PAN-OS 10.2.2 Addressed Issues

PAN-OS® 10.2.2 addressed issues.
Issue ID
Fixed an issue where new logs viewed from the CLI (show log <log_type>) and new syslogs forwarded to a syslog server contained additional, erroneous entries.
Fixed an issue where, when the default port was not TCP/443, implicitly used SSL applications were blocked by the Security policy as an SSL application and did not shift to the correct application.
Fixed an issue where, when the firewall was configured for jumbo frames, an internal interface was not set with the correct MTU, which caused byte frames larger than 1500 to be dropped when a DF bit was set.
Fixed an issue where the firewall failed to forward logs to Panorama when configured with IPv6 addressing only.
Fixed an issue on the web interface where the IPSec tunnel did not gray out after disabling it.
PA-5450 firewalls only
) Fixed an issue where the hourly summary log was limited to 100,001 lines when summarized, which resulted in inconsistent report results when using summary logs.
Fixed an issue on multi-vsys firewalls where the DLP cloud service continued to exclude an application added to a shared application group (
Application Filters
) from non-file traffic inspection. This issue occurred when the application was removed from the application group or filter that was added to the
App Exclusion List
Data Filtering Profiles
Fixed an issue on Panorama where encrypted passwords were sent to firewalls on PAN-OS 10.1 releases during a multi-device group push, which caused client-based External Dynamic Lists (EDL) to fail.
Fixed an issue where you were unable to use the web interface to override IPsec tunnels pushed from Panorama
Fixed an issue where the firewall restarted due to a dnsproxy process crash.
PA-5450 firewalls only
) Fixed an issue where logs were forwarded through the management interface instead of the configured log interface to be used for forwarding.
Fixed an IoT cloud connectivity issue with the firewall dataplane when the
Data Services
service route was used and the egress interface had VLAN tagging.
Fixed an issue where the Panorama log collector group level SSH settings were not migrated to the new format when upgrading from a PAN-OS 9.1 release to a PAN-OS 10.0 release.
Fixed a memory leak that occurred when enabling XFF (x-forwarded-for) logging in a Security policy.
PA-400 Series firewalls only
) Fixed an issue where running a PAN-OS 10.2 release caused dataplane processes to restart unexpectedly.
Fixed an issue on Panorama where a deadlock in the configd process caused both the web interface and the CLI to be inaccessible.
Fixed an OOM condition caused by a memory leak issue on the useridd process.
Fixed an issue where shared address objects used as a source or destination in policies were cloned but not freed back after configuration commits.
Fixed an issue where the firewall stopped allocating new sessions with increments in the counter session_alloc_failure. This was caused by GPRS tunneling protocol (GTP-U) tunnel session aging processing issue.
Fixed an issue where the following error message flooded the system log:
Incremental update to DP failed
PA-3400 Series firewalls and PA-5410, PA-5420, and PA-5430 firewalls only
) Fixed an issue where the CLI and SNMP MIB walk did not display the model and serial number of the fan tray and PSUs.
Fixed an issue where tunnel-monitoring interface was incorrectly shown as up instead of down.
Fixed an issue on Panorama where
Validate Device Group
Commit and Push
) incorrectly issued a commit all operation instead of a validate all operation. This issue occurred when multiple device groups were included in the push.
Fixed an issue where, after upgrading to a PAN-OS 10.1 release, SaaS reports generated on Panorama did not display
Applications at a glance
and most charts were missing data on the right side of the chart.
Fixed an issue where Decryption Log entries were associated with the wrong Security policy rule.
Fixed an issue where Panorama log migration failed when old logs migrated to a newer format. This was due to older indices failing to close.
Fixed an issue where, when the firewall had Advanced Routing enabled, a static route remained active after an interface went down.
Fixed an issue where SD-WAN path monitoring failed over the interface directly connected to the ISP due to an unsupported ICMP probe format.
Fixed an issue on Panorama where commits remained at 99% due to multiple firewalls sending out CSR singing requests every 10 minutes.
Fixed an issue where commit failures occurred due to validity checks performed against self-signing certificates not evaluating
Authentication Key Identifier
Subject Key Identifier
fields were present.
Fixed an issue where Panorama displayed an error when generating a ticket to disable GlobalProtect for Prisma Access.
Fixed an issue where the
files filled up the root disk space.
Fixed an issue where icons weren't displayed for clientless VPN applications.
Fixed an issue where, when SIP traffic traversing the firewall was sent with a high Quality of Service (QoS) differentiated service code (DSCP) value, the DSCP value was reset to the default setting (CS0) for the first data packet.
(PA-7000 Series firewalls with HA clustering enabled and using HA4 communication links only
) Fixed an issue where loading PAN-OS 10.2.0 on the firewall caused the PA-7000 100G NPC (Network Processing Card) to go offline. As a result, the firewall failed to boot normally and entered maintenance.
Fixed an issue where a process all_pktproc stopped responding after upgrading the firewall.

Recommended For You