Fixed an issue where the escd process caused a memory leak when session resiliency was enabled on the firewall.

Fixed an issue where multiple segments of HTTP proxy connect messages were not handled correctly by proxy.

Fixed an issue on Panorama where Push Scope did not populate automatically after changing the device group configuration.

Fixed an issue on the firewall where, when a NAT transversal IPSec tunnel was terminated, and the NAT rule that was applied to the NAT-T IPSec tunnel was on the same firewall, traffic flowing through the tunnel was not correctly translated.

Fixed an issue where, when SSL decryption was enabled and Client Hello messages spanned multiple TCP segments, some SSL decrypted sessions failed.

Fixed an issue where traffic to websites failed on the Google Chrome web browser on Secure Web Gateway (SWG) nodes.

Fixed an issue where FQDN resolution failed for address objects, and all FQDN traffic was denied by the interzone-default policy rule.

Fixed an issue where dereferencing a NULL pointer that occurred when App-ID stopped responding caused the firewall to restart.

Fixed an issue where traffic that did not match a decryption policy rule, or matched a no-decrypt policy rule, failed when accumulation proxy was enabled and a Zone Protection profile was configured with syn-cookies enabled.

Fixed an issue where websites with a no-decrypt policy rule were decrypted in traffic log when using a Google Chrome browser with PQC enabled.

Fixed an issue where an out-of-memory (OOM) condition caused a firewall outage.

Fixed an issue on the firewall where DPDK allocated twice the amount of memory as requested for pre-allocation.

Fixed an issue where GlobalProtect users were unable to switch gateways after upgrading to GlobalProtect version 6.2.3.

Fixed an issue where the Cloud Identity Engine (CIE) user context did not correctly redistribute user/IP address port mapping to on-premises firewalls.

(PA-3410, PA-3420, and PA-3430 firewalls only) Fixed an issue where the install failed when upgrading from PAN-OS 10.2.3-h3 and later 10.2 releases to PAN-OS 10.2.10 due to the number of configured vsys zones exceeding the zone limit in PAN-OS 10.2.10.

Fixed an issue where the GlobalProtect portal was not accessible via a web browser and displayed the error ERR_EMPTY_RESPONSE.

Fixed an issue where policy rule configurations pushed from Panorama were not reflected on the firewall if the rule had 63 characters.

Fixed an issue on the Panorama web interface where Security policy rules loaded more slowly than expected.

(CN-Series firewalls only) Fixed an issue where the CLI command show system setting ctd state did not work as expected.

Fixed an issue on the Panorama interface where Traffic and Unified event details loaded more slowly than expected.

(CN-Series firewalls only) Fixed an issue where communication was broken between the management plane and the dataplane when anti-spyware profiles were configured in a Security policy rule.

Fixed an issue where persistent DIPP NAT entries were deleted even when being used during an active session.

Fixed an issue where you were unable to clone a template stack with the Pre-Shared Key variable.

Fixed an issue where the firewall stopped responding when processing traffic.

Fixed an issue where excessive Timed out while getting config lock error messages were generated when making bulk changes via XML API.

Fixed an issue on Panorama where custom role-based admin users with read only access were able to make changes to configurations.

Fixed an issue where the firewall sent HIP notifications every time it received a HIP report instead of every two hours.

Fixed an issue on Panorama appliances in large-scale deployments where configd process core files consumed more space in the /opt/panlogs partition than was available.

Fixed an issue where network issues between the firewall and the log collector caused logrcvr process memory exhaustion.

Fixed an issue where XML API explorer inserted a plus (+) character in the Xpath when a space was used in the object name.

Fixed an issue where device telemetry failed after upgrading due to bundle generation failure.

Fixed an issue where the config process virtual memory was exceeded due to delays in post-commit processing.

Fixed an issue where the firewall decrypted traffic unexpectedly when the client hello was spread across multiple packets.

(PA-5450 firewalls only) Fixed an issue where the firewall dropped packets when attempting to reuse a TCP session.

Fixed an issue with corrupted images when SSL decryption and Security profiles were configured.

Fixed an issue where partial commit and commit-all operations took more time than expected to create the job ID.

Fixed an issue where traffic was denied by the interzone-default policy rule when a Security policy rule with an FQDN destination was configured.

Fixed an issue where the daily summary report displayed IPv6 addresses instead of IPv4 addresses.

Fixed an issue on the web interface where the following error message was incorrectly displayed for an IKE gateway with a valid configuration: ikev2->pq-ppk->negotiation-mode is invalid.

Fixed an issue where link flaps occurred on Panorama appliances in HA configurations.