PAN-OS 10.0.10 Addressed Issues
PAN-OS® 10.0.10 addressed issues.
PAN-190175 and PAN-190223
FIPS-CC enabled firewalls only) Fixed an issue where the firewall was unable to connect to log collectors after an upgrade due to missing cipher suites.
Fixed an issue where the firewall sent fewer logs to the system log server than expected. With this fix, the firewall accommodates a larger send queue for syslog forwarding to TCP syslog receivers.
Fixed an issue where, after a CN-NGFW pod failed-over to the second CN-MGMT pod, the configuration was not synchronized between the new CN-MGMT pod and the CN-NGFW pod.
Fixed an issue where the firewall randomly disconnected from the WildFire URL cloud.
Fixed an issue where SD-WAN failover on a hub or branch in full mesh took longer than expected.
Fixed an issue where Panorama Global Search reported
No Matches foundwhile still returning results for matching entries on large configurations.
Fixed an issue with DNS cache depletion that caused continuous DNS retries.
Fixed an issue where the CN-NGFW (DP) folder on the CN-MGMT pod eventually consumed a large amount of space in the /var/log/pan because the old registered stale next-generation firewall logs were not being cleared.
Fixed an issue where DNS security caused the TTL (time-to-live) value of the pointer record (PTR) to be overwritten with a value of 30 seconds.
Fixed an issue where an OOM condition occurred due to quarantine list redistribution.
Fixed an issue where the WildFire Inline Machine Learning (ML) did not detect
mlav-test-pe-file.exewhen traffic was decrypted.
Fixed an issue where dataplane interfaces weren't released when the secured application pods were deleted.
Fixed an issue where GRE tunnels flapped during commit jobs.
A validation error was added to inform an administrator when a policy field contained the value
Fixed an issue on high availability configurations where, after upgrading to PAN-OS 9.1.10, PAN-OS 10.0.6, or PAN-OS 10.1.0, the HA1 and HA1-Backup link stayed down. This issue occurred when the peer firewall IP address was in a different subnet.
Fixed an issue where a web-proxy port number was added to the destination URL when captive portal authentication was run.
Fixed an issue where you were unable to delete dynamic address groups one at a time using XML API.
Fixed an issue where, after rebooting the firewall, FQDN address objects referred in rules in a virtual system (vsys) did not resolve when the vsys used a custom DNS proxy.
Fixed an issue where a role-based admin with
Operational Requestsenabled under the XML API section was unable to set the License Deactivation API key.
Fixed an issue where aggressive situations caused on-chip descriptor exhaustion.
A fix was made to address a vulnerability that enabled an authenticated network-based administrator to upload a specifically created configuration that disrupted system processes and was able to execute arbitrary code with root privileges when the configuration was committed (CVE-2022-0024).
Fixed an issue where reports using the decryption summary database and Panorama as data sources returned no results.
Fixed an issue on Panorama where a log collector group commit deleted the proxy settings configured on dedicated log collectors.
Fixed an issue where the log collector continuously disconnected from Panorama due to high latency and a high number of packets in Send-Q.
Fixed an issue that occurred after upgrading to a PAN-OS 9.0 or later release where commits to the firewall configuration failed with the following error message:
statistics-service is invalid.
Fixed an issue where scheduled email alerts were not forwarded to all recipients in the override list.
Fixed an issue where sorting address groups by name, address, or location did not work on a device group that was part of a nested device group.
PA-5200 Series firewalls only) Fixed an issue where the firewall was unable to monitor AUX1 and AUX2 interfaces through SNMP.
Fixed an issue where a Security policy configured with App-ID and set to
application-default serviceallowed clear-text web-browsing on tcp/443.
Fixed an intermittent issue where, when Security profiles were attached to a policy, files that were downloaded across TLS sessions decrypted by the firewall were malformed.
Fixed an issue where, in the case of multiple AWS Partner Network (APN) connections, the GPRS tunneling protocol (GTPv2) Create Session Requests were sent to the firewall within a short interval, which caused the firewall to create the GTP-sessions incorrectly.
Fixed an issue where Panorama failed to update shared policies during partial commits when a new device group was created but not yet committed.
Fixed an issue where firewalls experienced high packet descriptor usage due to internal communication associated with WildFire.
Fixed an issue where the IPSec tunnel configuration didn't load when a double quotation mark was added to the comment section of the IPSec tunnel
Fixed script issues that caused diagnostic data to not be collected after path monitor failure.
Fixed an issue where, after installing Cloud Services plugin 10.2, the
Plugin cloud_servicesstatus (
Dashboard > High Availability) displayed as
Fixed an issue where URL Filtering incorrectly identified the firewall serial number in the certificate
Common Namefield as the IP address.
VM-Series firewalls only) Fixed an intermittent issue where deactivating the firewall via XML API using manual mode failed. This occurred because the size of the license token file was incorrect.
Fixed an issue where a commit-all or push to the firewall from Panorama failed with the following error message:
client routed requesting last config in the middle of a commit/validate. Aborting current commit/validate.
Fixed an interoperability issue with other vendors when IKEv2 used SHA2-based certificate authentication.
Fixed an issue where credential detection didn't work in IP address-to-username mapping mode because the firewall compared the unnormalized IP-address-to-username mapping format to the normalized username extracted from the payload where the username and password were submitted.
Recommended For You
Recommended videos not found.