End-of-Life (EoL)

PAN-OS 10.0.10 Addressed Issues

PAN-OS® 10.0.10 addressed issues.
Issue ID
PAN-190175 and PAN-190223
A fix was made to address an OpenSSL infinite loop vulnerability in the PAN-OS software (CVE-2022-0778).
FIPS-CC enabled firewalls only
) Fixed an issue where the firewall was unable to connect to log collectors after an upgrade due to missing cipher suites.
Fixed an issue where the firewall sent fewer logs to the system log server than expected. With this fix, the firewall accommodates a larger send queue for syslog forwarding to TCP syslog receivers.
Fixed an issue where the distributord process hit the FD limit, which caused User-ID redistribution to not function properly.
Fixed an issue that caused the slotd process to stop responding due to an incorrect response from etcd lock API.
Fixed an issue where, after a CN-NGFW pod failed-over to the second CN-MGMT pod, the configuration was not synchronized between the new CN-MGMT pod and the CN-NGFW pod.
Fixed an memory leak issue in the mgmtsrvr process, which resulted in an out-of-memory (OOM) condition and high availability (HA) failover.
Fixed an issue where the firewall randomly disconnected from the WildFire URL cloud.
Fixed an issue where SD-WAN failover on a hub or branch in full mesh took longer than expected.
Fixed an issue where Panorama Global Search reported
No Matches found
while still returning results for matching entries on large configurations.
Fixed an issue with DNS cache depletion that caused continuous DNS retries.
Fixed an issue where the CN-NGFW (DP) folder on the CN-MGMT pod eventually consumed a large amount of space in the /var/log/pan because the old registered stale next-generation firewall logs were not being cleared.
Fixed an issue where DNS security caused the TTL (time-to-live) value of the pointer record (PTR) to be overwritten with a value of 30 seconds.
Fixed an issue where an OOM condition occurred due to quarantine list redistribution.
Fixed an issue where the WildFire Inline Machine Learning (ML) did not detect
when traffic was decrypted.
Fixed an issue where dataplane interfaces weren't released when the secured application pods were deleted.
Fixed an issue where GRE tunnels flapped during commit jobs.
A validation error was added to inform an administrator when a policy field contained the value
Fixed an issue on high availability configurations where, after upgrading to PAN-OS 9.1.10, PAN-OS 10.0.6, or PAN-OS 10.1.0, the HA1 and HA1-Backup link stayed down. This issue occurred when the peer firewall IP address was in a different subnet.
Fixed an issue where a web-proxy port number was added to the destination URL when captive portal authentication was run.
Fixed an issue where you were unable to delete dynamic address groups one at a time using XML API.
Fixed an issue where the useridd process stopped responding when a NULL reference attempted to be dereferenced. This issue occurred to IP address users being added.
Fixed an issue where, after rebooting the firewall, FQDN address objects referred in rules in a virtual system (vsys) did not resolve when the vsys used a custom DNS proxy.
Fixed an issue where a role-based admin with
Operational Requests
enabled under the XML API section was unable to set the License Deactivation API key.
Fixed an issue where aggressive situations caused on-chip descriptor exhaustion.
A fix was made to address a vulnerability that enabled an authenticated network-based administrator to upload a specifically created configuration that disrupted system processes and was able to execute arbitrary code with root privileges when the configuration was committed (CVE-2022-0024).
Fixed an issue where reports using the decryption summary database and Panorama as data sources returned no results.
Fixed an issue on Panorama where a log collector group commit deleted the proxy settings configured on dedicated log collectors.
Fixed an issue where the log collector continuously disconnected from Panorama due to high latency and a high number of packets in Send-Q.
Fixed an issue that occurred after upgrading to a PAN-OS 9.0 or later release where commits to the firewall configuration failed with the following error message:
statistics-service is invalid
Fixed an issue where scheduled email alerts were not forwarded to all recipients in the override list.
Fixed an issue where sorting address groups by name, address, or location did not work on a device group that was part of a nested device group.
PA-5200 Series firewalls only
) Fixed an issue where the firewall was unable to monitor AUX1 and AUX2 interfaces through SNMP.
Fixed an issue where a Security policy configured with App-ID and set to
application-default service
allowed clear-text web-browsing on tcp/443.
Fixed an issue where changing SSL connection validation settings for system logs caused the mgmtsrvr process to stop responding.
Fixed an issue where a process (all_pktproc) restarted.
Fixed an intermittent issue where, when Security profiles were attached to a policy, files that were downloaded across TLS sessions decrypted by the firewall were malformed.
Fixed an issue where, in the case of multiple AWS Partner Network (APN) connections, the GPRS tunneling protocol (GTPv2) Create Session Requests were sent to the firewall within a short interval, which caused the firewall to create the GTP-sessions incorrectly.
Fixed an issue where Panorama failed to update shared policies during partial commits when a new device group was created but not yet committed.
Fixed an issue where firewalls experienced high packet descriptor usage due to internal communication associated with WildFire.
Fixed an issue where the IPSec tunnel configuration didn't load when a double quotation mark was added to the comment section of the IPSec tunnel
Fixed an issue where a race-condition check returned a false negative, which caused a process (all_task) to stop responding and generate a core file.
Fixed script issues that caused diagnostic data to not be collected after path monitor failure.
Fixed an issue where, after installing Cloud Services plugin 10.2, the
Plugin cloud_services
status (
Dashboard > High Availability
) displayed as
Fixed a memory leak issue in the mgmtsrvr process that was caused by failed commit all operations.
Fixed an issue where URL Filtering incorrectly identified the firewall serial number in the certificate
Common Name
field as the IP address.
VM-Series firewalls only
) Fixed an intermittent issue where deactivating the firewall via XML API using manual mode failed. This occurred because the size of the license token file was incorrect.
Fixed an issue where a commit-all or push to the firewall from Panorama failed with the following error message:
client routed requesting last config in the middle of a commit/validate. Aborting current commit/validate
Fixed an interoperability issue with other vendors when IKEv2 used SHA2-based certificate authentication.
Fixed an issue where credential detection didn't work in IP address-to-username mapping mode because the firewall compared the unnormalized IP-address-to-username mapping format to the normalized username extracted from the payload where the username and password were submitted.

Recommended For You