(

PA-3410, PA-3420, and PA-3430 firewalls only

) Fixed an issue where the install failed when upgrading from PAN-OS 10.2.3-h3 and later 10.2 releases to PAN-OS 10.2.10 due to the number of configured vsys zones exceeding the zone limit in PAN-OS 10.2.10.

Fixed an issue where the varrcvr process stopped responding after running out of memory due to how the process queued and dequeued files for WildFire file forwarding when a WildFire Analysis Security Profile was enabled.

(

PA-5450 firewalls only

) Fixed an issue where the chassis shut down when FAN1 was removed.

Fixed an issue where performing a configuration commit on a firewall locally or from Panorama caused a memory leak related to the configd process and resulted in an out-of-memory (OOM) condition.

(

CN-Series firewalls only

) Fixed an issue where the CLI command

show system setting ctd state

did not work as expected.

Fixed an issue related to the varrcvr process where the management plane CPU was higher than expected during WildFire updates.

Fixed an issue on Panorama where the reportd process stopped responding, which caused a log query issue.

"Fixed an issue on the web interface where

Match Evidence

log details for

Monitor > Correlated events

did not populate."

Fixed an issue on the firewall where disk space was low in

/opt/pancfg/

, which caused dynamic content installation to fail.

(

VM-Series firewalls in HA configurations only

) Fixed an issue where BGP routes from the active firewall were lost when the passive firewall was rebooted.

Fixed an issue where the configd process stopped responding when

Commit and Push

operations were performed on multiple device groups.

(

CN-Series firewalls only

) Fixed an issue where the system database key that stored the configuration status of the dataplane pod was not updated frequently.

Fixed an issue where the firewall did not handle error code 500 responses from the WildFire cloud correctly.

Fixed an issue where the firewall restarted when the parsing of the cross-pkt http origin header failed when processing a translator website.

Fixed an issue where inbound decryption did not work when FIPS self-tests were turned on.

Fixed an issue on log collectors where the incoming log rate was lower than expected.

Fixed an issue on Panorama appliances in large-scale deployments where configd process core files consumed more space in the /opt/panlogs partition than was available.

Fixed an issue where the logrcvr process stopped responding, which caused commits to fail with the error message

Management server failed to send phase 1 to client logrcvr

.

Fixed an issue where device telemetry failed after upgrading due to bundle generation failure.

Fixed an issue on the Panorama web interface where no content was displayed after logging in.

(

VM-Series firewalls on Amazon Web Services (AWS) environments only

) Fixed an issue where the firewall did not perform MSS clamping when GWLB endpoints were mapped to static subinterfaces.

Fixed an issue on Panorama where commits failed when Advanced Routing was enabled.

Fixed an issue where the useridd process stopped responding, which caused the firewall to reboot.

Fixed an issue where the firewall decrypted traffic unexpectedly when the client hello was spread across multiple packets.

Fixed an issue where failover was not triggered when multiple processes stopped responding.

(

PA-5450 Series firewalls only

) Fixed an issue where the firewall rebooted unexpectedly during an upgrade.

(

VM-Series firewalls in Microsoft Azure environments only

) Fixed an issue where the firewall restarted after an HA failover when DPDK was enabled.

Fixed an issue where turning off mprelay logging caused mprelay heartbeat failure.

Fixed an issue where inconsistent FIB entries across the dataplane were not detected.

Fixed an issue where the all-task process stopped responding with DNS traffic due to an incorrect cleanup by pan_free.

Fixed an issue where scheduled email reports failed if the @ symbol before the mail client was missing.

Fixed an issue where the DHCP was unable to find the interface, which resulted in the DHCP process and all connected DHCP services to stop responding.

Fixed an issue where you were unable to revert a sort in the task manager in the

Admin

column.

Fixed an issue where the vldmgr process incorrectly restarted during an Elasticsearch restart.

(

Firewalls in active/passive HA configurations only

) Fixed an issue where HA sync messages from the active firewall took longer than expected to reach the passive firewall.

Fixed an issue where the log_index was suspended and corrupted BDX files flooded the index_log.

Fixed an issue where changing the firewall's DNS servers could lead to connectivity to the hostname-configured User-ID agent.

(

PA-400 Series firewalls only

) Fixed an issue where HA link-monitor did not work.

Fixed an issue where log collectors stopped responding when gathering reports from Panorama.

Fixed an issue where the routed process created excessive logs in the log file.

Fixed an issue where, when a device group was not successfully renamed, unexpected configuration changes to the device group structure occurred.

Fixed an issue where static route path monitor packets from a multislot chassis were intercepted by the firewall performing Static NAT (SNAT).

Fixed an issue with firewalls in active/passive HA configurations where the passive firewall displayed the error message

Unable to read QSFP Module ID

when the passive link state was set to shutdown.

Fixed an issue where logs were intermittently missing on the log collector due to missing aliases for some indices.

Fixed an issue where firewalls generated link-change system logs for SFP ports even when no cable was connected to the ports.

Fixed an issue where the Traffic log displayed 0 bytes for denied sessions.

(

PA-1420 firewalls only

) Fixed an issue where the all_task process stopped responding, which caused the firewall to become unresponsive.

Fixed an issue where the firewall was unable to purge expired GTP-U sessions that remained as allocated sessions even after the TTL was expired.

Fixed an issue where a proxy server was used for external dynamic list communication even when the dataplane interface was configured through service routes.

Fixed an issue where the character limit for

dgname

exceeded the supported number of characters (31), which caused device group names to be partially displayed during a validate operation.

(

VM-Series firewalls only

) Fixed an issue where the firewall sent packets to its own interface after configuring NAT64.

Fixed an issue on firewalls in active/passive HA configurations where the passive firewall incorrectly became active after a reboot.

Fixed an issue where the daily summary report displayed IPv6 addresses instead of IPv4 addresses.

Fixed an issue with the firewall web interface where local SSL decryption exclusion cache entries were not visible.

(

PA-7000 Series firewalls only

) Fixed an issue where the Log Forwarding Card (LFC) disk quota usage was reported as 0 MB for all log types.

Fixed an issue where device group and template administrators with access to a specific virtual system were able to see logs for all virtual systems via Context Switch.

Fixed an issue where the DHCP server sent DHCP ACK messages as broadcasts instead of unicasts when responding to DHCP INFORM messages.

Fixed an issue where commits failed with the error message

Error: Max. user groups used in policy 1389 exceed capacity (1000)

.

Fixed an issue where an Advanced Routing BGP session flapped with commits when BGP peer authentication was enabled.

Fixed an issue where the Network Packet Broker (NPB) user interface was incorrectly displayed on unsupported platforms.

(

PA-7050 firewalls only

) Fixed an issue related to brdagent process errors.

Fixed an issue where the brdagent process stopped responding after an upgrade due to initialization failure.

Fixed an issue where the all_task process stopped responding due to high wifclient memory usage, which caused the firewall to reboot.

Fixed an issue where IP address checksums were calculated incorrectly.

Fixed an issue where

Push All Changes

displayed changes that were already committed in the push scope for another device group after performing a selective commit and selective push to the first device group.

Fixed an issue where the CLI command settings for

set system setting logging max-log-rate

did not persist after a mgmtsrvr process restart.

Fixed an issue on Panorama where generating UAR reports for 30 days or more was slower than expected, and reports showed the same logs repeatedly in a loop.

Fixed an issue where excessive network path monitoring messages were generated in the system logs.

Fixed an issue on the firewall that caused the LFC to stop responding, which impacted logging capability.

Fixed an issue on the web interface where the Security policy rule hit count remained at 0 for some rules even though the traffic logs showed live hits.

Fixed an issue where the CLI command

show logging-status

did not correctly display the last log created and forwarded timestamps.

(

PA-5450 and PA-400 firewalls only

) Fixed an issue where the

request shutdown system

CLI command did not completely shut down the system.

Fixed an issue where the

log-start

and

log-end

policy rule filters did not return reliable results when set to

no

or

yes

.

Fixed an issue where local reports and scheduled reports displayed different data.

Fixed an issue where GlobalProtect authentication failed when new users were added to an existing local database group user list.

Fixed an issue where template configurations were not properly pushed to the firewall during an export or push of the device configuration bundle.

Fixed an issue where selecting a threat name under Threat Monitor displayed the threat ID instead of the threat name.

(

PA-5450 firewalls only

) Fixed an issue where, when a log interface was configured, the log interface and the management interface remained connected to the log collector when upgrading to PAN-OS 10.2.2.

Fixed an issue related to the configd process where Panorama displayed the error

Server not responding

when editing policy rules.

Fixed an issue where username fields under

Policies

were marked with the same color as the first tag associated to that rule.

(

PA-5450 firewalls only

) Fixed an issue where the firewall accepted 12 Aggregate Ethernet interfaces, but you were unable to configure interfaces 9-12 via the web interface.

Fixed an issue on the web interface where Antivirus updates were not able to be downloaded and installed unless Apps and Threads updates were downloaded and installed first, and the Antivirus content list displayed as blank. The resulting error message from the update server was also not reflected in the web interface.

Fixed an issue where console sessions were not cleared after the set idle timeout value.