PAN-OS 10.2.10-h21 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
PAN-OS 10.2.10-h21 Addressed Issues
Addressed issues for the PAN-OS 10.2.10-h21 general available hotfix
release.
Issue ID | Description |
---|---|
PAN-291060
|
Fixed an issue where commits failed due to the configured connected
gateway IPv6 address in the NAT64 policy exceeding the 31 character
limit.
|
PAN-288930
|
Fixed an issue where, when ACE was enabled, traffic from cloud
applications randomly matched an incorrect
cloud-apps policy rule.
|
PAN-286475
|
Fixed an issue where the option to sort sequence numbers was missing
from Filters prefix list in the advanced
routing filters.
|
PAN-284908
|
Fixed an issue where retrieving filenames from OneDrive resulted in a
cache miss.
|
PAN-284552
|
Fixed an intermittent issue where gateway logout events were not
logged when the GlobalProtect client was unable to send a logout
notification, which resulted in the inactivity logout timer not
triggering a gateway logout event. This caused user sessions to
remain active beyond the configured inactivity timeout.
|
PAN-284116
|
Fixed an issue where mTLS decryption bypass did not work when the
decryption profile was configured with the maximum TLS version as
TLS 1.3.
|
PAN-283644
|
(Prisma Access only) Fixed an issue where URL log ingestion
decreased after an upgrade, and secondary connections were lost.
|
PAN-282640
|
Fixed an issue where custom reports showed incomplete data when
exported in CSV format from Panorama.
|
PAN-280698
|
Fixed an issue where the firewall removed the TCP timestamp from
client hello messages that did not fit in a single packet, which
resulted in connection issues.
|
PAN-280505
|
Fixed an issue where the web interface did not display a message to
commit prior changes before attempting a partial configuration load.
|
PAN-280409
|
Fixed an issue where the popup window did not appear as expected for
Clientless VPN users.
|
PAN-279621
|
Fixed an issue where processes stopped responding when HTTPS Forward
traffic was run.
|
PAN-279495
|
Fixed an issue where accessing a URL from the browser returned the
error message
ERR_RESPONSE_HEADERS_TRUNCATED when
the firewall was configured with TLS 1.3.
|
PAN-279336
|
Fixed an issue where the CLI did not display a message to commit
prior changes before loading a partial configuration.
|
PAN-279176
|
Fixed an issue where the configuration audit displayed inaccurate
information after partially loading the configuration via the CLI,
which caused the audit to flag the configuration as deleted or
changed.
|
PAN-278812
|
Fixed an issue where authentication to GlobalProtect failed with the
error message User not in allowed list.
|
PAN-277617
|
Fixed an issue where deleting the NTP server address caused a commit
validation error. This occurred when the configuration included both
primary and secondary NTP servers and the secondary server was
removed.
|
PAN-276016
|
Fixed an issue where Prisma Access cap700 instances did not insert
HTTP headers when accessing certain Google domains if the 32 byte
pool size was low.
|
PAN-273949
|
Fixed an issue where the firewall generated the following error
message in the snmpd logs:
pan_get_keystr_from_cryptod
(pan_snmpinterface.c:181): Key X2F1dGhfa2V5 import from
cryptod failed.
|
PAN-272539
|
(Panorama appliances on Microsoft Azure environments only)
Fixed an issue where user to IP address mapping was missing for some
users connected to specific Prisma Access gateways, which caused the
collection layer Azure firewall to not form the mapping.
|
PAN-271432
|
Fixed an issue where the firewall was unable to decrypt SSL traffic
when using forward proxy and HSM with an ECDSA signing certificate.
|
PAN-270849
|
Fixed a memory leak issue related to the configd process
that occurred when running consecutive commits for multiple days.
|
PAN-269624
|
Fixed an issue where GlobalProtect clients failed to connect with the
error message The device or feature requires a
GlobalProtect subscription license.
|
PAN-268909
|
Fixed an issue where IP address tags were removed from firewalls
after a management server or useridd process restart.
This occurred when a Panorama serial-number based configuration was
used for User-ID redistribution.
|
PAN-268708
|
Fixed an issue where PDF summary and email reports displayed IPv6
addresses instead of IPv4 addresses.
|
PAN-268614
|
Fixed an issue on the web interface where, when all rules were
highlighted when a read-only admin user clicked the
Highlight Unused Rules checkbox.
|
PAN-268017
|
Fixed an issue where the IP address-to-user mapping timeout was
triggered and the Inactivity TTL was refreshed unexpectedly
|
PAN-265782
|
Fixed an issue on Panorama where, after you enabled multihop in a BFD
profile, you were unable to disable it via the web interface.
|
PAN-264883
|
(PA-7080 appliances with LPCs only) Fixed an issue where
syslog forwarding over TCP stopped after upgrading.
|
PAN-260796
|
Fixed an issue where servers were not accessible through an active
SSL GlobalProtect VPN tunnel until a new connection was established
or the session was cleared on the firewall.
|
PAN-260132
|
Fixed an issue where secondary IP addresses with a /32 prefix
configured on Layer 3 interfaces were not reachable in FRR mode.
|
PAN-259759
|
A fix was made to address CVE-2025-0125.
|
PAN-257624
|
Fixed an issue where the firewall web interface was blank after
logging in.
|
PAN-257117
|
Fixed an issue where CSV or PDF exports of zones did not contain all
zones.
|
PAN-255759
|
Fixed an issue where the firewall was unable to match HIP data with
the correct anti-malware object for Windows Defender.
|
PAN-255252
|
Fixed an issue where Panorama administrators with the type Dynamic
were unable to create, modify, or delete BGP Dampening profiles.
|
PAN-253829
|
Fixed an issue where the CLI command show running
security-policy timed out when the Security policy
was large.
|
PAN-253584
|
Fixed an issue where ikemgr process unexpectedly stopped
due to a memory mapping in an incorrect location.
|
PAN-252974
|
(PA-450 firewalls only) Fixed an issue where specific routes
were not advertised when BGP Aggregate was configured with the
advertise filter.
|
PAN-252270
|
Fixed an issue on the firewall where changes were incorrectly applied
after a reboot or a restart of the configd process.
|
PAN-249581
|
Fixed an issue where stale BGP routes were advertised to peers even
when they were not present in the local RIB table.
|
PAN-248975
|
Fixed an issue on the Panorama web interface where no content was
displayed after logging in.
|
PAN-243333
|
Fixed an issue where selective push operations failed with the
following error message: SelPush:Base config is
invalid! invalid configuration. Schema verification
failed. This occurred when a policy rule was
moved from the post-rule base to the pre-rule base.
|
PAN-241230
|
Fixed an issue where the SNMP get request status value for Panorama
connections was incorrect.
|
PAN-239256
|
Fixed an issue where ARP entries were unable to be completed for
subinterfaces with SNAT configured.
|
PAN-238610
|
Fixed an issue with the Panorama Virtual Appliance where, after the
mgmtsrvr restarted on the passive appliance, stale
IP address tags were pushed to the connected firewalls with the
message clear all registered ip
addresses.
|
PAN-237582
|
Fixed an issue where logs were intermittently missing on the log
collector due to missing aliases for some indices.
|
PAN-237475
|
Fixed an issue where the firewall stopped responding when FIPS mode
was enabled.
|
PAN-232530
|
Fixed an issue where the useridd process ran out of
memory and restarted when the number of user or user groups exceeded
the threshold.
|
PAN-230330
|
(PA-220 firewalls only) Fixed an issue where disk space
usage was significantly higher than expected after upgrading.
|
PAN-224729
|
Fixed an issue where you were unable to create duplicate entries in
Advanced Routing AS path prepend in the BGP filter route map.
|
PAN-224195
|
Fixed an issue where Captive Portal redirects failed with a 500
Internal error when the captive portal token was disabled.
|
PAN-221571
|
Fixed an issue on the web interface where the Security policy rule
hit count remained at 0 for some rules even though the traffic logs
showed live hits.
|
PAN-212182
|
Fixed an issue where TLS 1.3 connections failed if the server sent a
certificate request after sending its certificate.
|