PAN-OS 10.2.13-h10 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
PAN-OS 10.2.13-h10 Addressed Issues
Addressed issues for the PAN-OS 10.2.13-h10 general available hotfix
release.
Issue ID | Description |
---|---|
PAN-289102
|
(PA-7500 Series, PA-5410, PA-5420, PA-5430, PA-5440, PA-5445,
PA-3400 Series, PA-1400 Series, PA-400 Series, VM-Series, and
CN-Series firewalls only) Fixed a race condition issue
related to predict processing, which resulted in a dataplane restart
and traffic loss.
|
PAN-288930
|
Fixed an issue where, when ACE was enabled, traffic from cloud
applications randomly matched an incorrect
cloud-apps policy rule.
|
PAN-286475
|
Fixed an issue where the option to sort sequence numbers was missing
from Filters prefix list in the advanced
routing filters.
|
PAN-285894
|
Fixed an issue where the all_task process stopped
responding, which caused the firewall to reboot unexpectedly, and
traffic failures occurred.
|
PAN-284908
|
Fixed an issue where retrieving filenames from OneDrive resulted in a
cache miss.
|
PAN-284116
|
Fixed an issue where mTLS decryption bypass did not work when the
decryption profile was configured with the maximum TLS version as
TLS 1.3.
|
PAN-284066
|
Fixed an issue where, after an upgrade, the SNMP polled values for
IF-MIB::ifInErrors displayed a high
number of errors that did not match the values in the CLI show
interface command.
|
PAN-283467
|
(PA-3400 Series firewalls only) Fixed an issue where the
firewall unexpectedly rebooted and entered maintenance mode due to a
ctd-agent out-of-memory (OOM) condition. This occurred during
advanced services load testing and a high volume of IoT EAL log
forwarding.
|
PAN-283331
|
Fixed an issue where selective pushes to managed devices failed when
the User ID Master Device was configured.
|
PAN-282640
|
Fixed an issue where custom reports showed incomplete data when
exported in CSV format from Panorama.
|
PAN-281797
|
Fixed an issue where firewalls became unstable and stopped
responding, which resulted in an OOM condition.
|
PAN-280698
|
Fixed an issue where the firewall removed the TCP timestamp from
client hello messages that did not fit in a single packet, which
resulted in connection issues.
|
PAN-280505
|
Fixed an issue where the web interface did not display a message to
commit prior changes before attempting a partial configuration load.
|
PAN-280409
|
Fixed an issue where the popup window did not appear as expected for
Clientless VPN users.
|
PAN-279706
|
(M-600 appliances only) Fixed an issue where Panorama did
not update all panreplay database
entries after performing a commit and full push to all devices.
|
PAN-279336
|
Fixed an issue where the CLI did not display a message to commit
prior changes before loading a partial configuration.
|
PAN-279176
|
Fixed an issue where the configuration audit displayed inaccurate
information after partially loading the configuration via the CLI,
which caused the audit to flag the configuration as deleted or
changed.
|
PAN-277755
|
Fixed an issue that caused the request system
private-data-reset CLI command to fail.
|
PAN-277617
|
Fixed an issue where deleting the NTP server address caused a commit
validation error. This occurred when the configuration included both
primary and secondary NTP servers and the secondary server was
removed.
|
PAN-273949
|
Fixed an issue where the firewall generated the following error
message in the snmpd logs:
pan_get_keystr_from_cryptod
(pan_snmpinterface.c:181): Key X2F1dGhfa2V5 import from
cryptod failed.
|
PAN-271432
|
Fixed an issue where the firewall was unable to decrypt SSL traffic
when using forward proxy and HSM with an ECDSA signing certificate.
|
PAN-271175
|
Fixed an issue where the all_task process stopped
responding with a SIGABRT.
|
PAN-270849
|
Fixed a memory leak issue related to the configd process
that occurred when running consecutive commits for multiple days.
|
PAN-270248
|
Fixed an issue where the firewall failed to forward logs to a SNMP
trap server if the SNMP manager IP address was unable to be
resolved.
|
PAN-270193
|
Fixed an issue where the Panorama management server changed its
certificate authority (CA) unexpectedly, which caused managed
firewalls to disconnect.
|
PAN-269700
|
Fixed an issue where commits to service connection firewalls from
Panorama failed.
|
PAN-269499
|
Fixed an issue where the firewall stopped responding when receiving a
high number of logs.
|
PAN-268708
|
Fixed an issue where PDF summary and email reports displayed IPv6
addresses instead of IPv4 addresses.
|
PAN-268614
|
Fixed an issue on the web interface where, when all rules were
highlighted when a read-only admin user clicked the
Highlight Unused Rules checkbox.
|
PAN-268313
|
Fixed an issue where the Priority Code Point (PCP) bits in the VLAN
header were not reset to 0 when a packet was received from one Layer
3 tagged interface and forwarded to another, which resulted in
dropped packets. To use this fix, run the CLI command
set force-vlan-pcp-reset yes and
reboot the firewall.
|
PAN-268017
|
Fixed an issue where the IP address-to-user mapping timeout was
triggered and the Inactivity TTL was refreshed unexpectedly
|
PAN-265782
|
Fixed an issue on Panorama where, after you enabled multihop in a BFD
profile, you were unable to disable it via the web interface.
|
PAN-264883
|
(PA-7080 appliances with LPCs only) Fixed an issue where
syslog forwarding over TCP stopped after upgrading.
|
PAN-264040
|
Fixed an issue where AAAA DNS queries went out even when
IPv6 firewalling was disabled.
|
PAN-262593
|
Fixed an issue where traffic to websites failed on the Google Chrome
web browser on Secure Web Gateway (SWG) nodes.
|
PAN-261429
|
Fixed an issue where the show auth
radius-require-msg-authentic command CLI
displayed no output.
|
PAN-260132
|
Fixed an issue where secondary IP addresses with a /32 prefix
configured on Layer 3 interfaces were not reachable in FRR mode.
|
PAN-257117
|
Fixed an issue where CSV or PDF exports of zones did not contain all
zones.
|
PAN-255914
|
(VM-Series firewalls on Amazon Web Services (AWS) environments
only) Fixed an issue where a newly bootstrapped firewall
required a management server restart, relicensing, or license push
from Panorama to invoke the device certificate.
|
PAN-255759
|
Fixed an issue where the firewall was unable to match HIP data with
the correct anti-malware object for Windows Defender.
|
PAN-255654
|
Fixed an issue where, when QoS was enabled on aggregate interfaces,
the maximum aggregate interface throughput was capped, which limited
network traffic. This occurred even with default QoS settings and no
configured egress max-bandwidth.
|
PAN-253187
|
(PA-5450 firewalls only) Fixed an issue where the class of
service (CoS) priority bit was not modified, causing access points
to lose connectivity to the wireless controller when traffic was
routed through the firewall.
|
PAN-241230
|
Fixed an issue where the SNMP get request status value for Panorama
connections was incorrect.
|
PAN-224729
|
Fixed an issue where you were unable to create duplicate entries in
Advanced Routing AS path prepend in the BGP filter route map.
|
PAN-224020
|
Fixed an issue where CIE validation checks on the firewall prevented
configuration pushes from Panorama, which resulted in commit
failures during new firewall deployment. This occurred when a
template with an Authentication Profile with the
Authentication Type as Cloud
Authentication Service was pushed to a newly
deployed firewall without internet access or without a device
certificate.
|
PAN-222307
|
(M-600 appliances only) Fixed an issue where the
reportd process stopped responding.
|
PAN-212182
|
Fixed an issue where TLS 1.3 connections failed if the server sent a
certificate request after sending its certificate.
|
PAN-201298
|
Fixed an issue where unknown TCP traffic caused errors and high
shared memory usage.
|