PAN-OS 10.2.10-h27 Addressed Issues
Focus
Focus

PAN-OS 10.2.10-h27 Addressed Issues

Table of Contents

PAN-OS 10.2.10-h27 Addressed Issues

Addressed issues for the PAN-OS 10.2.10-h27 general available hotfix release.
Issue IDDescription
PAN-297261
Fixed an issue where the proxy-protocol debug level was set to verbose on Prisma Access instances, even when it was not explicitly configured, which caused excessive logging by the pan_task process.
PAN-296519
Fixed an issue where a stream receiving a reconnect signal with an associated error in Wifclient caused the entire pool to close, which resulted in a complete disconnection.
PAN-296478
Fixed an issue where, after upgrading to PAN-OS 10.2.13-h10, GlobalProtect Clientless VPN on PA-3250 firewalls failed to execute JavaScript links, resulting in an authorization error. This occurred because the firewall was incorrectly injecting text into URLs when JavaScript buttons or dropdown menus were clicked within the Clientless VPN portal.
PAN-295812
Fixed an issue where the throughput data on the Switch Card Module (SCM) was not accurately reported. This issue affected Standard SC USABN and USABN-2 when using Direct-IO deployment.
PAN-291635
Fixed an issue where cookie surrogate cache entries remained unresolved after an idmgr process reset due to the request not being retransmitted. This occurred because the timestamp in the cache entry was refreshed even when the UID was 0, which prevented the retransmission of the request if the initial response was not received.
PAN-290088
Fixed an issue where a memory leak occurred related to the configd process when pushing configurations from Panorama to a firewall. This occurred when the configurations contained shared policy rules.
PAN-289239
Fixed an issue on Panorama where a new virtual system (vsys) was automatically created with the name of a device group.
PAN-287818
Fixed an issue where sessions timed out sooner than expected due to the pan_proxy_accumulation _restore_timeout not initiating when the accumulationsession_init failed.
PAN-287023
Fixed an issue where a large number of logs caused the logrcvr process to stop responding.
PAN-287002
A fix was made to address CVE-2025-0133.
PAN-286296
Fixed an issue where the Prisma Access gateway experienced process restarts and system reboots.
PAN-285298
Fixed an issue where the firewall became unresponsive when the show user user- ids user all CLI command was executed repeatedly on large scale LDAP group mappings, and you were unable to connect to the gateways with the error message The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect.
PAN-284066
Fixed an issue where, after an upgrade, the SNMP polled values for IF-MIB::ifInErrors displayed a high number of errors that did not match the values in the CLI show interface command.
PAN-284003
Fixed an issue where clients did not receive a valid response when searching a website due to a compression error.
PAN-279901
Fixed an issue where the firewall dropped client hello packets when decryption was enabled, which prevented access to certain websites. This occurred when the client hello packet was truncated, the accumulation proxy assumed that the first packet contains at least 5 bytes, or out-of-order packets were waiting in L4 TCP.
PAN-279500
Fixed an issue where TLS connections failed to establish in asymmetric routing environments if the firewall did not see server-to-client (s2c) packets of the TLS handshake.
To use this fix, run the following CLI command: debug dataplane set ssl-decrypt accumulate-client-hello asym-disable yes.
PAN-279191
Fixed an issue where a GlobalProtect gateway stopped responding when handling HTTP/1.1 traffic with web inspection enabled.
PAN-276795
Fixed an issue where the GlobalProtect client displayed an error message when you clicked Check Now and Preferred Releases and Base Releases were unchecked (Device > Software).
PAN-274797
Fixed an issue where a DPC on slot 3 failed intermittently due to the pktlog_forwarding process restarting, which resulted in an unexpected HA failover.
PAN-273597
Fixed an issue where logs in the cloud database displayed in the Not-Resolved category but not in the local database.
PAN-271701
Fixed an issue where Advanced Services, App-ID Cloud Engine (ACE), and Enhanced Application Log stopped working due to incorrect memory usage accounting, which caused memory usage to remain at 99% after an extended period of time.
PAN-271215
A fix was made to address CVE-2025-4230.
PAN-266653
Fixed an issue where unexpected path monitor failures caused the firewall to stop responding.
PAN-264725
Fixed an issue where Auto Quarantine did not work when simplified logging was enabled.
PAN-263559
Fixed an issue where the dataplane stopped responding and the firewall unexpectedly rebooted due to multiple process restarts.
PAN-261825
Fixed an issue where traffic was dropped when Data Loss Prevention or Advanced URL Filtering were enabled. This occurred when the payload size was greater than 3.5 KB.
PAN-259741
Fixed an issue where the firewall dropped GRE keepalive packets that were encapsulated under another GRE tunnel.
PAN-259076
Fixed an issue where the firewall displayed an OCSP/CRL check failure when accessing websites.
PAN-252706
Fixed an issue where the URL filtering response page for Continue and Override did not work with IPv6 Router Advertisement (RA) or Multicast Listener Query (MLQ) for IPv6-to-IPv6 and IPv6- to-IPv4 traffic.
PAN-251241
Fixed an issue that blocked auto-discovery of the ICD Cloud server for the configured Enforcer URL.
PAN-250146
Fixed an issue on the web interface where templates incorrectly showed that telemetry was enabled when it was not enabled. With this fix, the telemetry setting is not displayed in the template on the web interface.
PAN-248740
(PA-4000 and PA-5000 Series firewalls) Fixed an issue where, when SSL decryption was enabled, you were unable to interact with the login button on some websites due to a content length mismatch error. This occurred because the firewall incorrectly flagged the final packet in the replay as send original when it contained only a gzip end marker and no data.
PAN-247575
Fixed an issue where the error message import of <issuecert> failed. Please check the validity of the key pair and try again for unmatched keys for EC certificates.
PAN-242602
Fixed an issue where GlobalProtect clients experienced slow SMB-V3 download throughput when passing through a Prisma IPSec tunnel and the firewall and the SMB-V3 session owner dataplane was the same as the IPSec-ESP tunnel on the multi-dataplane firewall.
PAN-241536
Fixed an issue on Panorama where admin users with the Custom Panorama Admin role were unable to add, edit, or delete route filters under Routing Profiles.
PAN-231386
Fixed an issue where the configd process stopped responding during certificate verification.
PAN-211910
Fixed an issue where the dnsproxyd process stopped responding during stability tests.
PAN-202905
Fixed an issue on the firewall web interface where the Next Hop value was not displayed in the static route configuration, the admin-dist values were empty, and the path-monitor parameters were not listed in the management server web interface when the firewall was configured in FRR mode.