PAN-OS 10.2.8 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
PAN-OS 10.2.8 Addressed Issues
PAN-OS 10.2.8 addressed issues.
Issue ID | Description |
---|---|
PAN-240596
|
Fixed an issue where all_task stopped responding due to
an invalid memory address.
|
PAN-242561 | Fixed an issue where GlobalProtect tunnels disconnected shortly after being established when SSL was used as the transfer protocol.
|
PAN-240197 | Fixed an issue where configuration changes made in Panorama and pushed to the firewall weren’t
reflected on the firewall.
|
PAN-240174 |
Fixed an issue where, when LSVPN serial numbers and IP address authentication were enabled, IPv6
address ranges and complete IPv6 addresses that were manually added
to the IP address allow or exclude list were not usable after a
restart of the gp_broker process or the firewall.
|
PAN-239241 | Extended the root certificate for WildFire appliances to December 31, 2032.
|
PAN-239144 | Fixed an issue where the web interface was slower than expected when logging in, committing, and pushing changes after upgrading to PAN-OS 10.2.7.
|
PAN-237876 | Extended the firewall Panorama root CA certificate which was previously set to expire on April 7th, 2024.
|
PAN-237871 | (WF-500 appliances and PAN-DB private cloud deployments only) Fixed an issue where the root-cert was set to expire on December 31, 2023. With this fix, the expiration date has been extended.
|
PAN-237454
|
Fixed an issue where Panorama stopped redistributing IP
address-to-username mappings when packet loss occurred between the
distributor and the client.
|
PAN-236244 | Fixed an issue where you were unable to select authentication profiles via the web interface.
|
PAN-236233 | Fixed an issue where SNMP reports displayed incorrect values for SSL Proxy sessions and SSL Proxy utilization.
|
PAN-235741 | Fixed an issue where DNS resolution failed for Panorama and firewall plugins if the DNS Server IP
address was obtained through DHCP.
|
PAN-235737 | Fixed an issue where the brdagent process stopped responding due to a sudden increase in logging to the bcm.log.
|
PAN-235628 | Fixed an issue where you weren’t prompted for login credentials when you disconnected and
connected back to the GlobalProtect portal when SAML authentication
was selected along with single sign-on (SSO) and Single Log Out
(SLO).
|
PAN-235557
|
Fixed an issue where uploads from tunnels, including GlobalProtect,
were slower than expected when the inner and outer sessions were on
different dataplanes.
|
PAN-234852 | Fixed an issue where DLP logs for the Salesforce application had a report ID of 0 and did not include missing information such as file type, file hash, and the reason for data filtering.
|
PAN-234279 | Fixed an issue where the ikemgr process crashed due to an IKEv1 timing issue, which caused commits to fail with the following error message: Client ikemgr requesting last config in the middle of a commit/validate, aborting current commit.
|
PAN-233954 | Fixed an issue where the firewall was unable to retrieve correct groups from the LDAP server.
|
PAN-233207 | Fixed an issue where the configd process stopped responding when a partial configuration revert operation was performed.
|
PAN-233191 | (PA-5450 firewalls only) Fixed an issue where the Data Processing Card (DPC) restarted due to path monitor failure after QSFP28 disconnected from the Network Processing Card (NPC).
|
PAN-232377 | Fixed an issue where the AddrObjRefresh job failed when the useridd process restarted.
|
PAN-232358 | (PA-5450 firewalls only) Fixed an issue where the interface on QSFP28 ports did not go down when the Tx cable was removed from the QSFP28 module.
|
PAN-232250
|
Fixed an issue where, when SSH service profiles for management access
was set to None, the reported output was
incorrect.
|
PAN-231771 | Fixed an issue where the firewall issued /box/getserv/ requests with PAN-OS 7.1.0 and did not take device certificates.
|
PAN-231698 | Fixed an issue where you were unable to set the Dynamic Updates schedule threshold to an empty
value.
|
PAN-231658 | Fixed an issue where DNS resolution failed when interfaces were configured as DHCP and a DNS server was provided via DHCP while also statically configured with DNS servers.
|
PAN-231552 | Fixed an issue where traffic returning from a third-party Security chain was dropped.
|
PAN-231459 | (PA-5450 firewalls only) Fixed an issue where a large number of invalid source MAC addresses were shown in drop-stage packet captures.
|
PAN-231422 | Fixed an issue where you were unable to configure more than 256 scheduled objects on the firewall.
|
PAN-231329 | Fixed an issue where the logrcvr process stopped responding due to a corrupt log in the forwarding pipeline.
|
PAN-230813 | Fixed an issue where flex memory leak caused decryption failure and commit failure with the error
message Error preparing global objects failed to
handle CONFIG_UPDATE_START.
|
PAN-230656 | (Firewalls in HA configurations only) Fixed an issue where a split brain condition occurred on both firewalls after booting up any firewall, and an HA switchover occurred after booting up a firewall with a higher HA priority even when no preemptive option was enabled on the firewall.
|
PAN-230377
|
Fixed an issue where FEC support was not enabled by default for
PAN-SFP28-25GBASE-LR modules.
|
PAN-230362 | Fixed an issue where the firewall truncated the payload of a TCP Out of Order segment with a FIN flag.
|
PAN-230359
|
Fixed an issue where SAML authentication failed with the error
message Failed to verify signature against
certificate when
ds:KeyName was in the IdP
metadata.
|
PAN-230106 | Fixed an issue where the firewall was unable to retrieve the most current external dynamic list information from the server due to hostname resolution failure.
|
PAN-230092 | Fixed an issue where the routed process stopped responding when committing
routing-related changes if Advanced Routing was enabled.
|
PAN-230039 | Fixed an issue where migrating from an Enterprise License Agreement (ELA) to a Flexible VM-Series License failed with a deactivation error message.
|
PAN-229952 | Fixed an issue where the the print PDF option did not work
(Panorama > Managed Devices >
Health).
|
PAN-229315 | Fixed an issue where Octets in NetFlow records were always reported to be 0 despite having a non-zero packet count.
|
PAN-229307 | Fixed an issue where half closed SSL decryption sessions stayed active, which caused software packet buffer depletion.
|
PAN-229080 | Fixed an issue where the new management IP address on the interface did not take effect.
|
PAN-229069 | Fixed an issue where clientless VPN portal users were unable to access clientless applications due to an SSL renegotiation being triggered.
|
PAN-228820 | A CLI command was added to address an issue where long-lived sessions aged out even when there
was ongoing traffic.
|
PAN-228442 | Fixed an issue on firewalls in active/passive HA configurations where sessions did not fail over from the active firewall to the passive firewall when upgrading PAN-OS.
|
PAN-228342 | Fixed an issue where objects in the running configuration appeared to be deleted under the push scope preview.
|
PAN-228323 | Fixed an issue where a large number of Panorama management server cookies were created in the Redis database when the Cloud-Service plugin sent an authentication request every second, and logging in to or using Panorama was slower than expected.
|
PAN-228277 | Fixed an issue where commits took longer than expected.
|
PAN-228273 | (Panorama appliances in FIPS-CC mode only) Fixed an issue where the Elasticsearch cluster did not come up, and the show log-collector-es-cluster health CLI command displayed the status as red. This caused log ingestion issues for Panorama appliances in Panorama mode or Log Collector mode.
|
PAN-227804 | Fixed an issue where memory corruption caused the comm process to stop responding.
|
PAN-227774 | Fixed an issue where commits failed with the error message Management server failed to send phase 1 to client logrcvr.
|
PAN-227641 | Fixed an issue where Preview Changes and Change Summary when saving changes did not open a new window when clicked.
|
PAN-227522 | Fixed an issue where shared application filters that had application object overrides were overwritten by predefined applications.
|
PAN-227397
|
Fixed an issue where selective pushes on Panorama removed a
previously pushed configuration from the firewalls.
|
PAN-227233 | Fixed an issue where the combination signature aggregation criteria in a Vulnerability Protection
profile was incorrectly blank even though a value was set.
|
PAN-227058 | Fixed an issue where traffic did not match Security policy rules with the destination as FQDN and instead hit the default deny rule.
|
PAN-226935 | Fixed an issue where autocommits failed due to duplicate application name entries.
|
PAN-226860 | Fixed an issue where macOS X-Auth clients disconnected prematurely from the GlobalProtect gateway
during a Phase 2 re-key event.
|
PAN-226768
|
Fixed an issue where, when the GlobalProtect app was installed on iOS
endpoints and the gateway was configured to accept cookies, the app
remained in the Connecting stage after
authentication, and the GlobalProtect log displayed the error
message `User is not in allow list`. This occurred when the app was
restarted or when the app attempted to reconnect after
disconnection.
|
PAN-226769
|
Fixed an issue where ElasticSearch used more memory than
expected.
|
PAN-226489 | Fixed an issue where Panorama was unable to push scheduled Dynamic Updates to firewalls with the
error message Failed to add deploy job. Too many (30)
deploy jobs pending for device.
|
PAN-226418 | A CLI command was added to address an issue where long-lived sessions aged out even when there was ongoing traffic.
|
PAN-226260 | Fixed an issue where support for CBC ciphers with some authentication algorithms was only available in FIPS mode.
|
PAN-225920 | Fixed an issue where duplicate predict sessions did not release NAT resources.
|
PAN-225228 | Fixed an issue where filtering Threat logs using any value under THREAT
ID/NAME displayed the error Invalid
term.
|
PAN-225169 | Added a CLI command to view Strata Logging Service queue usage.
|
PAN-225110 | Fixed an issue with firewalls in HA configurations where HA configuration syncs did not complete
or logging data was missing until firewall processes were manually
restarted or the firewalls were rebooted.
|
PAN-225094
|
Fixed an issue where performing a commit operation failed and the
following error message was displayed: failed to
handle CUSTOM_UPDATE.
|
PAN-225082 | Fixed an issue where GlobalProtect quarantine-delete logs were incorrectly shown on passive firewalls.
|
PAN-225013 | (PA-5450 firewalls only) Fixed an issue where the firewall rebooted unexpectedly when a Network Card was on Slot 2 instead of a DPC.
|
PAN-224955 | Fixed an issue where the devsrvr process stopped responding when zone protection had
more than 255 profiles.
|
PAN-224772 | Fixed a high memory usage issue with the mongodb process that caused an OOM condition.
|
PAN-224656 | Fixed an issue where the devsrvr process caused delays when Dynamic Address Groups
with large entry lists were being processed during a commit, which
caused commits to take longer than expected.
|
PAN-224405 | Fixed an issue where the distributord process repeatedly stopped responding.
|
PAN-224354 | Fixed an issue where a memory leak related to the distributord process occurred when connections flapped for IP address-to-username mapping redistribution.
|
PAN-224036 | (PA-5450 firewalls only) Fixed an issue where a firewall with QoS configured wasn't able
to send packets out of its interfaces after a reboot.
|
PAN-223855 | Fixed an issue where the show running ippool CLI command output
displayed incorrect used and available NAT IP address pools on DIPP
NAT policy rules in multidataplane firewalls.
|
PAN-223852 | Fixed an issue where all_pktproc stopped responding when network packet broker or decryption broker chains failed.
|
PAN-223741 | Fixed an issue where the mprelay process stopped responding, which caused a slot restart when another slot rebooted.
|
PAN-223481 | (PA-5450 firewalls only) Fixed an issue where the all_pktproc process stopped responding when the firewall was on PAN-OS 10.1.9-h3 or a later release.
|
PAN-223457 | Fixed an issue where, if the number of group queries exceeded the Okta rate limit threshold, the firewall cleared the cache for the groups.
|
PAN-223271 | Fixed an issue where the file transfer of large zipped and compressed files had the App-ID unknown-tcp.
|
PAN-223263 | Fixed an issue on the web interface where the system clock for Mexico_city was displayed in CDT instead of CST on the management dashboard.
|
PAN-223259 | Fixed an issue where selective pushes failed with the error Failed to generate selective push configuration. Unable to retrieve last in-sync configuration for the device, either a push was never done or version is too old. Please try a full push.
|
PAN-223094 | Fixed an issue where fragmented TCP traffic was dropped due to an IP address ID conflict over the SD-WAN tunnel.
|
PAN-222941 | Fixed an issue where viewing the latest logs took longer than expected due to log indexer failures.
|
PAN-222533 | (VM-Series firewalls on Microsoft Azure and Amazon Web Services (AWS) environments)
Added support for HA link monitoring and path monitoring.
|
PAN-222500 | Fixed an issue where an old configuration unexpectedly merged during a push from Panorama.
|
PAN-222418 | Fixed an issue where the firewall intermittently recorded a reconnection message to the authentication server as an error, even if no disconnection occurred.
|
PAN-222253 | Fixed an issue on Panorama where policy rulebase reordering under View Rulebase by
Groups (Policy<policy-rulebase>) did not persist if you reordered the policy rulebase
by dragging and dropping individual policy rules and then moved the
entire tag group.
|
PAN-222089 | Fixed an issue where you were unable to context switch from Panorama to the managed device.
|
PAN-221938 | Fixed an issue with network packet broker sessions where the broker session and primary session
timeouts were out of sync, which caused traffic drops if the broker
session timed out when the primary session was still active.
|
PAN-221857
|
Fixed an issue where users were unable to log in to the GlobalProtect
app using SAML authentication after upgrading to PAN-OS 10.2.3-h4,
and the GlobalProtect logs displayed the following error message:
Username from SAML SSO response is different from
the input.
|
PAN-221763 | Fixed an issue on the web interface where text overlapped when editing address and prefix values using Firefox.
|
PAN-221577 | Fixed an issue where a static route for a branch or hub over the respective virtual interface
wasn't installed in the routing table even when the tunnel to the
branch or hub was active.
|
PAN-221316 | Fixed an issue where the useridd process memory consumption increased significantly,
which caused the process to stop responding and the device to
restart.
|
PAN-221208 | Fixed an issue where the tunnel monitor was unable to remain up when zone protection with Strict
IP was enabled and NAT Traversal was applied.
|
PAN-221003 | Fixed an issue where you were unable to uncheck firewalls in HA configurations from the device group when Group HA Peers was enabled.
|
PAN-220790 | Fixed an issue where the reportd process stopped responding, which caused Panorama to restart.
|
PAN-220659 | Fixed an issue on the firewall where scheduled antivirus updates failed when external dynamic
lists were configured on the firewall.
|
PAN-220640 | (PA-220 firewalls only) Fixed an issue where the firewall CPU percentage was miscalculated, and the values that were displayed were incorrect.
|
PAN-220180 | Fixed an issue where configured botnet reports (Monitor > Botnet)
weren’t generated.
|
PAN-219813 | Fixed an issue where the configuration log displayed incorrect information after a multi-device group Validate-all operation.
|
PAN-219768 | Fixed an issue where you were unable to filter data filtering logs with Threat
ID/NAME for custom data patterns created over
Panorama.
|
PAN-219644 | Fixed an issue where firewalls that forwarded logs to a syslog server over TLS (Objects > Log Forwarding) used the default Palo Alto Networks certificate instead of the configured custom certificate.
|
PAN-219585 | Fixed an issue where enabling syslog-ng debugs from the root caused 100% disk utilization.
|
PAN-219415 | Fixed an issue where BGP routes were installed in the routing table even when the option to install routes was disabled in the configuration.
|
PAN-219300 | Fixed an issue where the task manager displayed only limited data.
|
PAN-219260 | (M-Series appliances only) Fixed an issue where the management interface flapped due to low memory reserved for kernel space.
|
PAN-219241
|
Fixed an issue where web content for a failed SAML login had
readability and functionality issues for the GlobalProtect app.
|
PAN-219137 | (CN-Series firewalls only) Fixed an issue where firewalls did not upload files to the WildFire public cloud.
|
PAN-218928 | Fixed an issue where the reportd process stopped responding after querying logs or
generating ACC reports with some filters.
|
PAN-218671 |
Fixed an issue on Panorama where commits failed after downgrading the
SD-WAN plugin.
|
PAN-218663 and PAN-181876
| A fix was made to address CVE-2024-2433. |
PAN-218611 | Fixed an issue where the device telemetry region wasn't updated on the firewall when pushed from
the Panorama template stack.
|
PAN-218555 | Fixed an issue where the firewall did not receive dynamic address updates pushed from Panorama during initial registration to Panorama.
|
PAN-218352 | Fixed an issue where Panorama was slower than expected when WildFire deployment was scheduled every minute to a large number of devices.
|
PAN-218331 | Fixed an issue where you were unable to export or download packet captures from the firewall when context switching from Panorama.
|
PAN-218273 | Fixed an issue where TCP keepalive packets from the client to the server weren't forwarded when SSL decryption was enabled.
|
PAN-218238 | Fixed an issue where you were unable to create a file exception (Monitor > Threat Log > Detailed Log view > Create Exception), and the following error message was displayed: no antivirus profile corresponding to threat log.
|
PAN-218119 | Fixed an issue where the firewall transmitted packets with an incorrect source MAC address during commit operations.
|
PAN-217831 | Fixed an issue memory leak issue related to the logd process that occurred due to a sysd object not being released.
|
PAN-217728 | Fixed an issue where uploading a certificate in a manual configuration option for SafenetHSM failed.
|
PAN-217674
|
Fixed an issue where RADIUS authentication failed when the
destination route of the service route was configured with an IPv4
address with more than 14 characters.
|
PAN-217541 | Fixed an issue where the useridd process stopped responding after a restart when HIP redistribution was enabled.
|
PAN-217510 | Fixed an issue where inbound DHCP packets received by a DHCP client interface that weren’t
addressed to itself were silently dropped instead of forwarded.
|
PAN-217493 | Fixed an issue where superusers with read-only privileges were unable to view SCEP object configurations.
|
PAN-217280 | Fixed an issue where, when Advanced Routing was enabled, the routed process stopped responding during booting up.
|
PAN-217272 | Fixed an issue where the DNS proxy log included an excessive number of the following error
message: Warning: pan_dnsproxy_log_resolve_fail:
Failed to resolve domain name ** AAAA after trying all attempts
to name servers
|
PAN-217241 | Fixed an issue where predict session conversion failed for RTP and RTCP traffic.
|
PAN-217064 | Fixed an issue where commits took longer than expected when the DLP plugin was configured.
|
PAN-217024 | Fixed an issue where fetching device certificates failed for internal DNS servers with the error message ERROR Error: Could not resolve host: certificate.paloaltonetworks.com.
|
PAN-216647 | Fixed an issue where the sysd node was updated at incorrect times.
|
PAN-216214 | (Panorama managed firewalls in active/active HA configurations only) Fixed an issue where the HA status displayed as Out of Sync (Panorama > Managed Devices > Health) if local firewall configurations were made on one of the HA peers. This caused the next HA configuration sync to overwrite the local firewall configuration made on the HA peer.
|
PAN-216101 | Fixed an issue where a memory leak related to a process and LLDP packet processing caused an OOM condition on the firewall.
|
PAN-215857 | Fixed an issue where the option to reboot the entire firewall was visible to vsys admins.
|
PAN-215583 | Fixed an issue on firewalls in HA configurations where the primary firewall went into a
non-functional state due to a timeout in the
pan_comm logs during the
policy-based forwarding (PBF) parse, which caused an HA
failover.
|
PAN-215576 | Fixed an issue where the userID-Agent and TS-Agent certificates were set to expire on November 18, 2024. With this fix, the expiration date has been extended to January 2032.
|
PAN-215436 | Fixed an issue with the web interface where the latest logs took longer than expected to display under Monitor.
|
PAN-215082
|
(M-300 and M-700 appliances only) Fixed an issue where
Panorama generated erroneous system logs (MonitorLogsSystem) to alert that the appliance memory usage limit was
reached.
|
PAN-214987 | Fixed an issue where Application Filter names weren’t random, and they
matched or included internal protocol names.
|
PAN-214942 | Fixed an issue where SD-WAN UDP traffic failed over to a non-member path after a flap of an SD-WAN virtual interface.
|
PAN-214847 | Fixed an issue where, when certificate authentication for admin user authentication was enabled, vulnerability scans that used usernames or passwords against the management interface reported a vulnerability due to a missing HSTS header in the Access Denied response page.
|
PAN-214773 | Fixed an issue where RTP packets traversing intervsys were dropped on the outgoing vsys.
|
PAN-214558 | Fixed an issue where overriding a Layer2/vwire subinterface on Panorama caused other subinterfaces to disappear.
|
PAN-214336 | Fixed an issue where ICMPv6 unreachable messages were sent with an unspecified source address ( :: ) for VLAN interfaces.
|
PAN-213956 | Fixed an issue where the firewall interface did not go down even after the peer link/switch port went down.
|
PAN-213918
|
Fixed an issue where mlav-test-pe-file.exe was not detected by
WildFire Inline ML.
|
PAN-213491 | Fixed an issue where the management CPU was high, which caused the web interface to be slower than expected.
|
PAN-213173 | Fixed an issue where Preview Changes under Scheduled Pushes did not launch the Change Preview window.
|
PAN-213112 | Fixed an issue where executing the show report directory-listing CLI command resulted in no output after upgrading to a PAN-OS 10.1 release.
|
PAN-213103 | Fixed an issue where Clientless VPN access failed with the error message
temporarily unavailable when
accessing the Clientless VPN bookmarked application from the
identity provider application portal.
|
PAN-212932 | Fixed an issue where the firewall went into a restart loop with the following error message: failed to get mgt settings candidate: configured traffic quota of 0 MB is less than the minimum 32 MB.
|
PAN-212877 | Fixed an issue where a race condition caused log flooding, which caused the firewall to go into an unresponsive state.
|
PAN-212770 | Fixed an issue on the firewall where the WildFire file size limit value did not match on the web interface and the CLI.
|
PAN-212580 | (PA-7050 firewalls only) Fixed an issue where disk space filled up due to files under /opt/var/s8/lp/log/pan/ not being properly deleted.
|
PAN-211945 | Fixed an issue where URL Filtering system logs showed the error message CURL ERROR: bind failed with errno 124: Address family not supported by protocol even though the PAN-DB cloud was connected.
|
PAN-211827 | Fixed an issue where Dynamic Updates failed with the following error message:
CONFIG_UPDATE_INC: Incremental update to DP failed
please try to commit force the latest config.
|
PAN-211821 | Fixed an issue on firewalls in HA configurations where committing changes after disabling the QoS
feature on multiple Aggregate Ethernet (AE) interfaces caused the
dataplane to go down.
|
PAN-211384 | Fixed an issue where the size of the redisthost_1 in the Redis database continuously increased, which caused an OOM condition.
|
PAN-210234 | Fixed a REST API call to query the template stack configuration did not return the template stack variables or device variables.
|
PAN-208438 | Fixed an issue on Panorama where Security policy rules incorrectly displayed as disabled.
|
PAN-208395 | Fixed an issue where user authentication failed in multi-vsys environments with the error message User is not in allowlist when an authentication profile was created in a shared configuration space.
|
PAN-207577 | Fixed an issue where Panorama > Setup > Interfaces wasn't accessible
for users with custom admin roles even when the interface option was
selected for the custom admin roles.
|
PAN-207003 | Fixed an issue where the logrcvr process NetFlow buffer wasn't reset which resulted
in duplicate NetFlow records.
|
PAN-206325 | Fixed an issue where a renamed object was still referenced with the previous name in a Security policy rule, which caused commit failures when using edit API to create the rule.
|
PAN-206041 | (PA-7050 firewalls only) Fixed an issue where the ikemgr process stopped responding.
|
PAN-204808 | (PA-400 Series, PA-1400 Series, PA-3400 Series, and PA-5400 Series firewalls only) Fixed an issue where executing the CLI command show running resource-monitor ingress-backlogs displayed the error message Server error : Dataplane is not up or invalid target-dp(*.dp*)
|
PAN-204663
|
Fixed an issue on Panorama where you were unable to context switch
from one managed firewall to another.
|
PAN-202008 | Fixed an issue where Traffic logs exported to CSV files contained inaccuracies and weren’t
complete.
|
PAN-201269 | Fixed an issue where commits failed with the error message IPv6 addresses are not allowed because IPv6-firewalling is disabled when Security policy rules had an address group with more than 1000 FQDN address objects.
|
PAN-198190 | (VM-Series firewalls only) Fixed an issue where the MTU on the management interface
couldn’t be configured to a value greater than 1500.
|
PAN-197189 | Fixed an issue where the RST packet wasn't sent to the client when decrypted HTTP/2 traffic was
detected by custom vulnerability signatures with action
reset-both.
|
PAN-196146 | (VM-Series firewalls only) Fixed an issue where hostname validation failed due to the firewall not taking the hostname provided in init.cfg.
|
PAN-193484 | Fixed an issue where DNS failed if the domain name started with a period.
|
PAN-192318 | Fixed an issue where executing the CLI command show rule-hit-count device-group displayed the error message Server error : show rule hit count op-command failed.
|
PAN-186957 | Fixed an issue where, in SAML Metadata Export, a drop-down did not appear in the input field when IP or Hostname was selected for Type.
|
PAN-185286 | (PA-5400 Series firewalls only) Fixed an issue on Panorama where device health resources did not populate.
|
PAN-181706 | Fixed an issue where the logrcvr process stopped responding after upgrading to PAN-OS 10.1.
|
PAN-179952 | Fixed an issue on Panorama where not all categories were displayed under Log settings.
|
PAN-179260 | Fixed an issue where admins and other superusers were unable to remove a commit lock that was
taken by another admin user with the format <domain/user>. As
a result, deleting the commit lock failed.
|
PAN-175642 | Fixed an issue where system logs to alert for support license expiry weren’t generated.
|
PAN-98605 | Fixed an issue where audit comments did not appear in the audit comments archive.
|