PAN-OS 10.2.13-h10 Addressed Issues
Focus
Focus

PAN-OS 10.2.13-h10 Addressed Issues

Table of Contents

PAN-OS 10.2.13-h10 Addressed Issues

Addressed issues for the PAN-OS 10.2.13-h10 general available hotfix release.
Issue IDDescription
PAN-289102
(PA-7500 Series, PA-5410, PA-5420, PA-5430, PA-5440, PA-5445, PA-3400 Series, PA-1400 Series, PA-400 Series, VM-Series, and CN-Series firewalls only) Fixed a race condition issue related to predict processing, which resulted in a dataplane restart and traffic loss.
PAN-288930
Fixed an issue where, when ACE was enabled, traffic from cloud applications randomly matched an incorrect cloud-apps policy rule.
PAN-286475
Fixed an issue where the option to sort sequence numbers was missing from Filters prefix list in the advanced routing filters.
PAN-285894
Fixed an issue where the all_task process stopped responding, which caused the firewall to reboot unexpectedly, and traffic failures occurred.
PAN-284908
Fixed an issue where retrieving filenames from OneDrive resulted in a cache miss.
PAN-284116
Fixed an issue where mTLS decryption bypass did not work when the decryption profile was configured with the maximum TLS version as TLS 1.3.
PAN-284066
Fixed an issue where, after an upgrade, the SNMP polled values for IF-MIB::ifInErrors displayed a high number of errors that did not match the values in the CLI show interface command.
PAN-283467
(PA-3400 Series firewalls only) Fixed an issue where the firewall unexpectedly rebooted and entered maintenance mode due to a ctd-agent out-of-memory (OOM) condition. This occurred during advanced services load testing and a high volume of IoT EAL log forwarding.
PAN-283331
Fixed an issue where selective pushes to managed devices failed when the User ID Master Device was configured.
PAN-282640
Fixed an issue where custom reports showed incomplete data when exported in CSV format from Panorama.
PAN-281797
Fixed an issue where firewalls became unstable and stopped responding, which resulted in an OOM condition.
PAN-280698
Fixed an issue where the firewall removed the TCP timestamp from client hello messages that did not fit in a single packet, which resulted in connection issues.
PAN-280505
Fixed an issue where the web interface did not display a message to commit prior changes before attempting a partial configuration load.
PAN-280409
Fixed an issue where the popup window did not appear as expected for Clientless VPN users.
PAN-279706
(M-600 appliances only) Fixed an issue where Panorama did not update all panreplay database entries after performing a commit and full push to all devices.
PAN-279336
Fixed an issue where the CLI did not display a message to commit prior changes before loading a partial configuration.
PAN-279176
Fixed an issue where the configuration audit displayed inaccurate information after partially loading the configuration via the CLI, which caused the audit to flag the configuration as deleted or changed.
PAN-277755
Fixed an issue that caused the request system private-data-reset CLI command to fail.
PAN-277617
Fixed an issue where deleting the NTP server address caused a commit validation error. This occurred when the configuration included both primary and secondary NTP servers and the secondary server was removed.
PAN-273949
Fixed an issue where the firewall generated the following error message in the snmpd logs: pan_get_keystr_from_cryptod
(pan_snmpinterface.c:181): Key X2F1dGhfa2V5 import from cryptod failed.
PAN-271432
Fixed an issue where the firewall was unable to decrypt SSL traffic when using forward proxy and HSM with an ECDSA signing certificate.
PAN-271175
Fixed an issue where the all_task process stopped responding with a SIGABRT.
PAN-270849
Fixed a memory leak issue related to the configd process that occurred when running consecutive commits for multiple days.
PAN-270248
Fixed an issue where the firewall failed to forward logs to a SNMP trap server if the SNMP manager IP address was unable to be resolved.
PAN-270193
Fixed an issue where the Panorama management server changed its certificate authority (CA) unexpectedly, which caused managed firewalls to disconnect.
PAN-269700
Fixed an issue where commits to service connection firewalls from Panorama failed.
PAN-269499
Fixed an issue where the firewall stopped responding when receiving a high number of logs.
PAN-268708
Fixed an issue where PDF summary and email reports displayed IPv6 addresses instead of IPv4 addresses.
PAN-268614
Fixed an issue on the web interface where, when all rules were highlighted when a read-only admin user clicked the Highlight Unused Rules checkbox.
PAN-268313
Fixed an issue where the Priority Code Point (PCP) bits in the VLAN header were not reset to 0 when a packet was received from one Layer 3 tagged interface and forwarded to another, which resulted in dropped packets. To use this fix, run the CLI command set force-vlan-pcp-reset yes and reboot the firewall.
PAN-268017
Fixed an issue where the IP address-to-user mapping timeout was triggered and the Inactivity TTL was refreshed unexpectedly
PAN-265782
Fixed an issue on Panorama where, after you enabled multihop in a BFD profile, you were unable to disable it via the web interface.
PAN-264883
(PA-7080 appliances with LPCs only) Fixed an issue where syslog forwarding over TCP stopped after upgrading.
PAN-264040
Fixed an issue where AAAA DNS queries went out even when IPv6 firewalling was disabled.
PAN-262593
Fixed an issue where traffic to websites failed on the Google Chrome web browser on Secure Web Gateway (SWG) nodes.
PAN-261429
Fixed an issue where the show auth radius-require-msg-authentic command CLI displayed no output.
PAN-260132
Fixed an issue where secondary IP addresses with a /32 prefix configured on Layer 3 interfaces were not reachable in FRR mode.
PAN-257117
Fixed an issue where CSV or PDF exports of zones did not contain all zones.
PAN-255914
(VM-Series firewalls on Amazon Web Services (AWS) environments only) Fixed an issue where a newly bootstrapped firewall required a management server restart, relicensing, or license push from Panorama to invoke the device certificate.
PAN-255759
Fixed an issue where the firewall was unable to match HIP data with the correct anti-malware object for Windows Defender.
PAN-255654
Fixed an issue where, when QoS was enabled on aggregate interfaces, the maximum aggregate interface throughput was capped, which limited network traffic. This occurred even with default QoS settings and no configured egress max-bandwidth.
PAN-253187
(PA-5450 firewalls only) Fixed an issue where the class of service (CoS) priority bit was not modified, causing access points to lose connectivity to the wireless controller when traffic was routed through the firewall.
PAN-241230
Fixed an issue where the SNMP get request status value for Panorama connections was incorrect.
PAN-224729
Fixed an issue where you were unable to create duplicate entries in Advanced Routing AS path prepend in the BGP filter route map.
PAN-224020
Fixed an issue where CIE validation checks on the firewall prevented configuration pushes from Panorama, which resulted in commit failures during new firewall deployment. This occurred when a template with an Authentication Profile with the Authentication Type as Cloud Authentication Service was pushed to a newly deployed firewall without internet access or without a device certificate.
PAN-222307
(M-600 appliances only) Fixed an issue where the reportd process stopped responding.
PAN-212182
Fixed an issue where TLS 1.3 connections failed if the server sent a certificate request after sending its certificate.
PAN-201298
Fixed an issue where unknown TCP traffic caused errors and high shared memory usage.