Fixed an issue where GlobalProtect tunnels disconnected shortly after being established when SSL was used as the transfer protocol.

Fixed an issue where, when TLSv1.3 was used, an incorrect error message invalid padding was displayed instead of the expected error message Invalid server certificate.

Fixed an issue on firewalls in HA configurations where VXLAN sessions were allocated, but not installed or freed, which resulted in a constant high session table usage that was not synced between the firewalls. This resulted in a session count mismatch.

Fixed an issue where fan speed increased significantly after upgrading the firewall.

Fixed an issue where configuration changes made in Panorama and pushed to the firewall were not reflected on the firewall.

Fixed an issue where commits did not complete and remained in a pending state due to a race condition. With this fix, the commit will fail after 60 seconds and not remain in a pending state.

(VM-Series firewalls in FIPS-CC mode only) Fixed an issue where upgrading Panorama caused all locally created Security policy rule actions to Deny.

Fixed an issue where the /opt/panlogs partition reached capacity due to the logdb-quota for the User-ID log folder not being matched.

Fixed an issue where tabs in the ACC such as Network Activity Threat Activity and Blocked Activity did not display data when you applied a Time filter of Last 15 Minutes, Last Hour, Last 6 Hours, or Last 12 Hours, and the data that was displayed with the Last 24 Hours filter was not accurate. Reports that were run against summary logs also did not display accurate results.

Fixed an issue where critical disk usage for /opt/pancfg increased continuously and the system logs displayed the following message: Disk usage for /opt/pancfg exceeds limit, <value> percent in use.

Fixed an issue where an Advanced Routing BGP session flapped with commits when BGP peer authentication was enabled.

Fixed an issue on the web interface where device groups with a large number of managed firewalls displayed the Policy page more slowly than expected.

Fixed an issue on Panorama where configuration lock timeout errors were observed during normal operational commands by increasing thread stack size on Panorama.

Fixed an issue where the Elasticsearch cluster health status displayed as yellow or red due to Elasticsearch SSH tunnel flaps.

Fixed an issue where the management server restarted due to the virtual memory exceeding the limit.

Fixed an issue where selective pushes on Panorama removed a previously pushed configuration from the firewalls.

Fixed an issue where the GlobalProtect app was unable to connect to a portal or gateway and GlobalProtect Clientless VPN users were unable to access applications if authentication took more than 20 seconds.

Fixed an issue on the firewall where, when Advanced Routing was enabled, PIM join messages were not sent to the RN due to a missing OIF.

Fixed an issue where selective pushes failed with the error message Failed to generate selective push configuration. Unable to retrieve last in-sync configuration for the device, either a push was never done or version is too old. Please try a full push.

(VM-Series firewalls only) Fixed an issue where large packets were dropped from the dataplane to the management plane, which caused OSPF neighborship to fail.

Fixed an issue on the firewall where scheduled Antivirus updates failed when external dynamic lists were configured on the firewall.

Fixed an issue where the reportd process stopped responding after querying logs or generating ACC reports with some filters.