DHCP Client on MGMT port fails to auto-renew lease after upgrade to PAN-OS 10.2.0

DHCP Client on MGMT port fails to auto-renew lease after upgrade to PAN-OS 10.2.0

347
Created On 03/25/22 20:15 PM - Last Modified 11/17/25 20:46 PM


Symptom


Firewall loses management connectivity after upgrade to PAN-OS 10.2.0

Impacted firewall services include:
  • URL Filtering
  • Real-Time WildFire
  • DNS Security
  • ACE
  • MICA
  • Dynamic Updates
  • LDAP and User-ID
  • WildFire submissions
  • Cortex Data Lake
  • Log Forwarding
  • Syslog
  • SNMP Traps
  • EDL updates
  • IoT
  • Email Notifications
  • Netflow
  • RADIUS/TACACS+ and other third party authentication methods

Environment


  • PA-220 and PA-220R Firewalls
  • PA-800 Series Firewall 
  • DHCP Client enabled in the MGMT Port

Cause


The issue was caused by dhclient linking to the wrong bind library during build.

There is an additional issue being tracked where if the "Send Client ID" is enabled, DHCP will also fail. Note that this issue is still present in hotfix version 10.2.0-h1.

Resolution


Hotfix PAN-OS 10.2.0-h1 has been released to address this issue.
Make sure to have the "Send Client ID" option unchecked

Additional Information


Disconnecting the RJ-45 and reconnecting to the MGMT port will *not* help to temporarily renew the DHCP lease.

Recovery will either require a connection to a data port configured with an interface management profile allowing SSH, HTTP or HTTPS access, or CLI access via serial console.

To recover, workaround by configuring the MGMT IP address configuration to Static IP, or, rollback to PAN-OS 10.1.x
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oNTaCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail