where an external dynamic list (EDL) object could not be moved between a multi-vsys to a shared location.
PAN-135887
Fixed an issue where the inner GPRS tunneling protocol (GTP-U) flows were installed using incorrect zones, which led to traffic issues if the firewall was in line for the S1-U interface.
PAN-135844
Fixed an issue where a commit job failed due to a process (mgmtsrvr) exiting.
PAN-135673
Fixed an issue where the firewall kept its connection to Cortex Data Lake even after the configuration had been disabled and the license was expired.
PAN-134799
Fixed an issue where packets of the same session were forwarded through a different member of an Aggregate Ethernet (AE) group once the session was offloaded.
PAN-134096
Fixed an issue where uploads for custom logos failed.
PAN-129234
Fixed an issue where syslog connection failures were frequently reported in system logs.
PAN-128650
Fixed an issue where selecting
Preview Changes
under a specific device group resulted in the following error message:
Parameter device group missing
.
PAN-127434
Fixed an issue where reports for URLs were not generating the correct data output.
PAN-119198
Fixed an issue where ECMP
strict-source-path
did not work with IPSec.
PAN-118468
(
VM-Series firewalls on VMware ESXi only
) Fixed an issue where the firewall stays in a boot loop and enters maintenance mode after adding a 60GB disk.
PAN-111708
(
PA-3200 Series firewalls only
) Fixed a rare software issue that caused the dataplane to restart unexpectedly. To leverage this fix, you must run the
debug dataplane set pow no-desched yes
CLI command (increases CPU utilization).

Recommended For You