(Firewalls in FIPS mode only) Fixed an issue where GlobalProtect unexpectedly prompted for RADIUS authentication instead of client certificate authentication due to an OSCP validation error and subsequent CRL verification failure, which led to certificates being marked as invalid.

Fixed an issue where internal and external DNS names did not resolve when connected to a GlobalProtect gateway.

Fixed an issue where a DPC in Slot 4 restarted repeatedly, which caused internal path monitoring failures and a failover event.

Fixed an issue where processes restarted and the firewall unexpectedly rebooted when you configured a Security policy rule with Source Device > quarantine.

Fixed an issue on Panorama where selective push operations failed when plugin configurations included access-domain or log-collector references.

Fixed an issue where a race condition between the session ager and packet processing resulted in memory corruption and caused the pan_task process to stop responding, which resulted in the firewall becoming unresponsive

Fixed an issue where, after Advanced Routing was enabled, the firewall advertised routes to internal BGP neighbors with the original external BGP next-hop address.

Fixed an issue where GlobalProtect throughput was reduced after an upgrade.

Fixed an issue where, when a push operation from Panorama to the firewall failed, accounting logs stopped forwarding.

(PA-7500 firewalls only) Fixed an issue where internal path monitoring logs incorrectly reported internal path monitoring failures when they did not occur.

Fixed an issue on Panorama where, after removing a scheduled configuration push, Panorama still initiated the push at its previously scheduled time.

(Firewalls in active/passive HA configurations only) Fixed an issue where, after a failover, routing information within OSPF protocol was not correctly translated or propagated, which affected network path convergence and FRR capabilities.

(Firewalls in active/passive HA clusters only) Fixed an issue where high dataplane CPU usage occurred and traffic offloading decreased when a failover occurred from the active firewall to the passive firewall, and then back to the active firewall.

Fixed an issue where a memory leak occurred related to the reportd process when custom reports were run via API.

Fixed an issue where an unexpected reboot occurred when Inline Cloud Analysis was enabled in an Anti-Spyware and Vulnerability profile.

Fixed an issue where Panorama pushed commits took longer than expected to complete without displaying an error message when committing due to slow cloud-app compilation.

Fixed an issue where firewalls acting as an accumulation proxy sent a server hello with an earlier TCP timestamp value than a preceding ACK packet, which prevented successful session establishment. This occurred when the client hello messages were split across multiple network segments.

To use this fix, run the CLI command debug dataplane set ssl-decrypt accumulate-client-hello ts-relay yes.

Fixed an issue where the firewall dataplane continuously accumulated packets in the ctd_pkt_queue and packet buffers, which caused resource exhaustion and prematurely terminated sessions.

Fixed an issue where the reportd process stopped responding, which caused the firewall to reboot.

Fixed an issue where firewalls entered a nonfunctional state due to L7 running out of resources due to a high volume of traffic.

(Firewalls with FIPS-CC enabled only) Fixed an issue where, when attempting to make changes to the GlobalProtect portal, an error message was displayed and configuration updates failed.

(Firewalls in active/passive configurations only) Fixed an issue where NTP status intermittently showed as rejected on the active firewall, which prevented the firewalls from synchronizing time.

Fixed an issue on Prisma Access Remote Network firewalls where high CPU utilization caused slowness and command timeouts.

Fixed an issue where pushing multiple policy rules failed when the policy rules contained a large number of dynamic address object groups or user groups.

Fixed an issue where the firewall was unable to send device telemetry files to Cortex Data Lake due to the firewall receiving an invalid upload token.

Fixed an issue on the Panorama web interface where you were unable to delete or change a logical router for tunnel, SD-WAN, VLAN, or loopback interfaces under a template.

Fixed an issue where firewall components became unresponsive during sustained operation.

Fixed an issue where the timestamp value in SNMPv3 trap headers was incorrect.

To use this fix, run the CLI command debug log-receiver enginetime-from-snmptime yes.

Fixed an issue where firewalls in a cluster experienced approximately 50% packet loss on IPSec NATT tunnels when tunnel acceleration was enabled.

Fixed a duplicate MAC address issue where an ethernet interface sent out Gratuitous ARP (GARP) messages for an IP address that was not configured on it.

Fixed an issue where the management CPU was high, which caused the web interface to be slower than expected.