PAN-OS 10.0.3 Addressed Issues
PAN-OS® 10.0.3 addressed issues.
Fixed an issue in the web interface where the
sd_waninterface option was not listed in the drop-down (
Network > Interfaces > SD-WAN > SD-WAN Interface > Virtual Router > Static Routes > Virtual Router - Static Route - IPv4).
Fixed an issue where a hardware packet buffer leak occurred with the global counter
ssl_hw_rsp_fpga_errwhen SSL decryption was enabled on the firewall.
Fixed an issue where admin users with custom roles were unable to create VLANs.
Fixed an issue where, in a Panorama template stack, adding a
Source Address Exclusion(
Network > Network Profiles > Zone Protection > Zone Protection Profile > Reconnaissance Protection) did not work.
Fixed an issue where local log collector stopped forwarding syslog messages to the syslog server. This was due to the firewall sourcing syslog traffic from the public IP address of the Panorama appliance instead of the private IP address.
Fixed an issue where, after upgrading to PAN-OS 9.1.5, VM-Series firewalls in high availability (HA) configurations went into a non-functional state due to a virtual machine (VM) license mismatch.
Fixed an issue where a host information profile (HIP) report XML buffer caused a memory leak.
Fixed an issue where the
Dashboardincorrectly displayed the Log Forwarding Card (LFC) port status.
Fixed an issue where, if an authentication profile was configured with an authorization type of
none, users were inappropriately prompted for a password. Since the authentication type was set to
none, any input was successful. This issue occurred when
Allow Authentication with User Credentials OR Client Certificateto
Fixed an intermittent issue where the Panorama Cloud Services plugin reported the following error for its Cortex Data Lake status:
Failed to validate server certificate for endpoint api.paloaltonetworks.com.
Fixed an issue in the configuration logs where the destination zone was masked by asterisks.
Fixed an issue where user information in the Clientless VPN wasn't handled properly in HA configurations, which resulted in the firewall being unable to create more user sessions.
VM-500 and later firewalls only) A new CLI command was added to increase the number of threads for handling incoming GlobalProtect connection requests when there is a high login rate and a slow authentication response from an external server.
Fixed an issue where firewall forwarding logs to Cortex Data Lake displayed
Licenseas gray and device connectivity as
Logging Service Status.
PA-7000 Series firewalls with 100G NPC (Network Processing Cards) only) Fixed an issue where multicast groups were not set correctly, which caused ARP entries to display as
incompleteand not update to correct values.
Fixed an issue where firewalls repeatedly connected and disconnected to Cortex Data Lake due to a probing issue.
Fixed an issue where, when IPSec tunnels had
tunnel-monitorenabled, tunnel activation was sent every 3 seconds, even when the configured value was different. With this fix, tunnel activation will be sent according to the configured intervals and thresholds.
Fixed an issue where a dataplane process stopped responding while processing fragmented traffic on GPRS tunneling protocol (GTP-U) tunnels.
Fixed an issue where, when initial flows from both directions reached the firewall at the same time, a race condition occurred, which caused the firewall to display the following error message:
Duplicate flows detected while inserting <number>, flow <number> with the same key. The flow keys were identical due to the flows having the same SRC and DST ports.
VM-Series firewalls on Azure only) Fixed an issue where packet buffers showed high values when Data Plane Development Kit (DPDK) was enabled.
Fixed an issue where the Destination NAT with
DNS Rewriteenabled and set to
forwarddid not work when the destination IP address was a single IP address instead of an IP range.
Fixed an issue where an email client was unable to open an attached file due to removal of part of the file name encoded in UTF-8 by the firewall CTD function for SMTP and NAT sessions.
Fixed an issue where remote users were able to save log filters, which created a local user with the same username. With this fix, remote users cannot save a log filter.
Fixed an issue where attempts to view or download the
WildFire Analysis Reportof a WildFire log from the web interface failed, which resulted in either a 500 server error, a blank page, or the following error message:
Fetching WildFire server wildfire.paloaltonetworks.com:443 report failed!.
Fixed an issue where the firewall changed the TTL (time-to-live) value in DNS responses to 0 when the firewall failed to resolve the DNS Security service, which caused a large amount of DNS requests to be sent to the DNS server.
Fixed an issue where user activity reports failed to run when the firewall was in FIPS mode.
Fixed an issue where an XML API call to display configuration logs truncated the
change-previewfield of the logs if the entry had more than 64 characters.
Fixed an issue with SMTP that occurred when attachment file names were longer than the allocated buffer. If the file name was longer than the buffer and Layer 7 inspection was enabled, the file was dropped, which caused session errors and an email to not be sent.
Fixed an issue where a Panorama virtual appliance was unable to manage more than 2,500 firewalls when 28 or more CPU cores were available.
Fixed an issue where the firewall did not show RX/TX counters for the interface in the output
show interface <interface>for M5/C5 instant types in Amazon Web Services (AWS).This caused SNMP polling to always poll RX/TX packets as 0.
Fixed an issue where, after a change in Security policies, traffic logs for inner GTP-U sessions did not show
IMEIfields following a commit.
Fixed an issue where the first SYN message of an FTP-DATA connection was dropped on non-session-owner appliances in an HA active/active configuration.
Fixed an issue where the firewall management server crashed when a report with a duration of 7 or more days was run.
Fixed an issue where firewall buffers were depleted with GTP traffic due to the mishandling of conflicting sessions.
Fixed an issue where the firewall was unable to properly create stream control transmission protocol (SCTP) sessions for multi-homed environments when multiple endpoints on the same SCTP associations sent INIT/INIT-ACK chunks during handshakes.
Fixed an issue where the
PAN-COMMON-MIB.myfile did not work as expected, which led to entries in
panZoneTablenot being uniquely identified.
Fixed an intermittent issue where a high traffic load in a Layer 2 deployment caused SNMP and Panorama health monitoring failures.
Panorama virtual appliances in high availability (HA) configurations with VMware NSX plugin only) Fixed an issue where dynamic address group updates and configuration pushes failed when new plugins were installed or uninstalled, or when a process (configd) was restarted or reinitialized.
A new CLI command was added to better handle SSL-decrypted sessions where TCP port numbers were reused before the TIME_WAIT period expired.
Fixed an issue where verbose mode did not display additional data for the
fe20 flow lookupcommand.
Fixed an issue where the firewall was unable to handle GTP sessions for multiple APN connections from the same end user equipment.
Recommended For You
Recommended videos not found.