End-of-Life (EoL)

PAN-OS 10.0.4 Addressed Issues

PAN-OS® 10.0.4 addressed issues.
Issue ID
Fixed an issue where the
incorrectly displayed the Log Forwarding Card (LFC) port status.
Fixed an issue on the Panorama management server that caused invalid reference errors when attempting to delete an address object (
Objects > Addresses
) after removing the address object reference from an address group (
Objects > Address Groups
) resulting in you being unable commit and push the configuration to managed firewalls.
Fixed an issue on Panorama where, if
Source Address Exclusion
(Network > Zone Protection > Reconnaissance Protection
) was configured,
Flood Protection
was disabled.
Fixed an issue where, for local administrators using an authentication profile, the
save filter
Monitor > Logs
) option was grayed out.
Fixed an issue where icons in the left sidebar had multiple layers.
Fixed an issue where, when a factory reset was performed on a Panorama appliance with PAN-OS 10.0, the appliance repeatedly rebooted.
Fixed an issue where syslog server monitoring stopped working when the first tuple in regex matching was always a whole string.
Fixed an issue where SSL VPN leaked when the default browser feature on GlobalProtect was not enabled.
Fixed an IPSec tunnel memory leak issue where IPSec tunnels failed during rekey.
Fixed an issue with HTTP Header Insertion where the payload was truncated when processing a segmented TCP stream and when the client retransmitted the packet with the same sequence number that was previously received segmented.
Fixed an issue where several operations and processes stopped responding due to a deadlock issue between the CLI thread and the Terminal Server (TS) agent message processing the thread.
Fixed an issue where editing an application filter object caused excluded applications to be included.
Fixed an issue where you could not prioritize the tunnel preference for your branches and hubs in SD-WAN full mesh VPN clusters.
VM-Series firewalls deployed in Amazon Web Services (AWS) instance types M5 and C5 only
) Fixed an issue where a Panorama Virtual Appliance in a high availability (HA) configuration entered a suspended state due to a virtual machine (VM) memory size mismatch.
PA-7000 Series firewalls with Log Forwarding Cards (LFCs) only
) Fixed an issue where GlobalProtect logs showed the incorrect client version and did not show event ID information.
Fixed an issue where GlobalProtect user traffic did not correctly match Security policy rules that had host information profile (HIP) objects and profiles.
Fixed an issue where the download link was omitted on scheduled email reports for SaaS application usage.
A fix was made to address an issue where a cryptographically weak pseudo-random number generator (PRNG) was used during authentication to the PAN-OS web interface to enable an attacker to observe their own authenticated secrets on the firewall over a long duration, which enabled them to impersonate another authenticated web interface administrator’s session (CVE-2021-3047).
Fixed an issue where, if the firewall had the standard support license, the
tab did not display the license details after an upgrade to PAN-OS 10.0.1.
Fixed a rare issue where Open Shortest Path First (OSPF) links flapped.
Fixed an issue where inserting or removing copper and optic modules in PAN-OS 10.0.1 caused a process (brdagent) to stop responding.
Fixed an issue where Security policy rules targeted by tags incorrectly displayed as deleted when previewing commit changes.
Fixed an issue in Panorama where frequent API requests caused the Panorama web interface to become unresponsive. This issue occurred because the web interface automatically refreshed after each request.
Fixed an issue where the
icon was not displayed (
Policies > Security > Name > Source > Source Device > Add
Policies > Security > Name > Destination > Destination Device > Add
Fixed an issue where Data Loss Prevention (DLP) did not support the upload of Office Open XML (OOXML) files generated from Google suite applications such as Google Docs, Slides, and Sheets.
Fixed an issue where packets were not evenly distributed among a process (pan_tasks), which caused latency and poor performance.
Fixed an issue where the login banner size increased.
Fixed an issue where the option to sinkhole was not displayed in the ACC filter drop-down (
ACC > Threat Activity > Global filters > Action
Fixed an issue where MAC addresses containing certain characters in sequential order caused an issue with TCP connections
Fixed an issue on Panorama where commits failed when using
as a template variable.
Fixed an issue on firewalls with HA active/active configurations where GlobalProtect gateways timed out on-demand connections. This occurred because the
Inactivity Logout
timer did not reset.
Fixed a rare issue with HTTP/2 decryption that caused packet header bytes to be corrupted, which caused packet drops.
Fixed an issue where a process (configd) stopped responding due to a buffer overflow.
Improved QoS scheduling for Bidirectional Forwarding Detection (BFD) and BGP to address the internal handling of BGP and BFD packets under high resource constraints
Debug commands were added to address an issue where the firewall connect to Cortex Data Lake due to the Online Certificate Status Protocol (OSCP) message missing the
value in the OSCP response.
Fixed an issue where an admin user authenticated to Panorama with RADIUS and assigned a Device Group and Template Admin role using access domains was unable to add a managed firewall to Panorama and received the following error message:
Import failed user <username> does not exist
Fixed an issue where the Panorama Virtual Appliance in Log Collector mode went into maintenance mode due to a process (reportd) not responding.
An error check process (mcelog) was added to capture hardware failure reasons detected by the processor.

Recommended For You