PAN-OS 10.0.10 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
End-of-Life (EoL)
PAN-OS 10.0.10 Addressed Issues
PAN-OS® 10.0.10 addressed issues.
Issue ID | Description |
---|---|
PAN-190175 and PAN-190223 | A fix was made to address an OpenSSL infinite
loop vulnerability in the PAN-OS software (CVE-2022-0778). |
PAN-189665 | (FIPS-CC enabled firewalls only)
Fixed an issue where the firewall was unable to connect to log collectors
after an upgrade due to missing cipher suites. |
PAN-185616 | Fixed an issue where the firewall sent fewer
logs to the system log server than expected. With this fix, the
firewall accommodates a larger send queue for syslog forwarding
to TCP syslog receivers. |
PAN-185163 | Fixed an issue where the distributord process
hit the FD limit, which caused User-ID redistribution to not function properly. |
PAN-184693 | Fixed an issue that caused the slotd process
to stop responding due to an incorrect response from etcd lock API. |
PAN-183862 | Fixed an issue where, after a CN-NGFW pod
failed-over to the second CN-MGMT pod, the configuration was not
synchronized between the new CN-MGMT pod and the CN-NGFW pod. |
PAN-183774 | Fixed an memory leak issue in the mgmtsrvr process,
which resulted in an out-of-memory (OOM) condition and high availability
(HA) failover. |
PAN-183239 | Fixed an issue where the firewall randomly
disconnected from the WildFire URL cloud. |
PAN-182903 | Fixed an issue where SD-WAN failover on
a hub or branch in full mesh took longer than expected. |
PAN-181839 | Fixed an issue where Panorama Global Search
reported No Matches found while still returning
results for matching entries on large configurations. |
PAN-181039 | Fixed an issue with DNS cache depletion
that caused continuous DNS retries. |
PAN-181031 | Fixed an issue where the CN-NGFW (DP) folder
on the CN-MGMT pod eventually consumed a large amount of space in
the /var/log/pan because the old registered stale next-generation
firewall logs were not being cleared. |
PAN-180916 | Fixed an issue where DNS security caused
the TTL (time-to-live) value of the pointer record (PTR) to be overwritten
with a value of 30 seconds. |
PAN-179982 | Fixed an issue where an OOM condition occurred
due to quarantine list redistribution. |
PAN-179976 | Fixed an issue where the WildFire Inline
Machine Learning (ML) did not detect mlav-test-pe-file.exe when
traffic was decrypted. |
PAN-179703 | Fixed an issue where dataplane interfaces
weren't released when the secured application pods were deleted. |
PAN-179413 | Fixed an issue where GRE tunnels flapped
during commit jobs. |
PAN-179321 | A validation error was added to inform an
administrator when a policy field contained the value any. |
PAN-179274 | Fixed an issue on high availability configurations
where, after upgrading to PAN-OS 9.1.10, PAN-OS 10.0.6, or PAN-OS
10.1.0, the HA1 and HA1-Backup link stayed down. This issue occurred
when the peer firewall IP address was in a different subnet. |
PAN-179164 | Fixed an issue where a web-proxy port number
was added to the destination URL when captive portal authentication
was run. |
PAN-179059 | Fixed an issue where you were unable to
delete dynamic address groups one at a time using XML API. |
PAN-178947 | Fixed an issue where the useridd process stopped
responding when a NULL reference attempted to be dereferenced. This
issue occurred to IP address users being added. |
PAN-177907 | Fixed an issue where, after rebooting the
firewall, FQDN address objects referred in rules in a virtual system
(vsys) did not resolve when the vsys used a custom DNS proxy. |
PAN-177878 | Fixed an issue where a role-based admin
with Operational Requests enabled under the
XML API section was unable to set the License Deactivation API key. |
PAN-177626 | Fixed an issue where aggressive situations
caused on-chip descriptor exhaustion. |
PAN-177551 | A fix was made to address a vulnerability
that enabled an authenticated network-based administrator to upload
a specifically created configuration that disrupted system processes
and was able to execute arbitrary code with root privileges when
the configuration was committed (CVE-2022-0024). |
PAN-177187 | Fixed an issue where reports using the decryption
summary database and Panorama as data sources returned no results. |
PAN-177170 | Fixed an issue on Panorama where a log collector
group commit deleted the proxy settings configured on dedicated
log collectors. |
PAN-176889 | Fixed an issue where the log collector continuously
disconnected from Panorama due to high latency and a high number
of packets in Send-Q. |
PAN-176703 | Fixed an issue that occurred after upgrading
to a PAN-OS 9.0 or later release where commits to the firewall configuration
failed with the following error message: statistics-service is invalid. |
PAN-176348 | Fixed an issue where scheduled email alerts
were not forwarded to all recipients in the override list. |
PAN-175716 | Fixed an issue where sorting address groups
by name, address, or location did not work on a device group that
was part of a nested device group. |
PAN-175628 | (PA-5200 Series firewalls only)
Fixed an issue where the firewall was unable to monitor AUX1 and
AUX2 interfaces through SNMP. |
PAN-175259 | Fixed an issue where a Security policy configured
with App-ID and set to web-browsing and application-default
service allowed clear-text web-browsing on tcp/443. |
PAN-175161 | Fixed an issue where changing SSL connection
validation settings for system logs caused the mgmtsrvr process
to stop responding. |
PAN-174809 | Fixed an issue where a process (all_pktproc) restarted. |
PAN-174607 | Fixed an intermittent issue where, when
Security profiles were attached to a policy, files that were downloaded
across TLS sessions decrypted by the firewall were malformed. |
PAN-174587 | Fixed an issue where, in the case of multiple
AWS Partner Network (APN) connections, the GPRS tunneling protocol
(GTPv2) Create Session Requests were sent to the firewall within
a short interval, which caused the firewall to create the GTP-sessions
incorrectly. |
PAN-174011 | Fixed an issue where Panorama failed to
update shared policies during partial commits when a new device
group was created but not yet committed. |
PAN-171345 | Fixed an issue where firewalls experienced
high packet descriptor usage due to internal communication associated
with WildFire. |
PAN-171181 | Fixed an issue where the IPSec tunnel configuration
didn't load when a double quotation mark was added to the comment
section of the IPSec tunnel General tab. |
PAN-171104 | Fixed an issue where a race-condition check
returned a false negative, which caused a process (all_task)
to stop responding and generate a core file. |
PAN-170952 | Fixed script issues that caused diagnostic
data to not be collected after path monitor failure. |
PAN-168400 | Fixed an issue where, after installing Cloud
Services plugin 10.2, the Plugin cloud_services status (Dashboard
> High Availability) displayed as Mismatch. |
PAN-168286 | Fixed a memory leak issue in the mgmtsrvr process
that was caused by failed commit all operations. |
PAN-167849 | Fixed an issue where URL Filtering incorrectly
identified the firewall serial number in the certificate Common Name field
as the IP address. |
PAN-164871 | (VM-Series firewalls only) Fixed
an intermittent issue where deactivating the firewall via XML API
using manual mode failed. This occurred because the size of the
license token file was incorrect. |
PAN-163245 | Fixed an issue where a commit-all or push
to the firewall from Panorama failed with the following error message: client routed requesting last config in the middle of a commit/validate. Aborting current commit/validate. |
PAN-161297 | Fixed an interoperability issue with other
vendors when IKEv2 used SHA2-based certificate authentication. |
PAN-155448 | Fixed an issue where credential detection
didn't work in IP address-to-username mapping mode because the firewall
compared the unnormalized IP-address-to-username mapping format
to the normalized username extracted from the payload where the
username and password were submitted. |