PAN-OS 10.2.10-h21 Addressed Issues
Focus
Focus

PAN-OS 10.2.10-h21 Addressed Issues

Table of Contents

PAN-OS 10.2.10-h21 Addressed Issues

Addressed issues for the PAN-OS 10.2.10-h21 general available hotfix release.
Issue IDDescription
PAN-291060
Fixed an issue where commits failed due to the configured connected gateway IPv6 address in the NAT64 policy exceeding the 31 character limit.
PAN-288930
Fixed an issue where, when ACE was enabled, traffic from cloud applications randomly matched an incorrect cloud-apps policy rule.
PAN-286475
Fixed an issue where the option to sort sequence numbers was missing from Filters prefix list in the advanced routing filters.
PAN-284908
Fixed an issue where retrieving filenames from OneDrive resulted in a cache miss.
PAN-284552
Fixed an intermittent issue where gateway logout events were not logged when the GlobalProtect client was unable to send a logout notification, which resulted in the inactivity logout timer not triggering a gateway logout event. This caused user sessions to remain active beyond the configured inactivity timeout.
PAN-284116
Fixed an issue where mTLS decryption bypass did not work when the decryption profile was configured with the maximum TLS version as TLS 1.3.
PAN-283644
(Prisma Access only) Fixed an issue where URL log ingestion decreased after an upgrade, and secondary connections were lost.
PAN-282640
Fixed an issue where custom reports showed incomplete data when exported in CSV format from Panorama.
PAN-280698
Fixed an issue where the firewall removed the TCP timestamp from client hello messages that did not fit in a single packet, which resulted in connection issues.
PAN-280505
Fixed an issue where the web interface did not display a message to commit prior changes before attempting a partial configuration load.
PAN-280409
Fixed an issue where the popup window did not appear as expected for Clientless VPN users.
PAN-279621
Fixed an issue where processes stopped responding when HTTPS Forward traffic was run.
PAN-279495
Fixed an issue where accessing a URL from the browser returned the error message ERR_RESPONSE_HEADERS_TRUNCATED when the firewall was configured with TLS 1.3.
PAN-279336
Fixed an issue where the CLI did not display a message to commit prior changes before loading a partial configuration.
PAN-279176
Fixed an issue where the configuration audit displayed inaccurate information after partially loading the configuration via the CLI, which caused the audit to flag the configuration as deleted or changed.
PAN-278812
Fixed an issue where authentication to GlobalProtect failed with the error message User not in allowed list.
PAN-277617
Fixed an issue where deleting the NTP server address caused a commit validation error. This occurred when the configuration included both primary and secondary NTP servers and the secondary server was removed.
PAN-276016
Fixed an issue where Prisma Access cap700 instances did not insert HTTP headers when accessing certain Google domains if the 32 byte pool size was low.
PAN-273949
Fixed an issue where the firewall generated the following error message in the snmpd logs: pan_get_keystr_from_cryptod
(pan_snmpinterface.c:181): Key X2F1dGhfa2V5 import from cryptod failed.
PAN-272539
(Panorama appliances on Microsoft Azure environments only) Fixed an issue where user to IP address mapping was missing for some users connected to specific Prisma Access gateways, which caused the collection layer Azure firewall to not form the mapping.
PAN-271432
Fixed an issue where the firewall was unable to decrypt SSL traffic when using forward proxy and HSM with an ECDSA signing certificate.
PAN-270849
Fixed a memory leak issue related to the configd process that occurred when running consecutive commits for multiple days.
PAN-269624
Fixed an issue where GlobalProtect clients failed to connect with the error message The device or feature requires a GlobalProtect subscription license.
PAN-268909
Fixed an issue where IP address tags were removed from firewalls after a management server or useridd process restart. This occurred when a Panorama serial-number based configuration was used for User-ID redistribution.
PAN-268708
Fixed an issue where PDF summary and email reports displayed IPv6 addresses instead of IPv4 addresses.
PAN-268614
Fixed an issue on the web interface where, when all rules were highlighted when a read-only admin user clicked the Highlight Unused Rules checkbox.
PAN-268017
Fixed an issue where the IP address-to-user mapping timeout was triggered and the Inactivity TTL was refreshed unexpectedly
PAN-265782
Fixed an issue on Panorama where, after you enabled multihop in a BFD profile, you were unable to disable it via the web interface.
PAN-264883
(PA-7080 appliances with LPCs only) Fixed an issue where syslog forwarding over TCP stopped after upgrading.
PAN-260796
Fixed an issue where servers were not accessible through an active SSL GlobalProtect VPN tunnel until a new connection was established or the session was cleared on the firewall.
PAN-260132
Fixed an issue where secondary IP addresses with a /32 prefix configured on Layer 3 interfaces were not reachable in FRR mode.
PAN-259759
A fix was made to address CVE-2025-0125.
PAN-257624
Fixed an issue where the firewall web interface was blank after logging in.
PAN-257117
Fixed an issue where CSV or PDF exports of zones did not contain all zones.
PAN-255759
Fixed an issue where the firewall was unable to match HIP data with the correct anti-malware object for Windows Defender.
PAN-255252
Fixed an issue where Panorama administrators with the type Dynamic were unable to create, modify, or delete BGP Dampening profiles.
PAN-253829
Fixed an issue where the CLI command show running security-policy timed out when the Security policy was large.
PAN-253584
Fixed an issue where ikemgr process unexpectedly stopped due to a memory mapping in an incorrect location.
PAN-252974
(PA-450 firewalls only) Fixed an issue where specific routes were not advertised when BGP Aggregate was configured with the advertise filter.
PAN-252270
Fixed an issue on the firewall where changes were incorrectly applied after a reboot or a restart of the configd process.
PAN-249581
Fixed an issue where stale BGP routes were advertised to peers even when they were not present in the local RIB table.
PAN-248975
Fixed an issue on the Panorama web interface where no content was displayed after logging in.
PAN-243333
Fixed an issue where selective push operations failed with the following error message: SelPush:Base config is invalid! invalid configuration. Schema verification failed. This occurred when a policy rule was moved from the post-rule base to the pre-rule base.
PAN-241230
Fixed an issue where the SNMP get request status value for Panorama connections was incorrect.
PAN-240001
Fixed an issue where the pan_task process restarted due to configd and devsrvr process memory requirements.
PAN-239256
Fixed an issue where ARP entries were unable to be completed for subinterfaces with SNAT configured.
PAN-238610
Fixed an issue with the Panorama Virtual Appliance where, after the mgmtsrvr restarted on the passive appliance, stale IP address tags were pushed to the connected firewalls with the message clear all registered ip addresses.
PAN-237582
Fixed an issue where logs were intermittently missing on the log collector due to missing aliases for some indices.
PAN-237475
Fixed an issue where the firewall stopped responding when FIPS mode was enabled.
PAN-232530
Fixed an issue where the useridd process ran out of memory and restarted when the number of user or user groups exceeded the threshold.
PAN-230330
(PA-220 firewalls only) Fixed an issue where disk space usage was significantly higher than expected after upgrading.
PAN-224729
Fixed an issue where you were unable to create duplicate entries in Advanced Routing AS path prepend in the BGP filter route map.
PAN-224195
Fixed an issue where Captive Portal redirects failed with a 500 Internal error when the captive portal token was disabled.
PAN-222579
Fixed an issue where the useridd and distd process restarted, which resulted in missing mappings.
PAN-221571
Fixed an issue on the web interface where the Security policy rule hit count remained at 0 for some rules even though the traffic logs showed live hits.
PAN-212182
Fixed an issue where TLS 1.3 connections failed if the server sent a certificate request after sending its certificate.