Fixed an issue where, when the firewall received an unexpected termination request for SSL sessions, the dataplane experienced a slow buffer resource leak.

Fixed an issue on Panorama where the web interface performance was slower than usual when retrieving read-only configurations from Panorama.

Fixed an issue where a firewall was only able to display a maximum of 14 permitted IP addresses from a Panorama Template Variable.

Fixed an issue where large IPv6 packets were reassembled incorrectly on the firewall when the packets arrived fragmented over an IPv4 tunnel.

Fixed an issue where processes stopped responding when HTTPS Forward traffic was run.

Fixed an issue where, when Restrict Certificate Extensions was enabled on decryption profiles, the basic constraints extension was overwritten incorrectly.

Fixed an issue where the firewall removed the Authentication Key Identifier (AKID) from the certificate during SSL decryption, which caused Python 3.13 to fail with a certificate verification error.

Fixed an memory leak issue related to TLS inbound decryption.

Fixed an issue where a device group import resulted in a Security policy rule being created with Application set to none.

Fixed an issue where daily scheduled reports were not generated and emailed.

Fixed an issue where Panorama became unresponsive while performing a dynamic address update without a lock.

Fixed an issue where DNS Security intermittently logs malicious domain URLs as Alert instead of taking a Sinkhole action, even when configured to Sinkhole malicious DNS domains.

Fixed an issue where a DPC on slot 3 failed intermittently due to the pktlog_forwarding process restarting, which resulted in an unexpected HA failover.

Fixed an issue where Wildfire signature generation was enabled on all nodes in a cluster instead of only the active node.

Fixed an issue where SNMP scans to a firewall timed out after upgrading to a PAN-OS 10.2 release.

Fixed an issue where restarting the firewall did not initiate an autocommit job, which caused the firewall to stop responding and the HA interface to go down.

Fixed an issue where GlobalProtect clients experienced slow file transfer download throughput when passing through an IPSec tunnel.

Fixed an issue where the firewall generated BGP update packets larger than 1500 bytes when the interface MTU was 1500 bytes and jumbo frames were enabled globally.

Fixed an issue where informational logs caused the distributord process log file to be frequently overwritten.

Fixed an issue where session rematch caused ACE cloud application traffic to match the wrong policy.

(Firewalls in active/active HA configurations only) Fixed an issue with SSL inbound decryption on firewalls on a vwire setup with asymmetric routing.

To use this fix, enter the CLI command set system setting ssl-decrypt ha-vwire-mac-learn global yes on both firewalls in an HA pair.

Fixed an issue where Device Telemetry failed due to an issue with the encoding of characters in the log file path.

Fixed an issue where the all_pktproc process stopped responding, which caused internal path monitor failures.

Fixed an issue where Panorama did not check for a NULL pointer when querying logs, which caused logs to not display on the web interface.

Fixed an issue where the scheduled report generation script did not return debug information.

Fixed an issue where the wifclient stopped responding during server certificate verification for MICA gRPC connections and caused the dataplane to restart when using a cloud-based ML detection engine (MICA). On certain platforms, this caused the firewall to reboot periodically.

Fixed an issue where traffic was blocked by a URL filtering profile even though the Security policy rule did not have a URL filtering profile configured.

Fixed an issue related to external dynamic lists that caused commit times on the firewall to be higher than expected.

Fixed a CPS counter query issue that caused SNMP polling timeouts on the firewall.

Fixed an issue on firewalls in active/passive HA configurations where, after a failover, irrelevant routing FIB entries were seen in the routing table on the newly active firewall.

Fixed an issue where BFD sessions did not come up even when BGP peering was established.

Fixed an issue where the replay database size increased significantly due to local and special configurations not being purged after commits.

Fixed an issue on the Panorama web interface where you were unable to click OK after selecting an install package type and file from the dropdown and selecting a firewall.

Fixed an issue where the all_task process stopped responding, which caused the dataplane to go down.

Fixed an issue where the config lock icon was not visible for a custom role-based admin when a Superuser admin had acquired the config lock.

Fixed an issue where a selective push was blocked when a configuration load was done.

Fixed an issue where Preview Changes did not display configuration changes in Commit and push > Push Scope.

(PA-5400 Series firewalls only) Fixed an issue where the firewall sent correlated event logs to the syslog server using the management interface instead of the log interface.

Fixed an issue where multiple DNS responses with different CNAME values caused evasion false positive alerts.

Fixed an issue where the dataplane stopped responding and the firewall unexpectedly rebooted due to multiple process restarts.

(Panorama appliances only) Fixed an issue where the configd process experienced continuous high CPU utilization and repeatedly restarted.

Fixed an issue where application traffic transactions that reused TCP ports did not work with decryption.

Fixed an issue where the firewall was unable to decompress the HTTP2 header, which caused the session to be classified as unknown-tcp instead of web-browsing.

(PA-5410, PA-5420, PA-5430, PA-5440 and PA-5445 firewalls only) Fixed an issue related to the all_pktproc process where DPC slot 3 stopped responding.

Fixed an issue where Wildfire content installation failed for WF-500B clusters when deployed from Panorama using the deployment schedule.

Fixed an issue on the firewall where the dataplane restarted due to insufficient allocation of memory buffers.

Fixed an issue where a core file was created on the Log Forwarding Card due to a third-party software issue.

Fixed an issue where stale BGP routes were advertised to peers even when they were not present in the local RIB table.

Fixed an issue where the firewall became unresponsive when committing a configuration change with a large number of uncommitted changes in the replay database.

Fixed an issue where, when TLSv1.3 was used, an incorrect error message invalid padding was displayed instead of the expected error message Invalid server certificate.

Fixed an issue where the client IP address was incorrect in the authentication logs for Captive Portal authentication events when the client used IPv6.

Fixed an issue where the firewall rebooted when a QSFP28 cable was removed from the port while the port was passing traffic.

Fixed an issue on Panorama where local commits took longer than expected after an upgrade.

Fixed an issue where the firewall took an incorrect action for overlapping custom and edl-url-categories in a policy rule.

Fixed an issue on firewalls in active/active HA configurations where SYN+ACK packets of asymmetric TCP sessions were dropped because of a session synchronization issue.

Fixed an issue where the firewall dropped DHCPv6 relay packets if there were duplicate link-local addresses on different sub-interfaces.

Fixed an issue where sessions that were previously in sw-cut-through mode (software fast forwarding) and persisted after an HA failover were no longer subject to software fast forwarding, which led to increased dataplane CPU load after HA failover.