PAN-OS 10.0.3 Addressed Issues

PAN-OS® 10.0.3 addressed issues.
Issue ID
Description
PAN-159431
Fixed an issue in the web interface where the
sd_wan
interface option was not listed in the drop-down (
Network > Interfaces > SD-WAN > SD-WAN Interface > Virtual Router > Static Routes > Virtual Router - Static Route - IPv4
).
PAN-158808
Fixed an issue where a hardware packet buffer leak occurred with the global counter
ssl_hw_rsp_fpga_err
when SSL decryption was enabled on the firewall.
PAN-157710
Fixed an issue where admin users with custom roles were unable to create VLANs.
PAN-157091
Fixed an issue where, in a Panorama template stack, adding a
Source Address Exclusion
(
Network > Network Profiles > Zone Protection > Zone Protection Profile > Reconnaissance Protection
) did not work.
PAN-157033
Fixed an issue where local log collector stopped forwarding syslog messages to the syslog server. This was due to the firewall sourcing syslog traffic from the public IP address of the Panorama appliance instead of the private IP address.
PAN-156766
Fixed an issue where, after upgrading to PAN-OS 9.1.5, VM-Series firewalls in high availability (HA) configurations went into a non-functional state due to a virtual machine (VM) license mismatch.
PAN-156478
Fixed an issue where a process (allpktproc) restarted while processing SMTP traffic.
PAN-156375
Fixed an issue where multiple all_pktoproc daemons restarted while processing HTTP/2 traffic in sw_offload.
PAN-156017
Fixed an issue where a host information profile (HIP) report XML buffer caused a memory leak.
PAN-155942
Fixed an issue where the
Dashboard
incorrectly displayed the Log Forwarding Card (LFC) port status.
PAN-155665
Fixed an issue where, if an authentication profile was configured with an authorization type of
none
, users were inappropriately prompted for a password. Since the authentication type was set to
none
, any input was successful. This issue occurred when
Allow Authentication with User Credentials OR Client Certificate
to
no
.
PAN-155563
Fixed an intermittent issue where the Panorama Cloud Services plugin reported the following error for its Cortex Data Lake status:
Failed to validate server certificate for endpoint api.paloaltonetworks.com
.
PAN-155453
Fixed an issue in the configuration logs where the destination zone was masked by asterisks.
PAN-155053
Fixed an issue where user information in the Clientless VPN wasn't handled properly in HA configurations, which resulted in the firewall being unable to create more user sessions.
PAN-154166
(
VM-500 and later firewalls only
) A new CLI command was added to increase the number of threads for handling incoming GlobalProtect connection requests when there is a high login rate and a slow authentication response from an external server.
PAN-154093
Fixed an issue where a process (httpd) restarted during Security Assertion Markup Language (SAML) logout sessions initiated from the IdP.
PAN-153868
Fixed an issue where firewall forwarding logs to Cortex Data Lake displayed
License
as gray and device connectivity as
Error
under
Logging Service Status
.
PAN-153526
(
PA-7000 Series firewalls with 100G NPC (Network Processing Cards) only
) Fixed an issue where multicast groups were not set correctly, which caused ARP entries to display as
incomplete
and not update to correct values.
PAN-153440
Fixed an issue where firewalls repeatedly connected and disconnected to Cortex Data Lake due to a probing issue.
PAN-153436
Added CLI commands to increase thread limits to reduce task thread exhaustion on a process (configd).
PAN-153228
Fixed an issue where, when IPSec tunnels had
tunnel-monitor
enabled, tunnel activation was sent every 3 seconds, even when the configured value was different. With this fix, tunnel activation will be sent according to the configured intervals and thresholds.
PAN-153107
Fixed an issue where a dataplane process stopped responding while processing fragmented traffic on GPRS tunneling protocol (GTP-U) tunnels.
PAN-152743
Fixed an issue where, when initial flows from both directions reached the firewall at the same time, a race condition occurred, which caused the firewall to display the following error message:
Duplicate flows detected while inserting <number>, flow <number> with the same key
. The flow keys were identical due to the flows having the same SRC and DST ports.
PAN-152677
(
VM-Series firewalls on Azure only
) Fixed an issue where packet buffers showed high values when Data Plane Development Kit (DPDK) was enabled.
PAN-152253
Fixed an issue where the Destination NAT with
DNS Rewrite
enabled and set to
forward
did not work when the destination IP address was a single IP address instead of an IP range.
PAN-152003
Fixed an issue where an email client was unable to open an attached file due to removal of part of the file name encoded in UTF-8 by the firewall CTD function for SMTP and NAT sessions.
PAN-151888
Fixed an issue where remote users were able to save log filters, which created a local user with the same username. With this fix, remote users cannot save a log filter.
PAN-151754
Fixed an issue where attempts to view or download the
WildFire Analysis Report
of a WildFire log from the web interface failed, which resulted in either a 500 server error, a blank page, or the following error message:
Fetching WildFire server wildfire.paloaltonetworks.com:443 report failed!
.
PAN-151584
Fixed an issue where the firewall changed the TTL (time-to-live) value in DNS responses to 0 when the firewall failed to resolve the DNS Security service, which caused a large amount of DNS requests to be sent to the DNS server.
PAN-151486
Fixed an issue where user activity reports failed to run when the firewall was in FIPS mode.
PAN-151214
Fixed an issue where an XML API call to display configuration logs truncated the
change-preview
field of the logs if the entry had more than 64 characters.
PAN-150852
Fixed an issue with SMTP that occurred when attachment file names were longer than the allocated buffer. If the file name was longer than the buffer and Layer 7 inspection was enabled, the file was dropped, which caused session errors and an email to not be sent.
PAN-149915
Fixed an issue where a Panorama virtual appliance was unable to manage more than 2,500 firewalls when 28 or more CPU cores were available.
PAN-149703
Fixed an issue where the firewall did not show RX/TX counters for the interface in the output
show interface <interface>
for M5/C5 instant types in Amazon Web Services (AWS).This caused SNMP polling to always poll RX/TX packets as 0.
PAN-149547
Fixed an issue where, after a change in Security policies, traffic logs for inner GTP-U sessions did not show
IMSI
or
IMEI
fields following a commit.
PAN-149101
Fixed an issue where the first SYN message of an FTP-DATA connection was dropped on non-session-owner appliances in an HA active/active configuration.
PAN-147720
Fixed an issue where the firewall management server crashed when a report with a duration of 7 or more days was run.
PAN-147385
Fixed an issue where firewall buffers were depleted with GTP traffic due to the mishandling of conflicting sessions.
PAN-146236
Fixed an issue where the firewall was unable to properly create stream control transmission protocol (SCTP) sessions for multi-homed environments when multiple endpoints on the same SCTP associations sent INIT/INIT-ACK chunks during handshakes.
PAN-145733
Fixed an issue where the
SNMP INDEX
for
panZoneTable
on the
PAN-COMMON-MIB.my
file did not work as expected, which led to entries in
panZoneTable
not being uniquely identified.
PAN-144975
Fixed an intermittent issue where a high traffic load in a Layer 2 deployment caused SNMP and Panorama health monitoring failures.
PAN-144887
(
Panorama virtual appliances in high availability (HA) configurations with VMware NSX plugin only
) Fixed an issue where dynamic address group updates and configuration pushes failed when new plugins were installed or uninstalled, or when a process (configd) was restarted or reinitialized.
PAN-144723
A new CLI command was added to better handle SSL-decrypted sessions where TCP port numbers were reused before the TIME_WAIT period expired.
PAN-135527
Fixed an issue where verbose mode did not display additional data for the
fe20 flow lookup
command.
PAN-134802
Fixed an issue where the firewall was unable to handle GTP sessions for multiple APN connections from the same end user equipment.

Recommended For You