(VM-Series firewalls on Amazon Web Services (AWS) environments only) Fixed an issue where a newly bootstrapped firewall required a management server restart, relicensing, or license push from Panorama to invoke the device certificate.

Fixed an issue where traffic was disrupted during IPSec rekey operations due to a 2 second delay in sending the DELETE message for the previous Security Association (SA) to the peer gateway after a new SA was negotiated.

(PA-1400 Series firewalls in HA configurations only) Fixed an issue where a split-brain condition occurred and HA1/HA2 links went down while upgrading when the HA configuration used dataplane interfaces for HA1 and a combination of HSCI and Ethernet interfaces for HA2.

Fixed an issue where the firewalls restarted due to a function lacking a NULL-pointer sanity check.

(Panorama appliances and Log Collectors only) Fixed an issue where logs from multiple devices were not visible on Panorama even though the Elasticsearch health status on the dedicated Log Collectors appeared green.

Fixed an issue where management plane system resources configuration size exceeded 28 MB for over 4 hours, and the following error message was displayed: Configuration size reaching device capacity limit.

(Panorama appliances only) Fixed an issue where traffic log queries using the device_name filter returned no results, and complex log queries that included negation operators produced incorrect outputs.

Fixed an issue where the Elasticsearch Close Indices process closed more indices than expected and dropped the number of open shards below the minimum of 800 per Elasticsearch instance. This occurred because the process did not correctly account for the number of Elasticsearch instances when calculating the maximum number of allowed open shards.

(Panorama managed firewalls only) Fixed an issue where the firewall intermittently failed to maintain active log forwarding streams to Cortex Data Lake even when duplicate logging and enhanced application logging were enabled.

Fixed an issue where the Cloud User-ID connection timed out because the firewall took too long to process the OCSP response.

Fixed an issue where OSCP HTTP POST requests were not formatted correctly, which caused failures with strict responders.

Optimized the commit workflow to reduce the size of the effective configuration, resulting in lower memory consumption.

Fixed an issue where the firewall rebooted due to the useridd process repeatedly restarting during an IP-port data type writes to the redis from multiple sources such as TSA or XML in a scale environment.

(Firewalls in active/active HA configurations only) Added a log enhancement to capture an issue where, when a commit operation was in progress, newly deployed IP address tags that used the XML API were not immediately reflected in address group resolution, which delayed IP address mapping to address groups and caused traffic to be incorrectly allowed or denied.

Fixed an issue where the devsrvr process periodically exceeded its virtual memory limit and restarted, which led to intermittent outages.

Fixed an issue on Panorama where the configd process stopped responding when filtering in the Config Audit window, which caused Panorama to restart unexpectedly.

Fixed an issue on the web interface where the address object pop up window only displayed a maximum of four address objects in the policy rule even after expanding the window.

(PA-7000 Series firewalls only) Fixed an issue where an incorrect ASIC configuration caused silent packet drops or application slowness when receiving a mix of jumbo and non-jumbo packets.