Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 9.1
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1

Focus

Limitations in PAN-OS 10.2

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 9.1
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1

Associated Content and Software Versions

Limitations in PAN-OS 10.2

What are the limitations related to PAN-OS 10.2 releases?

The following are limitations associated with PAN-OS 10.2.

Issue ID	Description
PAN-247465	(`PA-7080 only`) The firewall does not support Aquantia 10G SFP transceivers.
PAN-240517	Enter any random username and password (or just press enter) in the pop-up dialog on the satellite to retrigger the authentication process in the following cases: A scenario where the portal is running PAN-OS 10.2.8 and the satellite is running version earlier to 10.2.8, and the satellite cookie has expired. In this case, when you attempt to enable the serial number and IP address authentication method without adding the satellite IP address in the IP allow list on the portal, satellite authentication fails. The failure is due to a missing IP address in the IP allow list. A scenario where the portal is running PAN-OS 10.2.8 and the satellite is running version earlier to 10.2.8, if the satellite cookie expires before enabling the serial number and IP address authentication method on the portal, satellite authentication will fail due to satellite cookie expiration.
PAN-218067	By default, Next Generation firewalls and Panorama attempt to fetch the device certificate or Panorama device certificate with each commit even when the firewall is not using any Palo Alto Networks cloud service. You can prevent the firewall from attempting to fetch the device certificate for the following firewalls: M-300 appliance M-500 appliance PA-410, PA-440, PA-450, and PA-460 firewalls PA-1400 Series firewalls PA-3400 Series firewalls PA-5410, PA-5420, and PA-5430 firewalls PA-5450 firewall To disable, log in to the firewall CLI or Panorama CLI and enter the following command: admin> request certificate auto-fetch disable
PAN-215869	PAN-OS logs ( Monitor Logs ) experience a significant delay before they are displayed if NetFlow ( Device Server Profiles NetFlow ) is enabled on an interface ( Network Interface ). This may result in log loss if the volume of delayed logs exceeds the logging buffer available on the firewall. The following firewalls are impacted: PA-410, PA-440, PA-450, and PA-460 Firewalls PA-800 Series Firewalls PA-3200 Series Firewalls PA-3400 Series Firewalls
PAN-207505 `This issue is now resolved. See PAN-OS 11.0.0 Addressed Issues`.	Email schedules ( Monitor PDF Reports Email Scheduler ) are not supported for SaaS Application Usage ( Monitor PDF Reports SaaS Application Usage ) reports.
PAN-205166	(`PA-440, PA-450, and PA-460 firewalls only`) The CLI does not display system information about the power supply when entering the show system environmentals command. As a result, the CLI cannot be used to view the current status of the power adapter. Workaround: To manually interpret the status of the firewall's power adapter, verify that your power cable connections are secure and that the LED on the power adapter is on. If the LED is not illuminated even though the power cable connections are secure, your power adapter has failed.
PAN-190811 `This issue is now resolved. See` PAN-OS 10.2.2 Addressed Issues.	(`PA-5450 only`) Log interfaces must be configured to ensure they are not in the same subnetwork as the management interface. Configuring both interfaces in the same subnetwork can cause connectivity issues and result in the wrong interface being used for log forwarding.
PAN-181823	On a PA-5400 Series firewall (minus the PA-5450), setting the peer port to forced 10M or 100M speed causes any multi-gigabit RJ-45 ports on the firewall to go down if they are set to Auto.
PAN-181229	On the Panorama management server, a Shared tag ( Objects Tags ) cannot be applied to a Shared application filter ( Objects Application Filters ).
PAN-174784	Up to 100,000 daily summary logs can be processed for Scheduled and Run Now custom reports ( Monitor Manage Custom Reports ) when configured for the last calendar day. This can result in the generated report not displaying all relevant log data generated in the last calendar day.
PAN-172144	On a Panorama management server deployed on VMware ESXi that is managing Dedicated Log Collectors, filtering traffic logs ( Monitor Logs Traffic ) using the (time_generated_geq) filter does not return results for the specified Generate Time if the Dedicated Log Collectors are in different time zones. Workaround: Configure the same time zone for the Dedicated Log Collectors you are querying. Log in to the Log Collector CLI. Set the time zone for the Dedicated Log Collector. admin> configure admin# set deviceconfig timezone <time_zone> admin# commit

Associated Content and Software Versions