PAN-OS 10.2.13-h16 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
PAN-OS 10.2.13-h16 Addressed Issues
Addressed issues for the PAN-OS 10.2.13-h16 general available hotfix
release.
Issue ID | Description |
---|---|
PAN-298907
|
Fixed an issue on PA-VM in AWS where, in a two-arm deployment
integrated with Gateway Load Balancer (GWLB), the firewall did not
preserve the GENEVE source port for internet traffic, resulting in
increased latency. The fix ensures the firewall preserves the outer
UDP source port of GENEVE encapsulation when sending traffic back to
GWLB.
|
PAN-298505
|
Fixed an issue where, after upgrading an HA pair of PA-7050
firewalls, the vsys ID changed in sequence, causing autocommit
failures with validation errors. This occurred when the multi-vsys
firewall had virtual systems created and pushed from Panorama, and
the vsys ID was not in a correct sequence because the unused vsys
was deleted from Panorama and pushed to devices.
|
PAN-296519
|
Fixed an issue where a stream receiving a reconnect signal with an
associated error in Wifclient caused the entire pool to
close, which resulted in a complete disconnection.
|
PAN-296478
|
Fixed an issue where, after upgrading to PAN-OS 10.2.13-h10,
GlobalProtect Clientless VPN on PA-3250 firewalls failed to execute
JavaScript links, resulting in an authorization error. This occurred
because the firewall was incorrectly injecting text into URLs when
JavaScript buttons or dropdown menus were clicked within the
Clientless VPN portal.
|
PAN-296261
|
Fixed an issue where scheduled custom reports generated through
Panorama were blank (Monitor > Reports) due
to a malformed JSON response from the reportd
process.
|
PAN-295342
|
Fixed an issue where the pan_comm process stopped
responding due to insufficient time allocated to read file
descriptors when processing long messages.
|
PAN-293879
|
Fixed an issue on the firewall where the VM monitor source remained
in the Getting All status, which prevented
dynamic address groups from updating IP addresses for new EC2
instances. This issue occurred due to a race condition where two
threads that simultaneously retrieved IP address tag information
from AWS VM monitoring sources became stuck while reading the XML
file.
|
PAN-293673
|
Fixed an issue where the firewall stopped all tasks due to an OOM
condition caused by a scheduled log export using FTP to an external
FTP server.
|
PAN-292539
|
(CN-Series firewalls only) Fixed an issue where the firewall
generated incomplete or corrupted tech support files (TSF) due to
high disk usage on the management plane.
|
PAN-291174
|
Fixed an issue where Real Time Streaming Protocol (RTSP) video
streams did not work when connected through GlobalProtect due to the
firewall blocking 200 OK responses. This occurred because of
incorrect NAT translations for the 200 OK message from the server.
|
PAN-290996
|
Fixed an issue where SNMP walks returned a value of 0 for the CPS
(Connections Per Second) per vsys on firewalls after upgrading to
PAN-OS 11.1.6-h3, even when active connections were present.
|
PAN-290088
|
Fixed an issue where a memory leak occurred related to the
configd process when pushing configurations from
Panorama to a firewall. This occurred when the configurations
contained shared policy rules.
|
PAN-289239
|
Fixed an issue on Panorama where a new virtual system (vsys) was
automatically created with the name of a device group.
|
PAN-288158
|
(VM-Series firewalls) only Fixed an issue where the firewall
became inaccessible via the web interface and SSH and remained in an
initializing state.
|
PAN-287842
|
Fixed an issue where the comm process stopped responding
due to missing heartbeats, which resulted in a system alert and HA
communication loss on slot1.
|
PAN-287818
|
Fixed an issue where sessions timed out sooner than expected due to
the pan_proxy_accumulation
_restore_timeout not initiating when
the accumulationsession_init failed.
|
PAN-287734
|
Fixed an issue where the error message Scan ERR: Internal
Err 1002 was generated unexpectedly when WIF shared
memory use was high.
|
PAN-287035
|
Fixed an issue where, when an application stopped responding, a large
file was created in the /opt/panlogs directory, which caused the
partition to fill up.
|
PAN-287023
|
Fixed an issue where a large number of logs caused the
logrcvr process to stop responding.
|
PAN-286615
|
Fixed an issue where the firewall double-freed shared memory when the
shared memory usage reached 100% when sending large payloads. This
occurred when DLP, Advanced Advanced Threat Protection (ATP),
Advanced WildFire (AWF), or Advanced URL Filtering were enabled.
|
PAN-284003
|
Fixed an issue where clients did not receive a valid response when
when searching a website due to a compression error.
|
PAN-286231
|
Fixed an issue where a simultaneous selective push from Panorama to
multiple firewalls with different base configurations resulted in
configuration corruption, which caused the firewall to go down.
|
PAN-279901
|
Fixed an issue where the firewall dropped client hello packets when
decryption was enabled, which prevented access to certain websites.
This occurred when the client hello packet was truncated, the
accumulation proxy assumed that the first packet contains at least 5
bytes, or out-of-order packets were waiting in L4 TCP.
|
PAN-279500
|
Fixed an issue where TLS connections failed to establish in
asymmetric routing environments if the firewall did not see
server-to-client (s2c) packets of the TLS handshake.
To use this fix, run the following CLI command: debug
dataplane set ssl-decrypt accumulate-client-hello asym-disable
yes.
|
PAN-278288
|
Fixed an issue where IPv6 BGP peering established between virtual
routers even without dataplane connectivity. This occurred because
the firewall used the kernel for lookups instead of the
dataplane.
To use this fix, run the following CLI command: set
system setting loopback-workaround enable
|
PAN-276795
|
Fixed an issue where the GlobalProtect client displayed an error
message when you clicked Check Now and
Preferred Releases and Base
Releases were unchecked (Device > Software).
|
PAN-272812
|
Fixed an issue where SNMP monitoring of tunnel interfaces displayed
zero values for received bytes and packets.
|
PAN-271701
|
Fixed an issue where Advanced Services, App-ID Cloud Engine (ACE),
and Enhanced Application Log stopped working due to incorrect memory
usage accounting, which caused memory usage to remain at 99% after
an extended period of time.
|
PAN-266653
|
Fixed an issue where unexpected path monitor failures caused the
firewall to stop responding.
|
PAN-267444
|
Fixed an issue where large file downloads or uploads failed or
remained in an incomplete state when using DLP HTTP2 mirror mode.
|
PAN-266279
|
Fixed an issue on Panorama where the default version of IKE gateway
was not set to IKEv2 only mode, which caused VPN establishment
issues if the firewall recognized a new configuration as IKEv1.
|
PAN-261825
|
Fixed an issue where traffic was dropped when Data Loss Prevention or
Advanced URL Filtering were enabled. This occurred when the payload
size was greater than 3.5 KB.
|
PAN-259741
|
Fixed an issue where the firewall dropped GRE keepalive packets that
were encapsulated under another GRE tunnel.
|
PAN-259076
|
Fixed an issue where the firewall displayed an OCSP/CRL check failure
when accessing websites.
|
PAN-255860
|
(PA-5200 firewalls only) Fixed an issue where the
all_pktproc process stopped responding when the
firewall was under a heavy traffic load.
|
PAN-255619
|
Fixed an intermittent issue where file downloads from websites failed
when decrypting HTTP/2 traffic.
|
PAN-253485
|
(Firewalls in active/passive HA configurations only) Fixed
an issue where dataplane packet capture filter configuration failed
on the active firewall with the error op command for
client dagger timed out as client is not
available.
|
PAN-250146
|
Fixed an issue on the web interface where templates incorrectly
showed that telemetry was enabled when it was not enabled. With this
fix, the telemetry setting is not displayed in the template on the
web interface.
|
PAN-247575
|
Fixed an issue where the error message import of
failed. Please check the validity of the key pair and try
again for unmatched keys for EC certificates.
|
PAN-245064
|
(Multi-vsys firewalls only) Fixed an issue where commits
failed on the firewall after selecting Export or push
device config bundle on Panorama and a force push
was required.
|
PAN-242602
|
Fixed an issue where GlobalProtect clients experienced slow SMB-V3
download throughput when passing through a Prisma IPSec tunnel and
the firewall and the SMB-V3 session owner dataplane was the same as
the IPSec-ESP tunnel on the multi-dataplane firewall.
|
PAN-241536
|
Fixed an issue on Panorama where admin users with the Custom Panorama
Admin role were unable to add, edit, or delete route filters under Routing Profiles.
|
PAN-231386
|
Fixed an issue where the configd process stopped
responding during certificate verification.
|
PAN-220293
|
Fixed an issue where the firewall management plane could not display
BGP peer details when using the CLI command show
advanced-routing bgp peer detail logical-router.
This was due to the bgp_frr.py script
failing to parse the IPv6 address family section of the
show ip bgp neighbors json output.
|
PAN-202905
|
Fixed an issue on the firewall web interface where the
Next Hop value was not displayed in the
static route configuration, the admin-dist
values were empty, and the path-monitor parameters were not listed
in the management server web interface when the firewall was
configured in FRR mode.
|