PAN-OS 10.0.4 Addressed Issues
PAN-OS® 10.0.4 addressed issues.
Fixed an issue where the
Dashboardincorrectly displayed the Log Forwarding Card (LFC) port status.
Fixed an issue on the Panorama management server that caused invalid reference errors when attempting to delete an address object (
Objects > Addresses) after removing the address object reference from an address group (
Objects > Address Groups) resulting in you being unable commit and push the configuration to managed firewalls.
Fixed an issue on Panorama where, if
Source Address Exclusion
(Network > Zone Protection > Reconnaissance Protection) was configured,
Flood Protectionwas disabled.
Fixed an issue where, for local administrators using an authentication profile, the
Monitor > Logs) option was grayed out.
Fixed an issue where icons in the left sidebar had multiple layers.
Fixed an issue where, when a factory reset was performed on a Panorama appliance with PAN-OS 10.0, the appliance repeatedly rebooted.
Fixed an issue where syslog server monitoring stopped working when the first tuple in regex matching was always a whole string.
Fixed an issue where SSL VPN leaked when the default browser feature on GlobalProtect was not enabled.
Fixed an IPSec tunnel memory leak issue where IPSec tunnels failed during rekey.
Fixed an issue with HTTP Header Insertion where the payload was truncated when processing a segmented TCP stream and when the client retransmitted the packet with the same sequence number that was previously received segmented.
Fixed an issue where several operations and processes stopped responding due to a deadlock issue between the CLI thread and the Terminal Server (TS) agent message processing the thread.
Fixed an issue where editing an application filter object caused excluded applications to be included.
Fixed an issue where you could not prioritize the tunnel preference for your branches and hubs in SD-WAN full mesh VPN clusters.
VM-Series firewalls deployed in Amazon Web Services (AWS) instance types M5 and C5 only) Fixed an issue where a Panorama Virtual Appliance in a high availability (HA) configuration entered a suspended state due to a virtual machine (VM) memory size mismatch.
PA-7000 Series firewalls with Log Forwarding Cards (LFCs) only) Fixed an issue where GlobalProtect logs showed the incorrect client version and did not show event ID information.
Fixed an issue where GlobalProtect user traffic did not correctly match Security policy rules that had host information profile (HIP) objects and profiles.
Fixed an issue where the download link was omitted on scheduled email reports for SaaS application usage.
A fix was made to address an issue where a cryptographically weak pseudo-random number generator (PRNG) was used during authentication to the PAN-OS web interface to enable an attacker to observe their own authenticated secrets on the firewall over a long duration, which enabled them to impersonate another authenticated web interface administrator’s session (CVE-2021-3047).
Fixed an issue where, if the firewall had the standard support license, the
Licensetab did not display the license details after an upgrade to PAN-OS 10.0.1.
Fixed a rare issue where Open Shortest Path First (OSPF) links flapped.
Fixed an issue where Security policy rules targeted by tags incorrectly displayed as deleted when previewing commit changes.
Fixed an issue in Panorama where frequent API requests caused the Panorama web interface to become unresponsive. This issue occurred because the web interface automatically refreshed after each request.
Fixed an issue where the
Deviceicon was not displayed (
Policies > Security > Name > Source > Source Device > Addor
Policies > Security > Name > Destination > Destination Device > Add).
Fixed an issue where Data Loss Prevention (DLP) did not support the upload of Office Open XML (OOXML) files generated from Google suite applications such as Google Docs, Slides, and Sheets.
Fixed an issue where the login banner size increased.
Fixed an issue where the option to sinkhole was not displayed in the ACC filter drop-down (
ACC > Threat Activity > Global filters > Action).
Fixed an issue where MAC addresses containing certain characters in sequential order caused an issue with TCP connections
Fixed an issue on Panorama where commits failed when using
device-idas a template variable.
Fixed an issue on firewalls with HA active/active configurations where GlobalProtect gateways timed out on-demand connections. This occurred because the
Inactivity Logouttimer did not reset.
Fixed a rare issue with HTTP/2 decryption that caused packet header bytes to be corrupted, which caused packet drops.
Improved QoS scheduling for Bidirectional Forwarding Detection (BFD) and BGP to address the internal handling of BGP and BFD packets under high resource constraints
Debug commands were added to address an issue where the firewall connect to Cortex Data Lake due to the Online Certificate Status Protocol (OSCP) message missing the
nextUpdatevalue in the OSCP response.
Fixed an issue where an admin user authenticated to Panorama with RADIUS and assigned a Device Group and Template Admin role using access domains was unable to add a managed firewall to Panorama and received the following error message:
Import failed user <username> does not exist.
Recommended For You
Recommended videos not found.