PAN-OS 10.0.9 Addressed Issues
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
End-of-Life (EoL)
PAN-OS 10.0.9 Addressed Issues
PAN-OS® 10.0.9 addressed issues.
Issue ID | Description |
---|---|
WF500-5513 | Fixed an issue where cloud queries failed,
which generated system logs. The issue occurred because a hash was
not found in the cloud. |
PAN-184445 | Fixed an issue where, after upgrading Panorama,
when Share Unused Address and Service Objects with Devices was
unchecked, address objects using tags to dynamic address groups
were removed after a full commit. |
PAN-183754 | Fixed an issue on firewalls in high availability
(HA) active/passive configurations where, when the passive firewall
was reloaded, not all session information from the active firewall
was duplicated to the passive firewall. |
PAN-181360 | Fixed an issue where staggering scheduled
dynamic updates from Panorama to firewalls only worked for the first
scheduled group and failed for the remaining groups of the same
type. |
PAN-181309 | Fixed an issue where Panorama was inaccessible
due to the configd process not responding. |
PAN-180934 | Fixed an issue where, when decrypting at
TLS1.3, websites failed to load due to the firewall incorrectly
handling payload padding from the server. |
PAN-179886 | Fixed an issue where new tunnels were unable
to be established for Elasticsearch due to faulty logic that prevented
old tunnels to be removed when a node went down. |
PAN-179543 | Fixed an issue where the flow_mgmt process stopped
responding when attempting to clear the session table, which caused
the dataplane to restart. |
PAN-179146 | (VM-Series firewalls on Hyper-V only)
Fixed an issue where packet length was calculated incorrectly, which
caused 4 extra bytes to be added to the end of the frame in VLAN-tagged
traffic. |
PAN-178961 | Fixed an issue where a process (authd)
stopped responding due to incorrect context handling. |
PAN-178953 | Fixed an issue with the GlobalProtect Clientless
VPN where, when an application sent a negative max age value on
a cookie, part of the cookie was retained by PAN-OS and used for
the subsequent connection on the user session. |
PAN-177762 | Fixed an issue where wificlient in
PAN-OS 10.0 and later releases caused processing delays, on-chip
descriptor spikes, and buffer usage. |
PAN-177571 | Fixed an issue where, when creating a certificate
name, you could set a character limit that exceeded what the decryption
profile configuration was able to support. |
PAN-177363 | Fixed an issue where, when system logs and
configuration logs on a dedicated log collector system were forwarded
to a Panorama management server in Management Only mode, the logs
were not ingested and were dropped. This caused the dedicated log
collector system to not be viewable on a Panorama appliance in Management
Only mode. |
PAN-176719 | Fixed an issue with proxy session handling
where the server leg closed early, which caused client issues if
the proxy session client leg was experiencing network issues. |
PAN-176392 | (PA-7000 Series firewalls only)
Fixed a an issue where persistent sessions did not properly age
out when removing a Data Processing Card (DPC). |
PAN-176341 | Fixed an issue where a delay to detect when
an interface was down after a cable pull caused traffic to be black-holed
to the downed link for 10 or more seconds. |
PAN-176280 | Fixed an intermittent issue on Panorama
where querying logs via the web interface or API did not return
results. |
PAN-176054 | Fixed an intermittent issue where users
did not have access to resources due to a host information profile
(HIP) check failure that was caused by the HIP data not being synced
between the management plane and the dataplane. |
PAN-176032 | Fixed an issue where a process (authd)
stopped responding, which caused authentication to fail. |
PAN-175923 | Fixed an issue where a process (tund)
stopped responding when enabling IPSec tunnel monitoring. |
PAN-175652 | Fixed an issue where SSL decryption failed
for websites when they were accessed from Google Chrome version
92 or higher. |
PAN-175399 | Fixed an issue where enabling Use proxy to fetch logs from Cortex Data Lake caused
Panorama to not show logs when queried. |
PAN-175307 | Fixed an issue where Panorama commits were
slower than expected and the configd process stopped
responding due to a memory leak. |
PAN-175211 | Fixed a memory leak issue in the (mgmtsrvr) process. |
PAN-175141 | Fixed an intermittent issue where IP address-to-username mappings
were not created on a redistribution client if a logout and login message
shared the same timestamp. |
PAN-174998 | (M-200 and M-500 appliances only)
Fixed a capacity issue that was caused by high operational activity
and large configurations. This fix increases the virtual memory
limit on the configd process to 32GB. |
PAN-174894 | Fixed an issue where, when the time-to-live
(TTL) value for symmetric MAC entries weren't updated to other dataplanes
and HA peers, timeouts occurred for traffic using policy-based forwarding
(PBF) with symmetric returns. |
PAN-174886 | Fixed an issue where scheduled customer
reports displayed as empty when the configured destination was an
address group. |
PAN-174864 | Fixed an issue on the Panorama interface
where Deploying Master Key to low-end devices resulted
in a Failed to communicate message, even
when the new master key was updated on the end device. This issue
occurred because a master key deployment had insufficient time to
process due to a connection timeout. |
PAN-174781 | Fixed an issue where the firewall did not
send an SMTP 541 error message to the email client after detecting
a malicious file attachment. |
PAN-174709 | Fixed an out-of-memory (OOM) condition that
occurred due to multiple parallel jobs being created by the scheduled
log export feature. |
PAN-174347 | Fixed an issue where sequence numbers were
calculated incorrectly for traffic that was subject to Session Initiation
Protocol (SIP) application-level gateway (ALG) when SIP TCP Clear
Text Proxy was disabled. |
PAN-174244 | Fixed an issue where a sudden increase in
URL data approached the maximum cache capacity of the firewall. |
PAN-174161 | Fixed an issue in Panorama that occurred
when attempting to disable override on an
object from a child device group did not work after cloning and
renaming the object. |
PAN-174055 | Fixed an issue where SNMP readings reported
as 0 for dataplane interface packet statistics for Amazon Web Services
(AWS) m5n.4xlarge instance types. This issue occurred because the
physical port counters read from MAC addresses were reported as
0. |
PAN-173978 | Fixed an issue where the Elasticsearch process
continuously restarted if zero-length files were present. |
PAN-173753 | Fixed an issue where a bar or point on a Network Monitor graph
had to be clicked more than once to properly redirect to the corresponding
ACC report. |
PAN-173545 | Fixed an issue where exporting a device
summary to CSV failed and displayed the following error message: Error while exporting. |
PAN-173509 | Fixed an issue where Superuser administrators
with read-only privileges (Device > Administrators and
Panorama > Administrators) were unable to view the hardware
ACL blocking setting and duration in the CLI using the following commands:
|
PAN-173453 | Fixed an issue where multiple heartbeat
failures occurred, which resulted in HA failover. |
PAN-173157 | Fixed an issue with the HA1 monitor hold
timer where the configured value was not assigned to the HA1 backup
interface, which used the default hold timer (3000 milliseconds),
which resulted in failover events taking longer than expected. |
PAN-173076 | (Panorama appliances in FIPS mode only)
Fixed an issue where the FIPS Panorama / FIPS firewall schema didn't
prune non-FIPS options from the Clientless VPN. |
PAN-172890 | (PA-800 Series firewalls only)
Fixed an issue where the firewall became unresponsive when an enhanced
small form-factor pluggable (SFP+) module was inserted in the SFP
port. |
PAN-172775 | Fixed an issue in Panorama where the configd process
stopped responding due to a memory issue with memcpy bson_append. |
PAN-172748 | (VM-Series firewalls only) Fixed
an issue where a process (all_task) stopped responding. |
PAN-172396 | Fixed a memory leak issue related to the useridd process. |
PAN-172324 | Fixed an issue on the Panorama web interface
where custom vulnerability signature IDs weren't populated in the
drop-down when creating a custom combination signature. |
PAN-172316 | Fixed an issue where the internal interface
flow control that caused the monitoring process to incorrectly determine
the interface to be malfunctioning. |
PAN-172243 | Fixed an issue where NetFlow traffic triggered
a packet buffer leak. |
PAN-172200 | Fixed an issue where a process (configd) restarted
due to memory corruption in the show dynamic-address-group CLI
command during commits, commit and push operations, and HA Panorama
syncs. |
PAN-171869 | Fixed an issue where HIP profile objects
in security policies and authentication policies were still visible
in the CLI even after replacing them with source HIP and destination
HIP objects. |
PAN-171696 | (PA-800 and PA-400 Series firewalls
and PA-220 firewalls only) Fixed an issue where the management
plane CPU was incorrectly reported to be high. |
PAN-171497 | Fixed an issue where, after a local user
group is updated by adding or removing users, the local user group
is removed from groupdb. |
PAN-171380 | Fixed an issue where loading configuration
versions in Panorama added unnecessary IDs to the configuration. |
PAN-171367 | Fixed an issue in active/active HA configuration
where session disconnected during an upgrade from a PAN-OS 9.0 release
to a PAN-OS 9.1 release. |
PAN-171159 | Fixed a memory leak on the configd process
on Panorama caused during multi-clone operations for rules. |
PAN-170997 | Fixed an issue where FQDN service routes
were not installed after a system reboot. |
PAN-170603 | Fixed an issue where, when the Elasticsearch
startup timestamp occurred exactly on the second, an internal variable
was set incorrectly, which resulted in failed customer reports and
no ACC data to display. |
PAN-170466 | Fixed an memory reference issue related
to the devsrvr process that caused the process to stop responding. |
PAN-169899 | Fixed an issue on firewalls with offload
processors where the ECMP forced symmetric return feature didn't
work for CRE traffic after the session was offloaded. |
PAN-169433 | Fixed an issue on Panorama where clicking Run Now for
a custom report with 32 or more filters in the Query Builder returned
the following message: No matching records. |
PAN-169347 | Fixed an issue where a process (authd)
stopped responding due to an invalid null pointer. |
PAN-169300 | Debug logs were added to troubleshoot WildFire
submission issues. |
PAN-169212 | Fixed an issue where information level logs
caused a configd logs to fill. |
PAN-169173 | Fixed an issue where, if you continuously
performed partial commits of a configuration with a high number
of dynamic address groups, Panorama became unresponsive and commits
were slower than expected. |
PAN-168339 | Fixed an issue where replacing SSL certificates
for inbound management traffic did not work when Block
Private Key Export was enabled. |
PAN-168189 | Fixed an issue where, even when there was
active multicast traffic, the firewall sent Protocol Independent
Multicast (PIM) prune messages. |
PAN-168178 | Fixed an issue where the logrcvr process continuously
restarted to due incorrect data. |
PAN-167762 | Fixed an issue where ICMP sessions didn't
display SD-WAN policy name or site name information in the traffic
logs. |
PAN-167560 | Fixed an issue where the Panorama appliance
didn't return inherited device group locations pertaining to Security
policies for REST API queries. |
PAN-167259 | (PA-3220 firewalls on PAN-OS 10.0.3
only) Fixed an issue where, after manually uploading WildFire
images, the dropdown did not display any available files to choose
from. |
PAN-166978 | Fixed an issue where the URL-Filtering cloud
connection failed with the following error message: bind failed with errno 97. |
PAN-166202 | Fixed an issue with an extra character in
HTTP Strict Transport Security (HSTS) regression tests when accessing
the GlobalProtect gateway. |
PAN-166180 | Fixed an issue where SNMPV3 traps were not
processed by the snmptrap receiver
after a firewall reboot. |
PAN-166091 | Fixed an issue where the firewall dropped
PBF keepalive responses. |
PAN-165660 | Fixed an issue where, in scenarios with
Fragmented SIP, the first packet arrived out of order, bypassing
App-ID and Content and Threat Detection (CTD). With this fix, the
out-of-order packet is transmitted after it has been queued and
processed by APP-ID and CTD. |
PAN-165147 | Fixed an issue where, when there was a high
volume of traffic for sessions with Application Block
Pages enabled, other regular packets were dropped. |
PAN-164997 | Fixed an issue where special characters
in web interface description Overview fields
displayed as their respective HTML ASCII character references. |
PAN-164631 | Fixed an issue where the stats
dump report was empty. |
PAN-163030 | Fixed an issue where restarting the devsrvr process
caused new GlobalProtect connections to fail with the error message required client certificate not found.
This issue occurred due to a key mismatch between the dataplane
and the management plane. |
PAN-161726 | Fixed an issue where the show high-availability all output
incorrectly displayed the VM-Series firewall license type on physical
firewalls. |
PAN-161496 | Fixed an issue when calculating the incremental
checksum after a post-NAT translation where the arguments to pan_in_cksm32_diff overflowed
the 32-bit integer. |
PAN-161031 | Fixed an issue where authentication via
the LDAP server failed in FIPS-CC mode when the LDAP server profile
was configured with the root certificate chain and Verify
server certificate for SSL sessions options enabled. |
PAN-160825 | (Panorama virtual appliances only)
Fixed an issue where, when GPRS tunneling protocol (GTP) stateful
inspection was enabled, GTP packets carrying NTP traffic with the
destination port UDP2152 were identified as GTP-in-GTP in GTP and
logged as critical severity in the GTP logs. |
PAN-159835 | Fixed an issue where, after an upgrade,
the following error message was displayed: Not enough space to load content to SHM. |
PAN-159295 | Fixed an issue where scheduled configuration
export files saved in the /tmp folder weren't periodically purged,
which caused the root partition to fill up. |
PAN-159225 | Fixed an issue where the web interface did
not display Missing Patches in the HIP logs. |
PAN-159210 | Fixed an issue where timed-out DNS Security
queries produced incorrect system log entries indicating cloud service connection refused.
With this fix, timed-out queries are correctly logged as cloud query timeout. |
PAN-158369 | Fixed an issue where applications did not
work via the Clientless VPN when they were configured on a vlan
interface |
PAN-156545 | Fixed an issue where exporting a backup
to a server with an Elliptic Curve Digital Signature Algorithm (ECDSA)
key failed when ECDSA was a valid key type. |
PAN-156289 | Fixed an issue where the default severities
for Content Update errors were inaccurate. |
PAN-155059 | Fixed an issue on Panorama where, when Retrieving Content
'WildFire' information failed, the error message No records found incorrectly displayed
as High severity. |
PAN-151302 | (PA-7000 Series firewalls with Log Forwarding
Cards (LFC) only) Fixed an issue where the logging rate for
the LFC was not displayed in Panorama > Managed Devices
> Health. |
PAN-150848 | Fixed an issue where the firewall dropped
TCP FIN traffic due to the server-to-client FIN traffic being out
of order. |
PAN-147256 | (Firewalls in HA configurations only)
Fixed an issue where connections to the SafeNet hardware security
module (HSM) were lost after upgrading to a new major PAN-OS release. |
PAN-146737 | Fixed an issue where, when running the show running application statistics CLI
command, the packets value in the output
rolled over before the session value. |