PAN-OS 10.2.3 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 10.2
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
-
- Content Inspection Features
- URL Filtering Features
- Panorama Features
- Networking Features
- GlobalProtect Features
- Management Features
- Decryption Features
- App-ID Features
- IoT Security Features
- Mobile Infrastructure Security Features
- Authentication Features
- Virtualization Features
- Hardware Features
- Enterprise Data Loss Prevention Features
-
- PAN-OS 10.2.11 Known Issues
- PAN-OS 10.2.11-h12 Addressed Issues
- PAN-OS 10.2.11-h10 Addressed Issues
- PAN-OS 10.2.11-h9 Addressed Issues
- PAN-OS 10.2.11-h6 Addressed Issues
- PAN-OS 10.2.11-h4 Addressed Issues
- PAN-OS 10.2.11-h3 Addressed Issues
- PAN-OS 10.2.11-h2 Addressed Issues
- PAN-OS 10.2.11-h1 Addressed Issues
- PAN-OS 10.2.11 Addressed Issues
-
- PAN-OS 10.2.10 Known Issues
- PAN-OS 10.2.10-h17 Addressed Issues
- PAN-OS 10.2.10-h14 Addressed Issues
- PAN-OS 10.2.10-h12 Addressed Issues
- PAN-OS 10.2.10-h10 Addressed Issues
- PAN-OS 10.2.10-h9 Addressed Issues
- PAN-OS 10.2.10-h7 Addressed Issues
- PAN-OS 10.2.10-h5 Addressed Issues
- PAN-OS 10.2.10-h4 Addressed Issues
- PAN-OS 10.2.10-h3 Addressed Issues
- PAN-OS 10.2.10-h2 Addressed Issues
- PAN-OS 10.2.10 Addressed Issues
-
- PAN-OS 10.2.9 Known Issues
- PAN-OS 10.2.9-h21 Addressed Issues
- PAN-OS 10.2.9-h19 Addressed Issues
- PAN-OS 10.2.9-h18 Addressed Issues
- PAN-OS 10.2.9-h16 Addressed Issues
- PAN-OS 10.2.9-h14 Addressed Issues
- PAN-OS 10.2.9-h11 Addressed Issues
- PAN-OS 10.2.9-h9 Addressed Issues
- PAN-OS 10.2.9-h1 Addressed Issues
- PAN-OS 10.2.9 Addressed Issues
-
- PAN-OS 10.2.8 Known Issues
- PAN-OS 10.2.8-h21 Addressed Issues
- PAN-OS 10.2.8-h19 Addressed Issues
- PAN-OS 10.2.8-h18 Addressed Issues
- PAN-OS 10.2.8-h15 Addressed Issues
- PAN-OS 10.2.8-h13 Addressed Issues
- PAN-OS 10.2.8-h10 Addressed Issues
- PAN-OS 10.2.8-h4 Addressed Issues
- PAN-OS 10.2.8-h3 Addressed Issues
- PAN-OS 10.2.8 Addressed Issues
-
- PAN-OS 10.2.7 Known Issues
- PAN-OS 10.2.7-h24 Addressed Issues
- PAN-OS 10.2.7-h21 Addressed Issues
- PAN-OS 10.2.7-h19 Addressed Issues
- PAN-OS 10.2.7-h18 Addressed Issues
- PAN-OS 10.2.7-h16 Addressed Issues
- PAN-OS 10.2.7-h12 Addressed Issues
- PAN-OS 10.2.7-h8 Addressed Issues
- PAN-OS 10.2.7-h6 Addressed Issues
- PAN-OS 10.2.7-h3 Addressed Issues
- PAN-OS 10.2.7-h1 Addressed Issues
- PAN-OS 10.2.7 Addressed Issues
PAN-OS 10.2.3 Addressed Issues
PAN-OS® 10.2.3 addressed issues.
Issue ID | Description |
---|---|
PAN-231823
|
A fix was made to address CVE-2024-5916.
|
PAN-209275
|
Fixed an issue where Override cookie authentication into the
GlobalProtect gateway failed when an allow list was configured under
the authentication profile.
|
PAN-201627 | Fixed an issue in next-generation firewall
deployments where, when SD-WAN was configured, the dataplane restarted
if all SD-WAN member links were down due to an out-of-memory (OOM)
condition or during a reboot when all SD-WAN tunnels were down. |
PAN-200771 | Fixed an issue where syslog-ng was
unable to start due to a design change in the syslog configuration
file. |
PAN-199654 | Fixed an issue where ACC reports did not
work for custom RBAC users when more than 12 access domains were
associated with the username. |
PAN-199311 | Fixed an issue where the Log Forwarding
Card (LFC) failed to forward logs to the syslog server. |
PAN-199099 | Fixed an issue where, when decryption was
enabled, Safari and Google Chrome browsers on Apple Mac computers
rejected the server certificate created by the firewall because
the Authority Key Identifier was copied from the original server
certificate and did not match the Subject Key Identifier on the
forward trust certificate. |
PAN-198733 | (PA-5450 firewalls only) Fixed
an issue where dmin tcpdump was hardcoded
to eth0 instead of bond0. |
PAN-198332 | (PA-5400 Series only) Fixed an
issue where swapping Network Processing Cards (NPCs) caused high
root partition use. |
PAN-198266 | Fixed an issue where, when predicts for
UDP packets were created, a configuration change occurred that triggered
a new policy lookup, which caused the dataplane stopped responding
when converting the predict. This resulted in a dataplane restart. |
PAN-198244 | Fixed an issue where using the load config partial CLI
command to x-paths removed address object entries from address groups. |
PAN-197576
|
Fixed an issue where commits pushed from Panorama caused a memory
leak related to the mgmtsrvr process.
|
PAN-197484 | (PA-5400 Series firewalls) Fixed
an issue where the firewall forwarded packets to the incorrect aggregate
ethernet interface when Policy Based Forwarding (PBF) was used. |
PAN-197383 | Fixed an issue where, after upgrading to
PAN-OS 10.2 release, the firewall ran a RAID rebuild for the log
disk after ever every reboot. |
PAN-197244 | Fixed an issue on firewalls with Forward
Proxy enabled where the all_pktproc process stopped
responding due to missed heartbeats. |
PAN-196993 | Fixed an issue where an incorrect regex
key was generated to invalidate the completions cache, which caused
the configd process to stop responding. |
PAN-196953 | (PA-5450 firewalls only) Fixed
an issue where jumbo frames were dropped. |
PAN-196445 | Fixed an issue where restarting the Network
Processing Card (NPC) or the Data Processing Card (DPC) did not
bring up all the network interfaces. |
PAN-196398 | (PA-7000 Series SMC-B firewalls only)
Fixed an issue where the firewall did not capture data when the
active management interface was MGT-B. |
PAN-196227 | Fixed an issue where the logd process
stopped responding, which caused Panorama to reboot into maintenance mode. |
PAN-196005 | (PA-3200 Series, PA-5200 Series, and
PA-5400 Series firewalls only) Fixed an issue where GlobalProtect
IPSec tunnels disconnected at half the inactivity logout timer value. |
PAN-195707 | Fixed an issue on Panorama appliances configured
as log collectors where Panorama repeatedly rebooted into maintenance
mode. |
PAN-195689 | Fixed an issue where WildFire submission
logs did not load on the firewall web interface. |
PAN-195628 | Fixed an issue that caused the pan_task process to
miss heartbeats and stop responding. |
PAN-195625 | Fixed an issue where authd frequently
created SSL sessions, which resulted in an OOM condition. |
PAN-195360 | Fixed an issue with firewalls in Microsoft
Azure environments where BGP flapping occurred due to the firewall
incorrectly treating capability from BGP peering as unsupported. |
PAN-195223 | Fixed an issue where the all_pktproc process restarted
when receiving a GTPv2 Modify Bearer Request packet if the Serving
GPRS Support Node (SGSN) used the same key as the Serving Gateway
(SGW). |
PAN-195181 | Added enhancements to improve the load on
the pan_comm process during SNMP polling. |
PAN-194993
|
Fixed an issue that occurred when authenticating into GlobalProtect
with authentication override cookies and SAML where, if the cookie
was invalid, authentication did not fall back to SAML.
|
PAN-194826 | (WF-500 and WF-500-B appliances only)
Fixed an issue where log system forwarding did not work over a TLS
connection. |
PAN-194782 | Fixed an issue on Panorama where, if you
added a new local or non-local administrator account or an admin
user to a template, authentication profiles were incorrectly referenced. |
PAN-194708 | Fixed an issue where URL filtering logs (MonitorLogsURL Filtering)
incorrectly truncated a 16KB Header value and did not display the
Header values that followed the truncated 16KB header. |
PAN-194694 | Fixed an issue where multiple SNMP requests
being made to the firewall caused in the pan_comm process
to stop responding. |
PAN-194601 | Fixed an issue that caused the all_task process to
stop responding. |
PAN-194588 | (PA-7000 Series firewalls with LFCs
(Log Forwarding Cards), PA-7050 firewalls with SMC-B (Switch Management
Cards), and PA-7080 firewalls only) Fixed an issue where the logrcvr_statistics output
was not recorded in mp-monitor.log. |
PAN-194481 | Fixed an issue in ESXi where the bootstrapped
VM-Series firewalls with the Software Licensing Plugin had :xxx appended
to their hostnames. |
PAN-194408 | Fixed an issue where, when policy rules
had the apps that implicitly depended on web browsing configured
with the service application default, traffic did not
match the rule correctly. |
PAN-194406 | Fixed an issue where the MTU from SD-WAN
interfaces was recalculated after a configuration push from Panorama
or a local commit, which caused traffic disruption. |
PAN-194262 | Fixed an issue where the GlobalProtect application
failed to connect when a user or group was configured under the
portal Config Selection Criteria. |
PAN-194152 | (PA-5410, PA-5420, PA-5430, and PA-5440 firewalls in HA configurations only) Fixed an
issue where HA1-A and HA1-B port information didn't match to front
panel mappings and, when one firewall was on PAN-OS 10.2.3 or a
later release and the other was on PAN-OS 10.2.2 or an earlier
release, a split-brain situation occurred. |
PAN-194129 | (PA-5450 firewalls only) Fixed
an issue where slot 2 did not use all features correctly if a DPC
was used instead of an NPC. |
PAN-194097 | Fixed an issue on firewalls in high availability
(HA) active/passive configurations where _ha_d_session_msgbuf overflowed
on the passive firewall during an upgrade, which caused the firewall
to enter a non-functional state. |
PAN-193981 | (VM-Series firewalls in Microsoft Azure
environments only) Fixed an issue where the firewall stopped
monitoring HA failure and floating IP addresses did not get moved
to the newly active firewall. |
PAN-193899 | Fixed an issue where advanced mode factory
reset (Maintenance ModeFactory ResetAdvancedselect a specific image)
was only compatible with PAN-OS 10.1.3 or later version images. |
PAN-193818 | Fixed an issue where the firewall device
server failed to resolve URL cloud FQDNs, which interrupted URL
category lookup. |
PAN-193766 | (VM-Series firewalls only) Fixed
an issue where the GlobalProtect portal was not accessible. |
PAN-193765 | Fixed an issue where commits failed the
following error displayed in the configd log: Unable to populate ids into candidate config: Error: Error populating id for 'sg2+DMZ to FirstAM Scanner-1. |
PAN-193763 | Fixed an issue on the firewall where the
dataplane CPU spiked, which caused traffic to be affected during
commits or content updates. |
PAN-193744 | (PA-3200 Series firewalls only)
Fixed an issue where, when the HA2 HSCI connection was down, the
system log displayed Port HA1-b: down instead
of Port HSCI: Down. |
PAN-193732 | (PA-5400 Series firewalls only)
Fixed an issue where the firewall incorrectly handled internal transactions. |
PAN-193707 | Fixed an issue where SAML authentication
failed during commits with the following error message: revocation status could not be verified (reason: ). |
PAN-193483 | (VM-Series firewalls only) Fixed
an issue where, during Layer-7 packet inspection where traffic was
being inspected for threat signature and data patterns, multiple
processes stopped responding. |
PAN-193392 | Fixed an issue where RTP packets dropped
due to conflicting duplicate flows. |
PAN-193251 | Fixed an issue where, when SAML was configured
as the authentication method for GlobalProtect, the SAML page did
not load when using a browser. |
PAN-193235 | Fixed an issue where duplicate log entries
were displayed on Panorama. |
PAN-193201 | Fixed an issue where auto-commits failed
after an upgrade if an imported certificate size was greater than
the size of a buffer. |
PAN-193132 | (PA-220 firewalls only) Fixed an
issue where a commit and push from Panorama caused high dataplane
CPU utilization. |
PAN-192944 | Fixed an issue where the logrcvr process
caused an OOM condition. |
PAN-192739 | Fixed an issue where the error message Machine Learning found virus was
displayed in threat CSV logs as Threat ID/Name when
WildFire Inline ML detected malware. |
PAN-192726 | Fixed an issue where the firewall dropped
TCP traffic inside IPSec tunnels. |
PAN-192673 | (PA-7050-SMC-B firewalls only)
Fixed an issue where the LFC syslog-ng service failed to start after
an upgrade. |
PAN-192666 | (VM-Series firewalls only) Fixed
an issue where uploading certificates via API failed within the
first 30 minutes of a bootstrap. |
PAN-192551 | (PA-5400 Series firewalls only)
Fixed an issue where the firewall incorrectly processed path monitoring
packets. |
PAN-192404 | Fixed an issue where ARP broadcasts occurring
in the same time interval and network segment as HA path monitoring
pings triggered an ARP cache request, which prevented the firewall
from sending ICMP echo requests to the monitored destination IP
address and caused an HA path monitoring failover. |
PAN-192330 | (Bootstrapped VM-Series firewalls in
Microsoft Azure environments only) Fixed an issue where the
firewall did not automatically receive the Strata Logging Service license. |
PAN-192052 | Fixed an issue where, when next hop MAC
address entries weren't found on the offload processor for active
traffic, update messages flooded the firewall, which caused resource
contention and traffic disruption. |
PAN-191874 | Fixed an issue where monthly scheduled reports
did not display information after upgrading to PAN-OS 10.2.0. |
PAN-191847 | Fixed an issue where the Panorama appliance
was unable to generate scheduled custom reports due to the large
number of files stored in the opt/pancfg/mgmt/custom-reports directory. |
PAN-191726 | Fixed an issue where an SCP export of the
device state from the firewall added single quotes ( ' ) to the
filename. |
PAN-191558 | Fixed an issue where, after an upgrade to
PAN-OS 10.1.5, Global Find did not display all results related to
a searched item. |
PAN-191269 | Fixed an issue where the NAT pool leaked
for passive mode FTP predict sessions. |
PAN-191222 | Fixed an issue where Panorama became inaccessible
when after a push to the collector group. |
PAN-191218 | (PA-5400 Series firewalls only)
Fixed an issue where the session log storage quota could not be
changed via the web interface. |
PAN-191216 | Fixed an issue where, on Apple iOS devices,
SAML authentication did not connect to the GlobalProtect portal. |
PAN-191214 | Fixed an issue where the Elasticsearch process
stopped responding, which caused an OOM condition. |
PAN-190657
|
Fixed an issue where IPSec tunnels did not rekey due to the security
association being deleted too early.
|
PAN-190448 | Fixed an issue in ACC reports where IPv6
addresses were displayed instead of IPv4 addresses. |
PAN-189894 | Fixed an issue with the web interface where
the template stack didn't show inherited values of Template
> Authentication Portal Settings. |
PAN-189861 | Fixed an issue on firewalls in HA configurations
where intermittent system alerts on the active firewall caused the pan_comm process
to restart continuously. |
PAN-189859 | Fixed an issue on the firewall where an
administrator was unable to Import Custom URL Category Content. |
PAN-189762 | Fixed an issue where a predict session didn't
match with the traffic when both source NAT and destination NAT
were enabled. |
PAN-189723 | Fixed an issue where you were unable to
configure dynamic address groups to use more than 64,000 IP addresses
in a Security policy. |
PAN-189414 | Fixed an issue where TCP packets were dropped
during the first zone transfer when DNS security was enabled. |
PAN-189304 | Fixed an issue where the Panorama appliance
didn't display logs or generate reports for a device group containing
MIPs platform that forwarded logs to Strata Logging Service. |
PAN-189270 | Fixed an issue that caused a memory leak
on the reportd process. |
PAN-189225 | Fixed an issue where BGP routes were lost
or uninstalled after disabling jumbo frames on the firewall. |
PAN-189114 | Fixed an issue where the dataplane went
down, which caused an HA failover. |
PAN-188867 | Fixed an issue where the firewall dropped
packets when the session payload was too large. |
PAN-188489 | (VM-Series firewalls only) Fixed
an issue where dynamic content updates weren't automatically pushed
to the firewall licensed using the Panorama Software Firewall License
plugin when Automatically push content when software
device registers to Panorama (PanoramaTemplatesAdd Stack)
was enabled. |
PAN-188338 | Fixed an issue where canceling a commit
caused the commit process to remain at 70% and the firewall had
to be rebooted. |
PAN-188303 | Fixed an issue where the serial number displayed
as unknown after running the show system state CLI command. |
PAN-188096 | (VM-Series firewalls only) Fixed
an issue where, on firewalls licensed with Software NGFW Credit
(VM-FLEX-4 and higher), HA clustering was unable to be established. |
PAN-187985 | Fixed an issue where you were unable to
configure a QoS Profile as percentage for Clear Text Traffic. |
PAN-187890 | Fixed an issue where the Strata Logging Service
connection incorrectly displayed as disconnected when a service
route was in use. |
PAN-187805 | Fixed an issue where a process (all_pktproc) stopped
responding and the dataplane restarted during certificate construction
or destruction. |
PAN-187476 | Fixed an issue where, when hip-redistribution
is enabled, Panorama doesn't display a part of HIP information. |
PAN-187234
|
Fixed an intermittent issue where web pages submitted for analysis by
Advanced URL Filtering cloud inline categorization experienced high
latency.
|
PAN-186891 | Fixed an issue where NetFlow packets contained
incorrect octet counts. |
PAN-186418 | Fixed an issue where Panorama displayed
a discrepancy in RAM configured on the VMware host. |
PAN-186134 | Fixed an issue on Panorama where performing
a commit and push intermittently failed to push the committed configuration
to managed firewalls. |
PAN-186075 | (VM-Series firewalls only) Fixed
an issue where the firewall rebooted after receiving large packets
while in DPDK mode on Azure virtual machines running CX4 (MLx5)
drivers. |
PAN-185787 | Fixed an issue where logging in to the Panorama
web interface did not work and the following error message displayed: Timed out while getting config lock. Please try again. |
PAN-185283 | Fixed an issue on Panorama where using the name-of-threatid contains log4j filter
didn't produce expected results. |
PAN-184702 | (M-700 appliances in Log Collector mode
only) Fixed an issue on the Panorama management server where
the Panorama appliance failed to connect to Panorama when added
as a managed log collector. |
PAN-184068 | (PA-5200 Series firewalls only)
Fixed an issue where the firewall generated pause frames, which
caused network latency. |
PAN-183788 | Fixed an issue with SCEP certificate enrollment
where the incorrect Registration Authority (RA) certificate was
chosen to encrypt the enrollment request. |
PAN-185750 | Updated an issue to eliminate failed pan_comm software
issues that caused the dataplane to restart unexpectedly |
PAN-183270 | Fixed an issue where a bootstrapped firewall
connected only to the first log collector in a log collector group. |
PAN-183184 | Fixed an issue where enabling SSL decryption
with a Hardware Security Model (HSM) caused a dataplane restart. |
PAN-183166 | Fixed an issue where system, configuration,
and alarm logs were queued up on the logrcvr process
and were not forwarded out or written to disk until an autocommit
was passed. |
PAN-182689
|
Fixed an issue where a signature from a previous WildFire package
triggered virus detection even though the signature was no longer
present in the current WildFire package.
|
PAN-182539 | Fixed an issue with Panorama appliances
in HA configurations where dedicated log collectors did not send
local system or configuration logs to both Panorama appliances. |
PAN-182212 | Fixed an issue where SNMP reported the panVsysActiveTcpCps and panVsysActiveUdpCps value
to be 0. |
PAN-181277 | Fixed an issue where VPN tunnels in SD-WAN
flapped due to duplicate tunnel IDs. |
PAN-179543 | Fixed an issue where the flow_mgmt process stopped
responding when attempting to clear the session table, which caused
the dataplane to restart. |
PAN-179258 | Fixed an issue where system disk migration
failed. |
PAN-178243 | Fixed an issue where Shared Gateway was
not visible in the Virtual System drop down
when configuring a Layer3 aggregate subinterface. |
PAN-178194 | Fixed an issue with the web interface where,
when only the Advanced URL Filtering license was activated, the
message License required for URL filtering to function was
incorrectly displayed and the URL Filtering Profile >
Inline ML section was disabled. |
PAN-177482 | Fixed an issue where ACC > App
Scope > Threat Monitor showed NO DATA TO DISPLAY. |
PAN-172501 | Fixed an issue where you were unable to
revert HA mode settings to the default values from the web interface. |
PAN-171714 | Fixed an issue where, when NetBIOS format
(domain\user) was used for the IP address-to-username mapping and
the firewall received the group mapping information from the Cloud
Identity Engine, the firewall did not match the user to the correct
group. |
PAN-157215 | Fixed an issue that occurred when two FQDNs
were resolved to the same IP address and were configured as the
same src/dst of the same rule. If one FQDN was later resolved to
a different IP address, the IP address resolved for the second FQDN
was also changed, which caused traffic with the original IP address
to hit the incorrect rule. |
PAN-151469 | Fixed an issue where packets were dropped
unexpectedly due to errors parsing the IP version field. |