(PA-7500 Series, PA-5410, PA-5420, PA-5430, PA-5440, PA-5445, PA-3400 Series, PA-1400 Series, PA-400 Series, VM-Series, and CN-Series firewalls only) Fixed a race condition issue related to predict processing, which resulted in a dataplane restart and traffic loss.

Fixed an issue where, when ACE was enabled, traffic from cloud applications randomly matched an incorrect cloud-apps policy rule.

Fixed an issue where the option to sort sequence numbers was missing from Filters prefix list in the advanced routing filters.

Fixed an issue where the all_task process stopped responding, which caused the firewall to reboot unexpectedly, and traffic failures occurred.

Fixed an issue where retrieving filenames from OneDrive resulted in a cache miss.

Fixed an issue where mTLS decryption bypass did not work when the decryption profile was configured with the maximum TLS version as TLS 1.3.

Fixed an issue where, after an upgrade, the SNMP polled values for IF-MIB::ifInErrors displayed a high number of errors that did not match the values in the CLI show interface command.

(PA-3400 Series firewalls only) Fixed an issue where the firewall unexpectedly rebooted and entered maintenance mode due to a ctd-agent out-of-memory (OOM) condition. This occurred during advanced services load testing and a high volume of IoT EAL log forwarding.

Fixed an issue where selective pushes to managed devices failed when the User ID Master Device was configured.

Fixed an issue where custom reports showed incomplete data when exported in CSV format from Panorama.

Fixed an issue where firewalls became unstable and stopped responding, which resulted in an OOM condition.

Fixed an issue where the firewall removed the TCP timestamp from client hello messages that did not fit in a single packet, which resulted in connection issues.

Fixed an issue where the web interface did not display a message to commit prior changes before attempting a partial configuration load.

Fixed an issue where the popup window did not appear as expected for Clientless VPN users.

(M-600 appliances only) Fixed an issue where Panorama did not update all panreplay database entries after performing a commit and full push to all devices.

Fixed an issue where the CLI did not display a message to commit prior changes before loading a partial configuration.

Fixed an issue where the configuration audit displayed inaccurate information after partially loading the configuration via the CLI, which caused the audit to flag the configuration as deleted or changed.

Fixed an issue that caused the request system private-data-reset CLI command to fail.

Fixed an issue where deleting the NTP server address caused a commit validation error. This occurred when the configuration included both primary and secondary NTP servers and the secondary server was removed.

Fixed an issue where the firewall generated the following error message in the snmpd logs: pan_get_keystr_from_cryptod

(pan_snmpinterface.c:181): Key X2F1dGhfa2V5 import from cryptod failed.

Fixed an issue where the firewall was unable to decrypt SSL traffic when using forward proxy and HSM with an ECDSA signing certificate.

Fixed an issue where the all_task process stopped responding with a SIGABRT.

Fixed a memory leak issue related to the configd process that occurred when running consecutive commits for multiple days.

Fixed an issue where the firewall failed to forward logs to a SNMP trap server if the SNMP manager IP address was unable to be resolved.

Fixed an issue where the Panorama management server changed its certificate authority (CA) unexpectedly, which caused managed firewalls to disconnect.

Fixed an issue where commits to service connection firewalls from Panorama failed.

Fixed an issue where the firewall stopped responding when receiving a high number of logs.

Fixed an issue where PDF summary and email reports displayed IPv6 addresses instead of IPv4 addresses.

Fixed an issue on the web interface where, when all rules were highlighted when a read-only admin user clicked the Highlight Unused Rules checkbox.

Fixed an issue where the Priority Code Point (PCP) bits in the VLAN header were not reset to 0 when a packet was received from one Layer 3 tagged interface and forwarded to another, which resulted in dropped packets. To use this fix, run the CLI command set force-vlan-pcp-reset yes and reboot the firewall.

Fixed an issue where the IP address-to-user mapping timeout was triggered and the Inactivity TTL was refreshed unexpectedly

Fixed an issue on Panorama where, after you enabled multihop in a BFD profile, you were unable to disable it via the web interface.

(PA-7080 appliances with LPCs only) Fixed an issue where syslog forwarding over TCP stopped after upgrading.

Fixed an issue where AAAA DNS queries went out even when IPv6 firewalling was disabled.

Fixed an issue where traffic to websites failed on the Google Chrome web browser on Secure Web Gateway (SWG) nodes.

Fixed an issue where the show auth radius-require-msg-authentic command CLI displayed no output.

Fixed an issue where secondary IP addresses with a /32 prefix configured on Layer 3 interfaces were not reachable in FRR mode.

Fixed an issue where CSV or PDF exports of zones did not contain all zones.

(VM-Series firewalls on Amazon Web Services (AWS) environments only) Fixed an issue where a newly bootstrapped firewall required a management server restart, relicensing, or license push from Panorama to invoke the device certificate.

Fixed an issue where the firewall was unable to match HIP data with the correct anti-malware object for Windows Defender.

Fixed an issue where, when QoS was enabled on aggregate interfaces, the maximum aggregate interface throughput was capped, which limited network traffic. This occurred even with default QoS settings and no configured egress max-bandwidth.

(PA-5450 firewalls only) Fixed an issue where the class of service (CoS) priority bit was not modified, causing access points to lose connectivity to the wireless controller when traffic was routed through the firewall.

Fixed an issue where the SNMP get request status value for Panorama connections was incorrect.

Fixed an issue where you were unable to create duplicate entries in Advanced Routing AS path prepend in the BGP filter route map.

Fixed an issue where CIE validation checks on the firewall prevented configuration pushes from Panorama, which resulted in commit failures during new firewall deployment. This occurred when a template with an Authentication Profile with the Authentication Type as Cloud Authentication Service was pushed to a newly deployed firewall without internet access or without a device certificate.

(M-600 appliances only) Fixed an issue where the reportd process stopped responding.

Fixed an issue where TLS 1.3 connections failed if the server sent a certificate request after sending its certificate.

Fixed an issue where unknown TCP traffic caused errors and high shared memory usage.