(PA-5450 firewalls only) Fixed an issue where the hourly summary log was limited to 100,001 lines when summarized, which resulted in inconsistent report results when using summary logs.

Fixed an issue where the vld process stopped responding when Elasticsearch had no data.

Fixed an issue where Elasticsearch removed indices earlier than the configured retention period.

(PA-5450 and PA-3200 Series firewalls that use an FE101 processor only) Fixed an issue where packets in the same session were forwarded through a different member of an aggregate ethernet group when the session was offloaded. The fix is that you can use the following CLI command to change the default tag setting to the tuple setting:

tag is the default behavior (tag based on the CPU, tuple based on the FE).

tuple is the new behavior, where both CPU and FE use the same selection algorithm.

Use the following command to display the algorithm:

Fixed an issue where, when migrating the firewall, the firewall dropped packets when trying to re-use the TCP session.

Fixed an issue where the firewall stopped allocating new sessions with increments in the counter session_alloc_failure. This was caused by GPRS tunneling protocol (GTP-U) tunnel session aging processing issue.

(PA-5450 firewalls only) Fixed an issue where upgrading the firewall caused corrupted log records to be created, which caused the logrcvr process to fail. This resulted in the auto-commit process required to bring up the firewall after a reboot to fail and, subsequently, the firewall to become unresponsive.