(VM-Series firewalls on Amazon Web Services (AWS) environments only) Fixed an issue where a newly bootstrapped firewall required a management server restart, relicensing, or license push from Panorama to invoke the device certificate.

Fixed an issue on PAN-OS 12.1 releases where intermittent traffic drops occurred over IPSec VPN tunnels to third-party firewalls during the IPSec rekey due to the firewall failing to inform the peer to delete the old SA after moving to the new one.

Fixed an issue where HIP (Host Information Profile) reports were blocked on GlobalProtect when Authentication Cookie Usage Restrictions was enabled and the Prisma Access Agent protocol was in use. This occurred because the system failed to correctly process HIP messages that were relayed via IPSec tunnels with a Virtual IP as the source, leading to their rejection.

Fixed an issue where the firewall generated duplicate URL Filtering logs due to an error condition when the new XFF feature was enabled.

(Panorama appliances and Log Collectors only) Fixed an issue where logs from multiple devices were not visible on Panorama even though the Elasticsearch health status on the dedicated Log Collectors appeared green.

Fixed an issue where IPv6 Routed HA did not function correctly when the HA1 (control link) was configured with an IPv6 routed connection.

Fixed an issue where software packet buffers were completely utilized when performing a Data Loss Prevention longevity test.

Fixed an issue where, when Advanced DNS Security was enabled and experienced unusually high loads, DNS resolution failures occurred with the error resources-unavailable.

Fixed an issue where the firewall failed to send SNMPv3 traps when the SNMP destination was configured with an FQDN that resolved to multiple IP address through DNS load balancing.