BugZero | Palo Alto Networks BugID PAN-308902 - Fixed an issue where, after upgrading to an affect...

Palo Alto Networks - Defect ID: PAN-308902

Fixed an issue where, after upgrading to an affected release, the firewall did not add mTLS websites that required client certificate authentication via DN list to the ssl-decrypt exclude-cache list.

Palo Alto Networks - Defect ID: PAN-308902

Fixed an issue where, after upgrading to an affected release, the firewall did not add mTLS websites that required client certificate authentication via DN list to the ssl-decrypt exclude-cache list.

Last updated on March 5th, 2026

BugZero Risk Score
6.3 Medium

Overall: 6.3

Severity: 6.4

Community: 3.7

Lifecycle: 10.0

What is the BugZero Risk Score?

Palo Alto Networks Integration

Learn more about where this data comes from

Palo Alto Networks Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

The earliest recollection of this bug is traced back to PAN-OS 11.2.10-h4 - March 05, 2026. This bug is fixed in PAN-OS versions 11.2.10-h4, 11.2.7-h11. Fixed an issue where, after upgrading to an affected release, the firewall did not add mTLS websites that required client certificate authentication via DN list to the ssl-decrypt exclude-cache list. For more information: https://docs.paloaltonetworks.com/pan-os/11-2/pan-os-release-notes/pan-os-11-2-10-known-and-addressed-issues/pan-os-11-2-10-h4-addressed-issues https://docs.paloaltonetworks.com/pan-os/11-2/pan-os-release-notes/pan-os-11-2-7-known-and-addressed-issues/pan-os-11-2-7-h11-addressed-issues

Change history

2026-03-05 Added: 11.2.10-h4

2026-03-04 Added: 11.2.7-h11

Top Palo Alto Networks Defects

6.3Defect ID: PAN-308902
Fixed an issue where, after upgrading to an affected release, the firewall did not add mTLS websites that required client certificate authentication via DN list to the ssl-decrypt exclude-cache list.
6.3Defect ID: PAN-288001
Fixed an issue where devices with 5G cellular modems did not support the ATT FirstNet auto Access Point Name (APN).
6.3Defect ID: PAN-300637
( VM-Series firewalls on Microsoft Azure environments only ) Fixed an issue where the firewall unexpectedly rebooted due to repeated varrcvr process restarts.
6.3Defect ID: PAN-287584
Fixed an issue on the web interface where the address object pop up window only displayed a maximum of four address objects in the policy rule even after expanding the window.
6.3Defect ID: PAN-294524
Fixed an issue where firewalls and Panorama management servers were unable to view or download WildFire reports from a WF-500 appliance, resulting in a 401 error in the report tab.

Ready to prevent the next vendor outage?

Get a demo

Palo Alto Networks - Defect ID: PAN-308902

Fixed an issue where, after upgrading to an affected release, the firewall did not add mTLS websites that required client certificate authentication via DN list to the ssl-decrypt exclude-cache list.

Palo Alto Networks - Defect ID: PAN-308902

Fixed an issue where, after upgrading to an affected release, the firewall did not add mTLS websites that required client certificate authentication via DN list to the ssl-decrypt exclude-cache list.

Last updated on March 5th, 2026

BugZero Risk Score6.3 Medium

Bug Details

Links

Top Palo Alto Networks Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.3 Medium