PAN-OS 10.2.10-h27 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
PAN-OS 10.2.10-h27 Addressed Issues
Addressed issues for the PAN-OS 10.2.10-h27 general available hotfix
release.
Issue ID | Description |
---|---|
PAN-297261
|
Fixed an issue where the proxy-protocol debug level was set to
verbose on Prisma Access instances,
even when it was not explicitly configured, which caused excessive
logging by the pan_task process.
|
PAN-296519
|
Fixed an issue where a stream receiving a reconnect signal with an
associated error in Wifclient caused the entire pool to
close, which resulted in a complete disconnection.
|
PAN-296478
|
Fixed an issue where, after upgrading to PAN-OS 10.2.13-h10,
GlobalProtect Clientless VPN on PA-3250 firewalls failed to execute
JavaScript links, resulting in an authorization error. This occurred
because the firewall was incorrectly injecting text into URLs when
JavaScript buttons or dropdown menus were clicked within the
Clientless VPN portal.
|
PAN-295812
|
Fixed an issue where the throughput data on the Switch Card Module
(SCM) was not accurately reported. This issue affected Standard SC
USABN and USABN-2 when using Direct-IO deployment.
|
PAN-291635
|
Fixed an issue where cookie surrogate cache entries remained
unresolved after an idmgr process reset due to the
request not being retransmitted. This occurred because the timestamp
in the cache entry was refreshed even when the UID was 0, which
prevented the retransmission of the request if the initial response
was not received.
|
PAN-290088
|
Fixed an issue where a memory leak occurred related to the
configd process when pushing configurations from
Panorama to a firewall. This occurred when the configurations
contained shared policy rules.
|
PAN-289239
|
Fixed an issue on Panorama where a new virtual system (vsys) was
automatically created with the name of a device group.
|
PAN-287818
|
Fixed an issue where sessions timed out sooner than expected due to
the pan_proxy_accumulation
_restore_timeout not initiating when
the accumulationsession_init failed.
|
PAN-287023
|
Fixed an issue where a large number of logs caused the
logrcvr process to stop responding.
|
PAN-287002
|
A fix was made to address CVE-2025-0133.
|
PAN-286296
|
Fixed an issue where the Prisma Access gateway experienced process
restarts and system reboots.
|
PAN-285298
|
Fixed an issue where the firewall became unresponsive when the
show user user- ids user all CLI
command was executed repeatedly on large scale LDAP group mappings,
and you were unable to connect to the gateways with the error
message The network connection is unreachable or the
gateway is unresponsive. Check the network connection and
reconnect.
|
PAN-284066
|
Fixed an issue where, after an upgrade, the SNMP polled values for
IF-MIB::ifInErrors displayed a high
number of errors that did not match the values in the CLI show
interface command.
|
PAN-284003
|
Fixed an issue where clients did not receive a valid response when
searching a website due to a compression error.
|
PAN-279901
|
Fixed an issue where the firewall dropped client hello packets when
decryption was enabled, which prevented access to certain websites.
This occurred when the client hello packet was truncated, the
accumulation proxy assumed that the first packet contains at least 5
bytes, or out-of-order packets were waiting in L4 TCP.
|
PAN-279500
|
Fixed an issue where TLS connections failed to establish in
asymmetric routing environments if the firewall did not see
server-to-client (s2c) packets of the TLS handshake.
To use this fix, run the following CLI command: debug
dataplane set ssl-decrypt accumulate-client-hello asym-disable
yes.
|
PAN-279191
|
Fixed an issue where a GlobalProtect gateway stopped responding when
handling HTTP/1.1 traffic with web inspection enabled.
|
PAN-276795
|
Fixed an issue where the GlobalProtect client displayed an error
message when you clicked Check Now and
Preferred Releases and Base
Releases were unchecked (Device >
Software).
|
PAN-274797
|
Fixed an issue where a DPC on slot 3 failed intermittently due to the
pktlog_forwarding process restarting, which
resulted in an unexpected HA failover.
|
PAN-273597
|
Fixed an issue where logs in the cloud database displayed in the
Not-Resolved category but not in the
local database.
|
PAN-271701
|
Fixed an issue where Advanced Services, App-ID Cloud Engine (ACE),
and Enhanced Application Log stopped working due to incorrect memory
usage accounting, which caused memory usage to remain at 99% after
an extended period of time.
|
PAN-271215
|
A fix was made to address CVE-2025-4230.
|
PAN-266653
|
Fixed an issue where unexpected path monitor failures caused the
firewall to stop responding.
|
PAN-264725
|
Fixed an issue where Auto Quarantine did not work when simplified
logging was enabled.
|
PAN-263559
|
Fixed an issue where the dataplane stopped responding and the
firewall unexpectedly rebooted due to multiple process restarts.
|
PAN-261825
|
Fixed an issue where traffic was dropped when Data Loss Prevention or
Advanced URL Filtering were enabled. This occurred when the payload
size was greater than 3.5 KB.
|
PAN-259741
|
Fixed an issue where the firewall dropped GRE keepalive packets that
were encapsulated under another GRE tunnel.
|
PAN-259076
|
Fixed an issue where the firewall displayed an OCSP/CRL check failure
when accessing websites.
|
PAN-252706
|
Fixed an issue where the URL filtering response page for
Continue and
Override did not work with IPv6 Router
Advertisement (RA) or Multicast Listener Query (MLQ) for
IPv6-to-IPv6 and IPv6- to-IPv4 traffic.
|
PAN-251241
|
Fixed an issue that blocked auto-discovery of the ICD Cloud server
for the configured Enforcer URL.
|
PAN-250146
|
Fixed an issue on the web interface where templates incorrectly
showed that telemetry was enabled when it was not enabled. With this
fix, the telemetry setting is not displayed in the template on the
web interface.
|
PAN-248740
|
(PA-4000 and PA-5000 Series firewalls) Fixed an issue where,
when SSL decryption was enabled, you were unable to interact with
the login button on some websites due to a content length mismatch
error. This occurred because the firewall incorrectly flagged the
final packet in the replay as send
original when it contained only a
gzip end marker and no data.
|
PAN-247575
|
Fixed an issue where the error message import of
<issuecert> failed. Please check the validity of the key pair
and try again for unmatched keys for EC
certificates.
|
PAN-242602
|
Fixed an issue where GlobalProtect clients experienced slow SMB-V3
download throughput when passing through a Prisma IPSec tunnel and
the firewall and the SMB-V3 session owner dataplane was the same as
the IPSec-ESP tunnel on the multi-dataplane firewall.
|
PAN-241536
|
Fixed an issue on Panorama where admin users with the Custom Panorama
Admin role were unable to add, edit, or delete route filters under
Routing Profiles.
|
PAN-231386
|
Fixed an issue where the configd process
stopped responding during certificate verification.
|
PAN-211910
|
Fixed an issue where the dnsproxyd process
stopped responding during stability tests.
|
PAN-202905
|
Fixed an issue on the firewall web interface where the
Next Hop value was not displayed in the
static route configuration, the admin-dist
values were empty, and the path-monitor parameters were not listed
in the management server web interface when the firewall was
configured in FRR mode.
|