Fixed an issue where decryption based traffic failed on Explicit Proxy nodes.

Fixed an issue where websites with a no-decrypt policy rule were decrypted in traffic log when using a Google Chrome browser with PQC enabled

Fixed an issue where the firewall displayed the SFP ports as

PowerDown

when the SFP transceiver was removed and reinserted or the port was shut down and brought back up on the peer device.

(

PA-3400 Series firewalls only

) Fixed an issue where the firewall entered maintenance mode after enabling kernel data collection during the silent reboot.

Fixed an issue where a TLS client hello was split into multiple packets and arrived out of order, so the packets were dropped and the session terminated.

Fixed an issue where a memory overwrite occurred during HTTP/2 header inflation.

Added CPLD enhancement to capture external power issues.

Fixed an issue related to shared-to-shared optimization. To utilize this fix, contact Palo Alto Networks Tech Support.

Fixed an issue where multiple all_task processes stopped responding, which caused the dataplane to fail.

Fixed an issue where the useridd process stopped responding, which caused the firewall to reboot.

Fixed an issue where, when FIPS was enabled in maintenance mode, the firewall rebooted and returned to maintenance mode.

Fixed a kernel panic caused by a third-party issue.

Fixed an issue where the web interface did not display newly added Anti-Spyware signatures or Vulnerability Signatures.

Fixed an issue with firewalls in active/passive HA configurations where the NSSA default route from the active firewall was not generated to advertise even though the backbone area default route was advertised during a graceful restart.

Fixed an issue where, when the physical interface went down, the SD-WAN ethernet connection state still showed

UP/path-monitor

due to the Active URL SaaS monitor connection state remaining UP/path-monitor.

(

PA-5450 firewalls only

) Fixed an issue where the Data Processing Card (DPC) restarted due to path monitor failure after QSFP28 disconnected from the Network Processing Card (NPC).

Fixed an issue where, when the GlobalProtect app was installed on iOS endpoints and the gateway was configured to accept cookies, the app remained in the

Connecting

stage after authentication, and the GlobalProtect log displayed the error message

User is not in allow list

. This occurred when the app was restarted or when the app attempted to reconnect after disconnection.