BugZero | Palo Alto Networks BugID PAN-206921 - Fixed an issue where GlobalProtect client certific...

Palo Alto Networks - Defect ID: PAN-206921

Fixed an issue where GlobalProtect client certificate authentication failed on a gateway when the gateway was placed behind a NAT.

Palo Alto Networks - Defect ID: PAN-206921

Fixed an issue where GlobalProtect client certificate authentication failed on a gateway when the gateway was placed behind a NAT.

Last updated on May 15th, 2026

BugZero Risk Score
9.3 High

Overall: 9.3

Severity: 10.0

Community: 3.7

Lifecycle: 10.0

What is the BugZero Risk Score?

Palo Alto Networks Integration

Learn more about where this data comes from

Palo Alto Networks Integration

Learn more

BugZero Plan

Streamline upgrades with automated vendor bug scrubs

BugZero Plan

Learn more

BugZero Prevent

Wish you caught this bug sooner? Get proactive today.

BugZero Prevent

Learn more

Bug Details

Description

Disclaimer

Hotfix versions were inferred because the vendor did not list them explicitly: 10.2.3-h1, 10.2.3-h2, 10.2.3-h3

Overview

Fixed an issue where GlobalProtect client certificate authentication failed on a gateway when the gateway was placed behind a NAT.

Impact

GlobalProtect client certificate authentication fails.

root_cause

The change in the IP address, due to the NAT caused incorrect processing by the gateway.

workaround

No workaround

Change history

2026-05-15 Added: 10.2.3-h1, 10.2.3-h2, 10.2.3-h3

No changes to display

2025-07-22 Added: 10.2.2, 10.2.3

Relevant Products

Click on a version to see all relevant bugs

Affected versions:10.2.2, 10.2.3, 10.2.3-h1, 10.2.3-h2, 10.2.3-h3

Fixed versions: 10.2.3-h4, 10.2.4

Relevant Products

Click on a version to see all relevant bugs

Affected versions:10.2.2, 10.2.3, 10.2.3-h1, 10.2.3-h2, 10.2.3-h3

Fixed versions: 10.2.3-h4, 10.2.4

Top Palo Alto Networks Defects

9.5Defect ID: PAN-195149
Fixed an issue where firewall administrators were unable to log in to the web interface when RADIUS two-factor authentication was used.
9.3Defect ID: PAN-207533
Fixed an issue with firewalls in HA configurations where ARP and IPv6 multicast packets were transmitted from the passive firewall.
9.3Defect ID: PAN-206921
Fixed an issue where GlobalProtect client certificate authentication failed on a gateway when the gateway was placed behind a NAT.
9.3Defect ID: PAN-209305
Fixed an issue where enabling Inline Cloud Analysis caused the content and threat detection (CTD) process flow cleanup to not be done correctly if a threat was encountered during the traffic inspection.
9.3Defect ID: PAN-251639
Fixed an issue where an out-of-memory condition occurred due to a memory leak related to the varrvcr process when a WildFire Analysis security profile was enabled.

Ready to prevent the next vendor outage?

Get a demo

Palo Alto Networks - Defect ID: PAN-206921

Fixed an issue where GlobalProtect client certificate authentication failed on a gateway when the gateway was placed behind a NAT.

Palo Alto Networks - Defect ID: PAN-206921

Fixed an issue where GlobalProtect client certificate authentication failed on a gateway when the gateway was placed behind a NAT.

Last updated on May 15th, 2026

BugZero Risk Score9.3 High

Bug Details

Disclaimer

Overview

Impact

root_cause

workaround

Top Palo Alto Networks Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
9.3 High