(VM-Series firewalls on Amazon Web Services (AWS) environments only) Fixed an issue where a newly bootstrapped firewall required a management server restart, relicensing, or license push from Panorama to invoke the device certificate.

Fixed an issue where the firewalls restarted due to a function lacking a NULL-pointer sanity check.

(Panorama managed firewalls only) Fixed an issue where the firewall intermittently failed to maintain active log forwarding streams to Strata Logging Service (SLS) even when duplicate logging and enhanced application logging were enabled.

Fixed an issue where Panorama incorrectly generated system logs indicating a lost connection to its peer after an upgrade even when High Availability was not configured.

Fixed an issue where BGP peering sessions between a hub firewall and a satellite firewall over GlobalProtect LSVPN failed to connect.

Fixed an issue where commits caused high dataplane CPU utilization and briefly increased Packet Descriptors, which disrupted traffic.

Fixed an issue on Panorama where, after you disabled the shared optimization feature, a full configuration push to multi-vsys devices caused a validation error.

Fixed an issue on Panorama where a memory leak occurred related to the reportd process due to retaining memory that was temporarily used for report generation instead of releasing the memory for reuse, which resulted in continuous accumulation and memory exhaustion.

Fixed an issue where Panorama failed to perform a selective push to a managed device when device tags were added or modified on the policy rules. The selective push would fail with the error message Failed to generate selective push configuration. Schema validation failed. Please try a full push.

Fixed an issue where the firewall became unresponsive after an upgrade due to the fsck command scanning drive partitions in parallel with the root partition, which caused the process to take an extended amount of time.

Fixed an issue on the firewall where the useridd process continuously increased its memory consumption, which resulted in an OOM condition that caused the firewall to restart.

Fixed an issue where the devsrvr process periodically exceeded its virtual memory limit and restarted, which led to intermittent outages.

Fixed an issue where, after a web server returned a 401 or 403 error, the firewall was unable to decrypt HTTP/2 traffic, and the firewall rejected all subsequent streams from the client.

Fixed an issue where a memory leak occurred on the reportd process when a WildFire update was initiated while device telemetry data collection was in progress. This resulted in an OOM condition.

Fixed a cumulative memory leak in the devsrvr process that occurred whenever the CLI command show running application statistics was issued. This memory leak would gradually consume system memory and produce an OOM condition, causing the firewall to reboot.

Fixed an issue in Prisma Access environments where the firewall matched a HIP object but not on the HIP profile that contained the object.

(VM-Series firewalls with multiple NICs only) Fixed an issue were the queue count in the task dump displayed an incorrect number of queues for SR-IOV interfaces due to the queue mapping logic incorrectly using a non-multi-NIC function.

(VM-Series firewalls only) Fixed an issue where the task-queue dump CLI command returned incorrect information in multi-nic mode.

Fixed an issue where traffic was dropped when Data Loss Prevention or Advanced URL Filtering were enabled. This occurred when the payload size was greater than 3.5 KB.

Fixed an issue where a single PIM neighbor was sending 0.0.0.0 as its address, which occurred because an improvement in PIM neighbor address selection did not correctly account for configurations with a single IP address.

Fixed an issue where high SSL traffic depleted flex memory, which prevented the firewall from revalidating SSLVPN client CAs during configuration pushes.

Fixed an issue where the firewall displayed the current time as the expiration date for an imported certificate in the CLI output instead of the correct expiry time due to an improper use of an OpenSSL library function.

Fixed an issue where a satellite tunnel was not established after turning on satellite firewalls.