Fixed an issue where performing a configuration commit on a firewall locally or from Panorama caused a memory leak related to the configd process and resulted in a out-of-memory (OOM) condition.

Fixed an issue where changes made to the split tunnel configuration on the Prisma Access gateway were not reflected on the GlobalProtect client.

Fixed an issue where, when using explicit proxy with SAML authentication, initiating SAML authentication with a non-GET request resulted in a

302 redirect

response instead of the expected

200 ok

response.

Fixed an issue where Possible Domain Fronting Detection for HTTP/2 generated false positives. With this change, domain fronting is limited to HTTP/1.

Fixed an issue where a false positive HTTP/TLS evasion alert was generated when the domain had DNS load balance.

Fixed an issue where

ifType

and

ifSpeed

were not populated in asynchronous mode of SNMP operations.

Fixed an issue where the management interface and front panel port interface statistics were not populated in asynchronous mode of SNMP operations.

Fixed an issue where the firewall required a restart when an SD-WAN policy rule was pushed from Panorama.

Fixed an issue where the firewall stopped responding due to a high number of SD-WAN probes being sent.

Fixed an issue where SNMP failed to respond to multiple Object Identifier (OID) queries in a single SNMP GET request.

A fix was made to address CVE-2024-3400.

Fixed an issue where firewalls failed to fetch content updates from the Wildfire Private Cloud due to an

Unsupported protocol

error.

(

VM-Series firewalls in Microsoft Azure environments only

) Fixed an issue where file descriptors were not closed due to invalid configurations.

Fixed an issue where the web interface did not display newly added Anti-Spyware signatures or Vulnerability Signatures until you refreshed the browser or logged out or in via the web interface.

Fixed an issue with firewalls in active/passive high availability (HA) configurations where the NSSA default route from the active firewall was not generated to advertise even though the backbone area default route was advertised during a graceful restart.

Fixed an issue where, when you committed the first configuration change after booting up the firewall, the external dynamic list file download failed until the list was refreshed. This occurred when the configuration was pushed with a certificate profile.

Fixed an issue where, when a certificate profile was configured on an external dynamic list object but the profile had been deleted or did not exist, commits silently failed with the error

Failed to refresh EDL config

instead of showing the correct validation error message

Fixed an issue where heartbeats to the brdagent process were lost, resultng in the process not responding, which caused the firewall to reboot.

Fixed an issue on Panorama where

Commit and Push

or

Push to Devices

operations failed when an external dynamic list was configured to check for updates every 5 minutes due to the commit and external dynamic fetch processes overlapping.