Fixed an issue where the MIB ID returned an incorrect value via SNMP.

Fixed an issue where the pan_comm process stopped responding due to insufficient time allocated to read file descriptors when processing long messages.

(Firewalls in active/passive HA configurations) Fixed an issue on firewalls where, after failover, certain subnets were missing from the Link State Database, which prevented OSPF routes from being immediately learned due to a Type-7 to Type-5 LSA translation conflict in the ABR when the same LSA was advertised by two peers in the NSSA area.

Fixed an issue where the firewall stopped all tasks due to an OOM condition caused by a scheduled log export using FTP to an external FTP server.

(CN-Series firewalls only) Fixed an issue where the firewall generated incomplete or corrupted tech support files (TSF) due to high disk usage on the management plane.

Fixed an issue on Panorama where a new virtual system (vsys) was automatically created with the name of a device group.

Fixed an issue where the comm process stopped responding due to missing heartbeats, which resulted in a system alert and HA communication loss on slot1.

(Panorama appliances only) Fixed an issue on the web interface where resetting the rule hit counter for multiple policy rules failed with the error message Failed to reset rule-hit job.

Fixed an issue where the error message Scan ERR: Internal Err 1002 was generated unexpectedly when WIF shared memory use was high.

Fixed an issue where the firewall double-freed shared memory when the shared memory usage reached 100% when sending large payloads. This occurred when DLP, Advanced Advanced Threat Protection (ATP), Advanced WildFire (AWF), or Advanced URL Filtering were enabled.

Fixed an issue where a simultaneous selective push from Panorama to multiple firewalls with different base configurations resulted in configuration corruption, which caused the firewall to go down.

Fixed an issue where clients did not receive a valid response when searching a website due to a compression error.

Fixed an issue where an OOM condition on the logrcvr process caused interface flapping, and the interface unexpectedly went down and then recovered without intervention.

Fixed an issue where firewalls that were connected to the same Cloud Identity Engine displayed inconsistent group membership information, with some firewalls showing only a subset of users belonging to a group.

Fixed an issue where the firewall dropped client hello packets when decryption was enabled, which prevented access to certain websites. This occurred when the client hello packet was truncated, the accumulation proxy assumed that the first packet contains at least 5 bytes, or out-of-order packets were waiting in L4 TCP.

Fixed an issue where TLS connections failed to establish in asymmetric routing environments if the firewall did not see server-to-client (s2c) packets of the TLS handshake.

To use this fix, run the following CLI command: debug dataplane set ssl-decrypt accumulate-client-hello asym-disable yes.

Fixed an issue where IPv6 BGP peering established between virtual routers even without dataplane connectivity. This occurred because the firewall used the kernel for lookups instead of the dataplane.

Fixed an issue where Panorama did not display license information for Cloud NGFW firewalls under (Device Deployment > Licenses) due to the inability to perform batch-license refreshes.

Fixed an issue where WildFire reports were not fully displayed and were not downloadable due to static resources not being found.

Fixed an issue where the Panorama web interface was slower than expected due to high CPU utilization on the mongodb process.

Fixed an issue where the firewall management plane could not display BGP peer details when using the CLI command show advanced-routing bgp peer detail logical-router <LR>. This was due to the bgp_frr.py script failing to parse the IPv6 address family section of the show ip bgp neighbors json output.

Fixed an issue where the configd process stopped responding during certificate verification.

Fixed an issue on the firewall web interface where the Next Hop value was not displayed in the static route configuration, the admin-dist values were empty, and the path-monitor parameters were not listed in the management server web interface when the firewall was configured in FRR mode.

Fixed an issue where the debug log receiver statistics CLI command did not display entries for hipmatch logs.