Fixed an issue where attempting to generate reports in a WildFire FIPS Private Cloud or WF-500 deployment returned 401 errors.

Fixed an issue where a 404 error occurred when attempting to download a sample file.

Fixed an issue where the logrcvr process stopped responding due to memory allocation errors during Redis communication.

Fixed an issue where certificate data was missing in decryption logs for No decrypt policy rules and TLS1.2 traffic after upgrading, and the Subject Common Name, Issuer Common Name, Certificate Start Date, Certificate End Date, Certificate Serial Number, and Certificate Fingerprint fields were blank in the decryption logs.

Fixed an issue where polling failed for ethernet interfaces due to the physical port counters read from the MAC being 0.

Fixed an issue where the mprelay process repeatedly restarted.

Fixed an issue where the hybrid-SWG service proxy stopped working after upgrading to PAN-OS 11.1.6-h13 due to the firewall failing to establish the listening interface.

Fixed an issue where the firewall stopped all tasks due to an OOM condition caused by a scheduled log export using FTP to an external FTP server.

Fixed an issue where, after upgrading the firewall having an IKE gateway that uses an aggregate ethernet interface in DHCP client mode, the IPSec tunnels went down with the error failed to find a socket for retransmission.

(Panorama virtual appliances in FIPS mode only) Fixed an issue where plugin installs failed with the error invalid image after manually uploading the plugin package from the Customer Support Portal (CSP).

Fixed an issue on the firewall where the source and destination NAT IP addresses did not display in traffic and threat logs.

Fixed an issue where the system logs repeatedly displayed the alert Clearing snmpd.log due to log overflow due to the SNMP counters rolling over.

Fixed an issue where the Advanced Routing Engine stopped responding when a route-map was configured to match on a metric with a value of 0.

(VM-Series firewalls on Amazon Web Services (AWS) only) Fixed an issue where the firewall frequently rebooted.

(Firewalls in active/passive HA configurations only) Fixed an issue where, when the passive firewall was down and the idmr process was reset, the firewall generated the system log User-ID manager was reset. Commit is not required to reinitialize User-ID, even though the idmr process restart was not successful.

( VM-Series firewalls on Amazon Web Services (AWS) envirobments only) Fixed an issue where newly deployed firewalls were unable to connect to the Palo Alto Networks Software License Server (SLS) until after a reboot, license fetch, or management server restart.

Fixed an issue where the custom completer for device groups and templates received the device group name and template name from the running configuration instead of the candidate configuration.

Fixed an issue on the Panorama web interface where you were unable to override the primary or secondary DNS server address in the template stack.

Fixed an issue where the firewall rebooted unexpectedly due to a pan_task process restart related to page allocation failures.

Fixed an issue on Panorama where a memory leak associated with the configd process occurred during commits, which caused the configd process to restart and the commit to fail.

Fixed an issue where a PA-VM-Flex firewall in an air-gapped environment failed to install the license when bootstrapping after a factory reset when the ISO image contained a PAN-OS image.

(Firewalls with multi-vsys enabled only) Fixed an issue where an XML API call to get the running Security policy rules returned only the first Security policy rules.

Fixed an issue the firewall experienced packet descriptor on chip and buffer spikes, which led to dropped traffic due to an unidentified traffic pattern.

Fixed an issue where commits failed due to the configured connected gateway IPv6 address in the NAT64 policy exceeding the 31 character limit.

(Firewalls on Microsoft Azure environments only) Fixed an issue where management plane CPU usage was unexpectedly high for netsec firewall.

Fixed an issue where SNMP walks returned a value of 0 for the CPS (Connections Per Second) per vsys on firewalls after upgrading to PAN-OS 11.1.6-h3, even when active connections were present.

(Panorama virtual appliances only) Fixed an issue on the web interface where you were unable to export the Threat Map.

Fixed an issue where Panorama in FIPS-CC mode failed to push IKEv2 Post-Quantum Pre-Shared Key (PQ PPK) configurations to firewalls that were not in FIPS-CC mode.

Fixed an issue where Log Quotas incorrectly displayed a value that was higher than possible.

Fixed an issue on the Panorama web interface where you were unable to push shared objects to devices if an HA failover occurred during a configuration push.

Added the CLI command set system setting ctd h323_rtp_predict timeout to increase the maximum timeout limit from 3600 seconds to 65535 seconds.

Fixed an issue where, when multiple scheduled vulnerability reports were were sent in the same email, only the first attached report was displayed.

Fixed an issue where the useridd process became unresponsive, which caused User ID CLI commands to time out.

Fixed an issue where BGP learned routes were not advertised when Legacy Routing was used and an export policy rule was configured to match the next hop of the learned route.

Fixed an issue on Panorama where the configd process stopped responding when filtering in the Config Audit window, which caused Panorama to restart unexpectedly.

Fixed an issue where a memory leak occurred related to the configd process when pushing configurations from Panorama to a firewall. This occurred when the configurations contained shared policy rules.

Fixed an issue where IPv6 URLs were incorrectly categorized as private-ip-addresses even if the URL had a valid category. This occurred because the firewall did not check for IPv6 addresses when determining if an IP address was private.

Fixed an issue where, when SSL decryption was enabled, traffic matching a deny rule was incorrectly allowed until the SSL handshake was complete.

(Panorama virtual appliances only) Fixed an issue where Panorama failed to mount logging disks larger than 2TB due to a partitioning error.

Fixed an issue on Panorama where a selective push of policy rule changes to a firewall caused the firewall to lose its Security policy rules.

Fixed an issue on the firewall where AIPOs and ADEM licenses failed when SD-WAN or GlobalProtect licenses were not present.

(PA-5400f firewalls only) Fixed an issue where SD-WAN SaaS monitoring did not work with URL monitoring.

(Prisma Access only) Fixed an issue where persistent commit failures occurred due to a missing transformation script when downgrading from PAN-OS 10.2.0 to PAN-OS 10.1.0.

Fixed an issue related to external URL lists where pushing configuration changes from Panorama failed.

Fixed an issue on Panorama where the web interface became unresponsive when attempting to edit the Allow traffic to specified FQDN when Enforce GlobalProtect Connection for Network Access setting in a GlobalProtect portal configuration after adding 40 or more FQDN entries.

Fixed an issue where, when the Advanced Routing Engine was enabled, PIM (Protocol Independent Multicast) neighborship was not established concurrently on multiple interfaces.

Fixed an issue where, when redistributing User-ID information between firewalls, the receiving firewall incorrectly received and stored duplicate Host Information Profile (HIP) profiles. This occurred when a GlobalProtect gateway redistributed User-ID and HIP information through an intermediate firewall.

(VM-Series firewalls only) Added the CLI command no-refresh-discard-session to address an issue where the discarded session time to live (TTL) did not refresh at the default value.

Fixed an issue where External Dynamic List (EDL) entries for predefined lists were not visible in Panorama when logged in with a SuperUser Read-Only role.

(PA-7500 firewalls only) Fixed an issue where SNMP polling failed due to the snmpd process becoming unresponsive to incoming requests, which resulted in high CPU usage.

Fixed an issue on the Panorama web interface where a template name or device group name displayed invalid text.

Fixed an issue where internet access through Secure Web Gateway (SWG) proxy nodes did not work when the default internet access policy rule source user was not known-user.

Fixed an issue on Panorama where a new virtual system (vsys) was automatically created with the name of a device group.

(Firewalls in HA active/passive configurations only) Fixed an issue where the firewalls experienced high dataplane CPU use when NAT64 was enabled. This occurred due to NAT64 traffic not being offloaded and unnecessary HA session updates being sent for every NAT64 packet.

Fixed an issue where the Panorama web interface was slower than expected during configuration operations and a configuration lock time out occurred during a commit.

Fixed an issue on Panorama where, after logging in to the web interface as the ZTP installer administrator, the web interface was blank.

Fixed an issue where the logrcvr process stopped responding due to an invalid SSL context being used for socket communication, which caused commits to fail.

(Firewalls in multi-vsys configurations only) Fixed an issue where HTTP/2 traffic failed due when one virtual system (vsys) had a decryption policy rule enabled and another vsys had a no-decrypt policy rule for the same session.

Fixed an issue where the firewall incorrectly allowed traffic for certain applications when no decryption policy rule was configured.

Fixed an issue where the useridd process stopped responding due to a Security policy rule ID being set to 0, which caused the last configuration retrieval to fail.

Fixed an issue where importing a device configuration into Panorama failed with a validation error if the configuration included a shared gateway with shared address objects.

Fixed an issue where the firewall attempted to connect to wildfire.paloaltonetworks.com when a user downloaded a WildFire PDF report from the CSP/WF portal even if the user was not behind the firewall.

Fixed an issue where the firewall failed to forward critical system logs to Strata Logging Service due to a reboot.

Fixed an issue where, when Advanced Routing Engine was enabled firewalls configured with multiple logical routers, static routes were preferred over eBGP routes even though the static routes had a higher administrative distance.

Fixed an issue on Panorama where commit jobs were not queued and the system reported that the useridd was not connected.

(M-600 Panorama appliances in Log Collector mode in a Log Collector group only) Fixed an issue where the reportd and logd processes stopped responding, which resulted in the Panorama server not receiving logs from firewalls configured under the Log Collector group.

(VM-Series firewalls only) Fixed an issue where the firewall became inaccessible via the web interface and SSH and remained in an initializing state.

Fixed an issue where the debug dataplane sync ippool CLI command output incorrectly included reserved ports.

(Firewalls in HA configurations only) Fixed an issue where on the firewall where the routed process stopped responding after changing the MTU or any link state parameters when OSPF and PIM were enabled on the same interface.

Fixed an issue where a directly connected interface or aggregate interface did not appear in the routing table, which caused ping failures to the directly connected interface.

(VM-Series firewalls only) Fixed an issue where the maximum registered IP address for was incorrectly set to 100,000 instead of the expected 500,000.

Fixed an issue where the comm process stopped responding due to missing heartbeats, which resulted in a system alert and HA communication loss on slot1.

(Panorama appliances only) Fixed an issue on the web interface where resetting the rule hit counter for multiple policy rules failed with the error message Failed to reset rule-hit job.

Fixed an issue where SAML authentication failed, which caused the GlobalProtect client to repeatedly attempted to reconnect.

Fixed an issue where the error message Scan ERR: Internal Err 1002 was generated unexpectedly when WIF shared memory use was high.

Fixed an issue where the firewall failed to connect to the Palo Alto Networks update server when using a customized service route with the source interface as MGT.

Added debug logs for an issue where a slow IP address pool NAT leak occurred when persistent NAT was enabled, which led to NAT IP pool exhaustion.

Fixed an issue where, after upgrading, the firewall incorrectly calculated the UDP checksum for RTP traffic after NAT and Security policy application, which led to dropped packets and silent calls in applications.

Fixed an issue on Panorama where commits took longer than expected.

Fixed an issue on the web interface where the address object pop up window only displayed a maximum of four address objects in the policy rule even after expanding the window.

Fixed an issue on the firewall where the QSFP-40G-SR-BD transceiver was incorrectly flagged as an unsupported SFP.

Fixed an issue where Security policy rules that had the same parameters were not detected as shadow rules on commit.

Fixed an issue where content loading issues occurred on IPv6 websites due to the firewall incorrectly setting the IPv6 header flow label to 0.

(CN-Series firewalls only) Fixed an issue where the firewall generated critical system log alerts every 3 minutes.

Fixed an issue with firewalls in active/passive HA configurations where an OOM condition occurred and caused a failover due to a memory leak associated with the logrcvr process.

Fixed an issue on the firewall were fan alarms were incorrectly generated constantly.

Fixed an issue on the firewall where the show advanced-routing bgp loc-rib-detail CLI command incorrectly displayed no BGP route when multiple BGP peers were enabled. With this fix, the CLI command requires a peer name to be specified to display local RIB details.

Fixed an issue on the Panorama web interface where assigning a policy rule to a group at the top or bottom of the list changed the order of other policy rules.

Fixed an issue where BGP export policy rules with next-hop matching failed to block the advertisement of static routes, and the firewall incorrectly matched the egress interface IP address instead of the original next-hop IP address of the static route, which caused the deny rule to fail.

Fixed an issue where, when an application stopped responding, a large file was created in the /opt/panlogs directory, which caused the partition to fill up.

Fixed an issue where a large number of logs caused the logrcvr process to stop responding.

Fixed an issue where syslog forwarding in PAN-OS 11.1 and later releases did not support service routes when performing certificate validation over TLS.

Fixed an issue where user-to-IP address mappings were not available on the dataplane for User-ID, which prevented the enforcement of user-based Security policy rules. This was due to the firewall not validating the timestamp of mappings received from certain User Identification Agent (UIA) agents before adding them to the dataplane.

Fixed an issue where the device-group-tags CLI command used an unnecessary configuration read lock.

(VM-Series firewalls only AWS environments only) Fixed an issue where the firewall did not send ICMP unreachable - Fragmentation Needed message when it received packets larger than the MTU.

Fixed an issue where closing an SSH session to a Panorama using Ctrl+D did not generate a log message in the system logs, and the session remained in an idle state for 60 minutes before being automatically terminated.

(Panorama virtual appliances in HA configurations on Microsoft Azure environments only) Fixed an issue where plugin versions displayed when hovering over the Green Match icon were inconsistent even though the web interface reported the versions as matching.

(PA-5450 firewalls only) Added uplink counters to enhance debug capability for traffic drops.

(Panorama appliances only) Fixed an issue where the Require SSL/TLS secured connection in the LDAP profile within the template stack did not take effect after overriding the configuration. This occurred even when the setting was enabled multiple times.

(PA-5410 and PA-5430 firewalls only) Fixed an issue where SFP28 25G ports using S28-25G-LR transceivers did not come up after an upgrade when Forward Error Connection (FEC) was disabled on the ports.

Fixed an issue where the all_pktproc process restarted, which caused heartbeat failures to occur and a slot to go down due to path monitor failure.

Fixed an issue where a multi-vsys firewall was unable to retrieve address groups and address objects pushed from Panorama as shared objects when using the REST API.

Fixed an issue on Panorama where logs were not forwarded to syslog servers due to missing CLI options to configure the syslog queue size and threads.

Fixed an issue where the option to sort sequence numbers was missing from Filters prefix list in the advanced routing filters.

Fixed an issue where, after an upgrade, the firewall was unable to be managed via HTTPS or SSH.

Fixed an issue where, when getting transceiver information from ESCC for SFP 25G modules, the transceiver code was incorrectly updated with Unknown instead of 25GBase-SR.

Fixed an issue on firewalls running PAN-OS 11.1 releases where, after being offboarded from Panorama, the firewall XML configuration file retained template information from the previous Panorama configuration. As a result, when the firewall and its configuration were imported to another Panorama appliance, all configurations in the Network and Device tab became read-only.

Fixed an issue where a simultaneous selective push from Panorama to multiple firewalls with different base configurations resulted in configuration corruption, which caused the firewall to go down.

(Firewalls in HA configurations only) Fixed an issue where, after a failover, an SSH decryption caused a mismatch in the host key, which resulted in a warning message. This issue occurred because the SSH tunnel keys were not synchronized between the active and passive firewalls.

Fixed an issue where the firewall stopped processing traffic.

Fixed an issue where the XML API returned an error when attempting to view debug log receiver statistics.

Fixed an issue on Panorama where Policy recommendation displayed Unable to read data for certain profiles due to a large response size.

Fixed an issue where a tool was needed to display leaked NAT port numbers without requiring a forced synchronization.

Fixed an issue where the configd process stopped responding during a selective push after a move and rename operation when the configuration was performed via the CLI.

Fixed an issue where firewalls entered a boot loop after receiving a HSM configuration template push from Panorama.

Fixed an issue where the configd process restarted and generated a core file during an HA sync commit job. This occurred when the firewall was in the HA passive state.

Fixed an issue where, when the firewall acted as an IKEv2 responder with fragmentation enabled, the firewall did not send the Notify message type 16430 “IKEV2_FRAGMENTATION_SUPPORTED” in the IKE_SA_INIT exchange. This prevented the remote peer from fragmenting subsequent IKEv2 messages.

Fixed an issue where the Panorama web interface did not display a warning message when a collector group was configured with a 2 node cluster.

Fixed an issue where a selective push from Panorama caused the firewall Security policy rules to be removed on firewalls associated with the device group. This occurred when the base configuration version chosen for the selective push preceded the device config import operation, which caused the imported configuration to not be included in the pushed configuration.

Fixed an issue on Panorama where tags were not automatically populated in the Security policy rule when searching by name in the tag field.

Fixed an issue where the firewall became unresponsive when the show user user-ids user all CLI command was executed repeatedly on large scale LDAP group mappings, and you were unable to connect to the gateways with the error message The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect.

Fixed an issue where commits remained at 98% completion when static route configuration cleanup was in progress.

Fixed an issue where the Panorama web interface displayed No Data when viewing configuration logs to see changes before and after a configuration change.

(Firewalls in active/passive HA configurations only) Fixed an issue where commits failed due the useridd process restarting.

Fixed an issue where the LFC failed to validate Certificate Revocation Lists (CRL) for SSL syslog connections, which caused a failure to forward logs to external syslog servers.

(PA-5220 firewalls only) Fixed an issue where custom reports were delayed when sent via email instead of being sent at the scheduled time.

Fixed an issue where a PBF (Policy Based Forwarding) policy rule using an AE (Aggregate Ethernet) interface configured with DHCP as the egress interface incorrectly transitioned to an active state after a commit operation, even when the DHCP lease had expired and the interface had no assigned IP address.

Fixed an issue where, when a firewall had more than 4,400 logical interfaces, commits failed with the error message Error pre-installing config failed to handle CONFIG_COMMIT.

Fixed an issue where, after upgrading the firewall, GlobalProtect connections failed with the error message Network Connection is unreachable.

Fixed an issue where committing a custom report in Panorama incorrectly generated a pending push to devices.

Fixed an issue on Palo Alto Networks firewalls running PAN-OS 11.1.6 where the CLI command traceroute ipv4 yes host <host> failed with a missing argument error message.

(VM-Series firewalls with Advanced Routing Engine enabled only) Fixed an issue where the frr_ns2_bgpd process repeatedly restarted after committing a configuration that included the same route-map in both the exist and non-exist clauses of a conditional advertisement or when the same route-map was used in both the Advertise-out and conditional exist out map configurations.

Fixed an issue where QoS throughput limits were not enforced correctly on aggregate ethernet interfaces. As a result, when QoS was enabled on aggregate interfaces, the subnet index was not handled correctly, which caused traffic shaping to be misdirected.

Fixed an issue where GlobalProtect (GP) portal authentication for satellites using RADIUS authentication failed due to the authentication timeout value being set to 0.

Fixed an issue where, after an upgrade, the total number of logout records in the HIP database incorrectly displayed as zero.

Fixed an issue where clients did not receive a valid response when searching a website due to a compression error.

Fixed an issue where the firewall became non-functional due to high root partition use.

Fixed an issue where the configd process stopped responding due to a circular reference between address groups.

(Panorama appliances only) Fixed an issue where the configd process intermittently restarted, which caused Panorama to be temporarily unavailable.

Fixed an issue where DNS Security Category exceptions created with DNS category UTID were not ignored.

Fixed an issue where HTTP/2 child streams were blocked by strict-ip-check zone protection when traffic passed through a transparent proxy.

Fixed an issue on the web interface where the IP Tag Quota(%) value displayed as 2 even when changed.

Fixed an issue where iPerf file transfers between a client and server were slower than expected when the firewall was involved in the traffic flow due to cfg.uplink-buffer-resize not being enabled by default.

Fixed an issue where the GlobalProtect gateway firewall intermittently failed to assign an IP address to GlobalProtect clients from the DHCP server, even after successfully receiving a DHCP offer. This occurred when the DHCP retry and timeout settings were overwritten due to parsing results being stored in the same variable, which caused the last gateway configuration to take effect.

Fixed an issue where a failover event caused packet loss due to a delay in the child error indication.

Fixed an issue where commits failed when a certificate with a cryptographic setting of RSA 4096 was used in the Syslog Service Profile due to the firewall being unable to decrypt the private key due to an incorrectly hardcoded private key length.

Fixed an issue where the SAML single log out (SLO) URL was not correctly displayed in the web interface after it was changed in the SAML profile.

Fixed an issue where threat logs displayed logs from the N/A threat category when a random string was used for the category-of-threatid filter in threat logs.

Fixed an issue where a software download job reported a completion timestamp that occurred before the software loading process was finished.

Fixed an issue where the OSPFv3 area nssa default-information-originate CLI command was not applied due to a configuration error in the backend advanced-routing stack.

Fixed an issue where configuring an HTTP profile to send Webhook alerts to Microsoft Teams failed with a 400 Bad request error when clicking Send Test Log.

Fixed an issue related to syslog forwarding that caused the logrcvr process stopped responding.

Fixed an issue where the Panorama web interface was slower than expected after a period of inactivity due to the Panorama management server unnecessarily reading the running-config.xml file.

Fixed an issue where the reportd process stopped responding when exporting CSV files when decryption logs were included in the unified logs.

Fixed an issue where the firewall bypassed Content Threat Detection (CTD) for sessions with STARTTLS large client hello out-of-order with No Decrypt.

Fixed an issue where the DHCP process stopped responding when the firewall was configured as a DHCP relay agent.

Fixed an issue where ping commands from both the management plane and dataplane interfaces incorrectly prioritized IPv6 addresses over IPv4 addresses, even when IPv6 was disabled. This caused connectivity issues when pinging FQDNs that resolved to IPv6 addresses.

Fixed an issue where the Border Gateway Protocol (BGP) established time was displayed inaccurately due to a 32-bit counter wrapping issue.

Fixed an issue where firewalls in air-gapped environments attempted to connect to a Google IP address for Machine Learning AV (MLAV) functionality, even when MLAV was not licensed or configured.

Fixed an issue where, when you added the Virtual System Name column under Unified Logs, the column did not remain visible in the table if you closed and re-opened the tab.

Fixed an issue where an OOM condition on the logrcvr process caused interface flapping, and the interface unexpectedly went down and then recovered without intervention.

Fixed an issue where firewalls became unstable and stopped responding, which resulted in an OOM condition.

Fixed an issue on the Panorama web interface where the error message PPPoEv6 Client Interface cannot be enabled with DHCPv6 client was generated when overriding aggregate interfaces even when no DHCPv6 or PPPoE was configured.

Fixed an issue where, when the firewall was configured as an explicit proxy, connections were intermittently dropped.

Fixed an issue where SNMP traps messages were not sent after system startup.

Fixed an issue where searching configuration logs for an audit_uuid did not return a result if the rule was created with a clone operation.

Fixed an issue where, after an authd process restart, the username, password, and source IP address displayed in plain text on the console when attempting to log in via the web interface.

Fixed an issue on Panorama managed firewalls where, when the service route configuration was set to VLAN as the source, attempting to import the variable CSV into the template resulted in the validation error Failed to parse variable configuration file. This issue occurred because the system incorrectly validated the VLAN interface name in the service route configuration within the template.

Fixed an issue on HA clusters where, when link and path monitoring was configured and the failover condition was set to all, disconnecting and reconnecting monitored ethernet ports caused the firewall to switch to a nonfunctional role, which resulted in all interfaces except the HA interface going down.

Fixed an issue where shared objects were displayed in the Push Scope after pushing the configuration from Panorama to managed firewalls.

Fixed an issue on firewalls with Advanced Routing Engine enabled where BGP route maps were not correctly configured for IPv6 next-hop selection. The firewall rejected the IPv6 configuration provided as the next hop due to an incorrect command sent to FRR (Free Range Routing).

Fixed an issue where DHCP Based IP Address Assignment for Global protect failed when the management interface was configured to receive its own IP address from DHCP.

Fixed an issue where all data interfaces went down due to a Forward Error Correction (FEC) mode mismatch. The firewall defaulted to FEC Auto mode, while the peer Cisco switch was configured for FC-FEC.

Fixed an issue where the popup window did not appear as expected for Clientless VPN users.

Fixed an issue where the show session cache CLI command was unavailable on VM-Series firewalls with VM license types smaller than VM-200 when session resiliency was enabled.

Fixed an issue where set and edit commands took longer than expected when adding address objects with a large number of dynamic groups due to the completion cache being enabled. With this fix, the completion cache is disabled by default.

Fixed an issue in the URL filtering logs where the columns and the displayed contents did not match.

Fixed an issue where User-ID custom reports were unable to exclude IP address 0.0.0.0 when using the filter ip notin 0.0.0.0.

Fixed an issue where NAT pool leaks occurred during a test when RTSP traffic hit NAT rules.

(M-600 appliances only)) Fixed an issue where Panorama did not update all panreplay database entries after performing a commit and full push to all devices.

Fixed an issue where the all_pktproc process stopped responding, which caused the firewall to unexpectedly restart.

Fixed an issue where threat names were displayed differently on the web interface and the exported CSV file.

Fixed an issue where, during software deployment from Panorama to multiple firewalls, some firewalls did not automatically reboot after the upgrade, even when Reboot device after install was selected. This was due to the Panorama timing out before the software deployment completed on the affected firewalls, which prevented the reboot request from being sent.

Fixed an issue where service routes configured to use a data plane interface incorrectly used the management plane interface for traffic transmission. This issue affected syslog and CRL status traffic when a custom service route was not configured.

Fixed an issue where the firewall used an unnecessary configuration lock when running operational commands.

Fixed an issue where changes made to the management interface permitted IP address list in a global template were not pushed to the template stack or firewalls.

Fixed an issue on Panorama where Device Health displayed the device memory as 0%.

Fixed an issue where, after an upgrade, GlobalProtect attempted to use the embedded browser instead of the default browser for gateway authentication even when it was configured to use the default browser.

(Firewalls in HA configurations only) Fixed an issue where the configd process restarted during a configuration push from Panorama, which caused the active firewall to lose management access for 20-30 minutes.

Fixed an issue where the OCSP Signing purpose was not included in the Extended Key Usage field when a certificate was generated on the firewall with the OCSP responder called in the certificate. This caused the GlobalProtect connection to fail with the error Missing OCSP signing purpose in the ExtendedKeyUsage.

Fixed an issue where a stack overflow occurred when the DNS domain name length exceeded 255 characters.

Fixed an issue where IPv6 BGP peering established between virtual routers even without dataplane connectivity. This occurred because the firewall used the kernel for lookups instead of the dataplane.

Fixed an issue on Panorama where custom reports displayed an incorrect log count with critical severity when the report filter was built with and without explicitly specifying severity as critical.

Fixed an issue where the number of registered IP Tags on Panorama did not match the number of registered IP Tags on the managed firewalls due to a change in file format between PAN-OS releases.

(VM-Series firewalls in AWS environments only) Fixed an issue where HA failover mode incorrectly changed from interface move to secondary IP move after a reboot.

Fixed an issue where Panorama failed to upgrade due to duplicate path-monitor names configured across different static routes within the same virtual router or logical router.

Fixed an issue that caused the request system private-data-reset CLI command to fail.

Fixed an issue where moving an address object from a device group to shared and renaming it did not reflect in the address group, which caused commits to fail.

Fixed an issue where deleting the NTP server address caused a commit validation error. This occurred when the configuration included both primary and secondary NTP servers and the secondary server was removed.

Fixed an issue where the XML API and REST API failed to run commands with an error.

Fixed an issue where random characters were added to the proxy_authorization in HTTP messages when the firewall accessed certain services through a configured proxy server. This caused proxy server authentication to intermittently fail.

Fixed an issue where WildFire reports were not fully displayed and were not downloadable due to static resources not being found.

Fixed an issue where FTP data connections did not work for EPRT with Source IP + Port translation enabled on the firewall.

Fixed an issue where the firewall stopped responding after upgrading to PAN-OS 11.0.2 with lockless-qos enabled.

Fixed an issue where adding an SD-WAN interface profile to an overridden interface on a template stack failed with an sdwan-interface-profile is invalid error.

Fixed an issue where the CLI command syntax was incorrect when configuring the deviceconfig values from the Template Stack.

Fixed an issue on Panorama where the logd process stopped responding unexpectedly.

Fixed an issue where the GlobalProtect client displayed an error message when you clicked Check Now and Preferred Releases and Base Releases were unchecked (Device > Software).

Fixed an issue where the firewall unexpectedly rebooted when the show dns-proxy ddns interface name all CLI command was executed with the error Server error: op command for client dnsproxyd timed out as client is not available.

Fixed an issue on the firewall where half-duplex settings on Ethernet were not visible.

Fixed an issue where the password expiry prompt was not visible when logging in via the web interface.

(Panorama virtual appliances only) Fixed an issue where Panorama stopped responding when running reports.

Fixed an issue where Panorama did not display license information for Cloud NGFW firewalls under (Device Deployment > Licenses) due to the inability to perform batch-license refreshes.

Fixed an issue where you were unable to download XML files from Panorama > Summary > Backups.

Fixed an issue where multicast flows were dropped due to a missing sysd variable for maximum multicast routes.

Fixed an issue where User-ID mappings were not correctly redistributed from Panorama to firewalls, causing some users to be identified as unknown, which prevented access to resources based on AD group membership.

Fixed an issue on the web interface where the Response Page action column was not accessible.

Fixed an issue on Panorama managed firewalls where SAML identity provider and Clientless Apps objects did not have override or revert options.

(Firewalls in HA configurations only) Fixed an issue where the confgid process and mgmtsrvr process restarted daily when processing a show rule-hit-count CLI command when retrieving Security policy rules for vsys1.

Fixed an issue where the Log Collector service did not start on a new Log Collector appliance added to a Log Collector group. As a result, the new Log Collector appliance did not appear in the cluster and the number of nodes in the cluster was incorrect.

Fixed an issue where, when Panorama was not internet connected and you attempted to upload images to managed firewalls using the Validate option, the upload failed with the error Failed to create multi-upload job. No valid software deploy targets found.

(Panorama appliances only) Fixed an issue where sequence numbers were lost when forwarded from Panorama, which resulted in missing or lost logs.

Fixed an issue where a dataplane restart was not triggered as expected when internal packet path monitoring failure occurred.

Fixed an issue where a devsrvr process restart caused commits to fail due to cloud app validation, which resulted in WildFire installs failing.

Fixed an issue where the Japanese translation for the URL filtering option to add a trailing slash to entries and the device license status error was incorrect.

Fixed an issue where you were unable to to adjust the frequency of the Advanced Cloud Explorer (ACE) cloud fetch via the CLI.

Fixed an issue on Panorama where Config Audit Commit Date displayed the timestamp of the configuration edit instead of the commit time.

Fixed an issue where the firewall did not perform certificate expiry validation during a commit, which resulted in successful authentication even when an intermediate certificate had expired.

Fixed an issue on the Panorama web interface where GlobalProtect client images were not exported via SCP.

Fixed an issue where the Logging Service License Status displayed as red even though a valid license was installed on the firewall.

(M-600 Appliances only) Fixed an issue where the web interface was slow when logging in and filtering for policies due to deep search operations taking longer than expected.

Fixed an issue where the firewall did not properly update incremental update data maintained at the management plane when an IP address was part of both a Dynamic Address Group and an External Dynamic List (EDL). This resulted in the firewall not matching the expected Security policy rule and threat signature.

Fixed an issue where Global Search did not redirect correctly to routing profiles when searching for their names.

Fixed an issue where the firewall incorrectly assembled SIP NOTIFY and REFER messages when processing SIP TCP packets that contained a partial content-body from a previous SIP message and a complete header and content-body from the next SIP message.

Fixed an issue on Panorama where the request batch license info CLI command displayed entries for devices that were no longer attached to Panorama.

Fixed an issue where you were unable to use the s_encrypted field in custom reports for the Panorama threat log database.

Fixed an issue where the transmit power for a cable that was used on port 44 displayed as N/A.

Fixed an issue where the Panorama interface template did not include the Forward Error Correction (FEC) setting.

Fixed an issue where GlobalProtect health information (HIP) did not display the certificate key usage.

Fixed an issue where the displayed group name differed depending on whether the group was configured locally on the firewall or through Panorama.

Fixed an issue where SAML authentication for GlobalProtect failed when the GlobalProtect portal was accessed externally on a non-standard port.

Fixed an issue where firewalls configured with a VPN tunnel stopped responding when a configuration update was applied.

Fixed an issue where the configuration version did not increment in the Audit Comment Archive after making changes to the Security policy rule with an audit comment and performing a commit. As a result, all subsequent changes were grouped under the same configuration version, which prevented the comparison of changes in the Rule Changes field of the Security policy rule.

(PA-5400 firewalls only) Fixed an issue where frequent BGP/BFD flaps occurred and HA2 keep-alives went down.

Fixed an issue where commits from Panorama to VM-Series firewalls on Microsoft Azure environments failed.

Fixed an issue where you were unable to export the GlobalProtect client software version to the SCP server.

Fixed an issue on the Panorama web interface where administrators were unable to export GlobalProtect client images and received an scp export failed error. This was due to the system attempting to retrieve the file from an incorrect directory.

Fixed an issue where non-captive portal traffic was not visible under Traffic Logs when the traffic was denied by an authentication rule and the session was discarded.

Fixed an issue on the web interface where the URL Filtering change category feature did not work.

Fixed an issue where GlobalProtect cookie authentication failed with the error User is not in allow list.

Fixed an issue where the DNS exception displayed 0 instead of no result in the anti-spyware profile when no threat ID was available for a DNS Security category.

(PA-1420 firewalls only) Fixed an issue where the firewall reported unsupported SFPs when PAN-SFPPLUS10GBASE-T SFPs were used on ports Ethernet 1/21 and 1/22.

Fixed an issue where the firewall displayed packet buffers between 18 and 19 even when there was little or no traffic.

Fixed an issue where plugin_api_server could experience a memory leak when using OpenConfig for telemetry.

Fixed an issue where auto-negotiation advertised and negotiated 10/100 half and full duplex.

Fixed an issue where the firewall did not increase the metric of the default route when redistributed into OSPF when the firewall was configured as an NSSA ABR.

(PA-1400 and PA-3400 Series firewalls only) Fixed an issue where the firewall displayed the error message Failed to parse pbf policy when you committed a configuration that included more than 8 Policy Based Forwarding (PBF) rules with symmetric return enabled.

Fixed an issue on the firewall that caused the following error message to be displayed: frr_ns0: failed to stop child frr_ns0_ospf6d.

Fixed an issue where PublicCloud Server certificate validation failed. Dest Addr: (null), Reason: self signed certificate in certificate chain generated as a high alert in the system log every 5 minutes.

Fixed an issue where the firewall calculated available memory incorrectly on CENTOS devices, which caused the firewall to display high memory usage alerts even when sufficient memory was available.

A CLI counter was added to indicate a full suppression queue.

Fixed an issue where the character ( + ) in the authentication message prompt displayed incorrectly as #43; on the GlobalProtect client after upgrading to a PAN-OS 10.2 release.

(VM-Series firewalls on Amazon Web Services (AWS) environments with GWLB integrated only) Fixed an issue where DNS queries timed out when overlay routing was enabled.

Fixed an issue where performing a factory reset caused the firewall to enter a continuous boot loop due to a failure in generating the global.xml configuration file.

Fixed an issue where the firewall displayed an incorrect maximum translated IP capacity when using DIPP NAT policy rules.

Fixed an issue on the web interface where you were unable to add Threat IDs to Signature Exceptions.

Fixed an issue where the show system statistics application CLI command failed.

Fixed an issue where the GlobalProtect client (UWP) or metered hotspot connections triggered TLS resumption fo GlobalProtect portal authentication, which caused the portal authentication to fail with a valid cert required error.

Fixed an issue where the Low free buffer limit output was not available.

Fixed an issue where the firewall allowed cleartext web-browsing traffic on port 443 when the Security policy rule was configured to allow application: web-browsing with service: application-default.

Fixed an issue threat reports were empty when generated from Panorama, but displayed correctly when generated from the firewall.

Fixed an issue where the firewall dropped non-SYN TCP packets even when the Reject non-SYN TCP option was set to No when a session rematch was triggered.

Fixed an issue where half-closed TCP sessions did not refresh the session timeout when continuously receiving data after setting the cfg.session.tcp-no-refresh-fin-rst option toTrue.

Fixed an issue on the firewall where you were unable to configure more than 500 DHCP relay servers even though the supported limit was 4096.

Fixed an issue where the mib ID returned an incorrect value via SNMP.

Fixed an issue where the show user ip-user-mapping all option detail XML API command did not show the complete output.

Fixed an issue where BGP aggregate routes with the AS-SET option enabled had incorrect AS paths.

Fixed an issue where the CSV export of disabled applications included duplicate entries, which caused the count of disabled applications to be higher in the CSV export than on the web interface.

Fixed an issue where the firewall did not query for an AAAA record when only IPv6 was enabled for the management interface.

Fixed an issue where the all_task process stopped responding, which caused a split brain condition.

(VM-Series firewalls only) Fixed an issue where the aggressive clean-up threshold for disk space was set to 95% in system monitor.

Fixed an issue where the domain-edl column was empty in the threat log even when a threat was detected as a DNS alert.

Fixed an issue where an OOM condition occurred, which caused processes to stop responding.

Fixed an issue where the routed process stopped responding due to accessing freed memory from a hash table when the route vectors were resized. This occurred when a large number of static routes were configured.

Fixed an issue where, when using WildFire Private Cloud, the system log displayed the error message tls-X509-validation.

(PA-3220 firewalls in HA configurations only) Fixed an intermittent issue where the firewalls went out of sync after a configuration push from Panorama.

Fixed an issue where users were unable to log in to Panorama and the following error message was displayed: Timed out while getting config lock. Please try again. This occurred when pushing configurations to a large number of devices.

Fixed an issue where the configd process stopped responding when a configuration merge operation changed.

Fixed an issue where GlobalProtect users with client certificates received an authentication failure message without entering a password and clicking connect or login.

Fixed an issue where the firewall displayed 0 bytes received for GlobalProtect SSL sessions in the traffic logs.

Fixed an issue where the web interface was slower than expected when logging in and filtering for policies.

Fixed an issue where the firewall failed to connect to the update server with a customized service route when the source interface was set to MGT and the source address was set as IPv4.

Fixed an issue where the firewall was unable to connect to a syslog server that used a TLS certificate without a subject key identifier.

Fixed an issue where the execute show transceiver-detail all XML API command returned an incorrect value for the low temperature alarm threshold.

Fixed an issue where the Priority Code Point (PCP) bits in the VLAN header were not reset to 0 when a packet was received from one Layer 3 tagged interface and forwarded to another, which resulted in dropped packets.

To use this fix, run the CLI command set force-vlan-pcp-reset yes and reboot the firewall.

Fixed an issue where importing a device configuration into Panorama failed with a validation error if the configuration included a shared gateways containing NAT/PBF rules.

To use this fix:

Note: This fix is supported on PAN-OS 10.2 and later releases.

Fixed an issue where commits failed with a validation error when you changed the encryption level and re-encryption option on a Panorama managed firewall.

Fixed an issue on the Panorama web interface where Application and Category was not able to be selected under Test Policy Match.

Fixed an issue where the snmpd.log.old file continuously increased, which caused the root partition to become full.

Fixed an issue where the Panorama web interface was slower than expected due to high CPU utilization on the mongodb process.

(Firewalls in HA configuration only) Fixed an issue where the Network pre-negotiation enabled page did not display on the firewall dashboard.

Fixed an issue where the firewall failed to upload a macOSX file if the file had a MIME boundary.

Fixed an issue where the firewall dropped inbount RTP traffic after using Webex Screen Sharing due to the firewall removing the NAT cache when the predict timed out, which caused a new NAT to be established that conflicted with existing sessions. To use this fix, run the CLI command set system setting ctd h323_rtp_predict timeout <120-3600> to increase the timeout limit.

Fixed an issue where the all_task process stopped responding, which caused the firewall to stop processing traffic.

(VM-Series firewalls only) Fixed an issue where BGP route refreshes occurred when a commit was performed if AS Set was enabled for BGP aggregate routes.

Fixed an issue on the firewall where ICMP ping loss occurred after installing a Network Processing Card (NPC) in slot 7.

Fixed an issue where the firewall generated AAAA DNS queries when IPv6 firewalling was disabled.

Fixed an issue where sessions ended with the message decrypt error in the logs for traffic that matched a no-decrypt policy.

Fixed an issue where an email was able to be transferred to the destination MTA even when the firewall detected a suspicious file with a reset-bot action when it was encrypted by STARTTLS.

Fixed an issue on the firewall where traffic matched a custom signature even if the custom signature was removed from the configuration.

Fixed an issue where the firewall was unable to generate a tech support file when management server debug was disabled.

Fixed an issue where OSPFv3 Link State (LS) update packets (type 9) were not fragmented properly, which caused the OSPF header to have an incorrect checksum when sent from the firewall. This occurred when the update packet size exceeded 1514 byte, which resulted in the peer device rejecting the packet and the neighbor relationship going down.

(PA-3400 Series firewalls only) Fixed an issue where the all_task process stopped responding, which caused the firewall to reboot.

Fixed an issue where double-clicking the login button returned the error message Login session expired.

Fixed an issue on Panorama where, after you enabled multihop in a BFD profile, you were unable to disable it via the web interface.

Fixed an issue where the GlobalProtect portal logged passwords in cleartext.

Fixed an issue where the firewall did not shut down completely.

Fixed an issue on Panorama where the dynamic address group IP addresses of the Kubernetes plugin or Prisma Cloud plugin for Secure Developer Environment were not displayed.

Fixed an issue where the configd process restarted when pushing configurations to multiple device groups via XML API, which caused the push to fail.

Fixed an issue where the maximum session limit for a vsys was 4,194,290.

(VM-Series firewalls only) Fixed an issue where the all_task process stopped responding and a reboot was required.

Fixed an issue where the routed process core failed the automation run.

Fixed an issue where AAAA DNS queries went out even when IPv6 firewalling was disabled.

PA-440 firewalls only) Fixed an issue where the firewall was unable to create more than 6 GlobalProtect gateways.

(VM-Series firewalls in HA configurations only) Fixed an issue where the firewall rebooted due to multiple HA failovers.

Fixed an issue where management plane CPU usage increased after upgrading when there was a full-mesh User-ID redistribution configuration between multiple firewalls.

Fixed an issue where exporting managed device information from Panorama in CSV format included extraneous characters.

Fixed an issue where, after a commit was performed from Strata Cloud Manager, the SD-WAN configuration containing BGP routes did not display on the hub firewall.

Fixed an issue where the request logdb migrate-to-panorama start end-time <start-time> <type> CLI command did not work as expected, and you were unable to resend logs from a firewall to Panorama or a log collector.

Fixed an issue where the firewall displayed incorrect policy cache usage and configuration memory usage during a commit, which caused the configuration commit to fail with a CONFIG_UPDATE_START error. This occurred when a large number of External Dynamic Lists (EDLs), shared addresses, and policy rules were configured.

Fixed an issue where imported certificates were not visible on firewalls with multi-vsys disabled.

Fixed an issue where the service route setting for HTTP was not applied when the source interface IP address was set via an address object, which caused HTTP traffic to be sent from the management interface.

Fixed an issue where Voice over WiFi (VoWiFi) stopped working after switching from a PA-5200 Series firewall to a PA-7500 Series firewall in NGFW clustering mode with NATT IPSec Passthrough and NAT policy enabled. To use this fix, enter the CLI command show tunnel-acceleration, disable tunnel acceleration, and reboot the PA-7500 Series firewall.

Fixed an issue where WildFire submission logs were not displayed when filtered by Sender Address.

Fixed an issue where GlobalProtect Decryption logs were not forwarded to Panorama.

Fixed an issue where the Panorama port 28270 did not adhere to the restricted TLS version and ciphers set in the Secure Communication Settings.

Fixed an issue where the bytes transmitted and packet transmitted counters for hardware interfaces incorrectly displayed as 0 after a restart of slot-1.

Fixed an issue where the firewall did not support TLSv1.3 in the Clientless VPN, which caused the portal page to not load.

Fixed an issue where daily email reports generated from the custom report did not display the report details in PDF or CSV files.

Fixed an issue where Panorama template changes to the zone and virtual router were not pushed to managed firewalls when the template stack default virtual system was set to None.

Fixed an issue where task-debug logs remained on the debug level even after running the debug dataplane packet-diag set log off CLI command, which caused high dataplane CPU utilization.

Fixed an issue where Panorama was unable to generate PDF reports when the footer contained a GIF image.

(M-600 Appliances only) Fixed an issue where log collectors in a cluster stopped responding when running high load tests.

Fixed an issue where the firewall dropped GRE keepalive packets that were encapsulated under another GRE tunnel.

Fixed an issue on the Panorama web interface where the Configuration tab did not accurately display changes made to URL filtering profiles.

Fixed an issue where IPv4 BGP routes were not included in the routing table or FIB of a virtual router when ECMP was configured with more than two next hops.

Fixed an issue where the CLI command show user ip-user-mapping-mp all displayed the total timeout value instead of the current timeout value when the set cli op-command-xml-output on CLI command was used.

(PA-7000b firewalls only) Fixed an issue where the firewall web interface displayed an incorrect HSM client version when the client was upgraded to version 7.2.0.220.

Fixed an issue where not all IP-TAG logs were forwarded to Log Collectors.

Fixed an issue where the firewall displayed the incorrect rule name when a threat log was generated for Inline Cloud Analyzed CMD Injection Traffic Detection.

Fixed an issue where the firewall dataplane stopped responding, which caused BGP flaps between hubs and branches.

Fixed an issue where selective push operations from Panorama to managed firewalls failed with the error message Failed to generate selective push configuration. Schema validation failed. Please try a full push.

Fixed an issue where GlobalProtect traffic destined for the internet did not follow the path-based forwarding (PBF) rule and was sent out the wrong interface.

(PA-5400 Series firewalls only) Fixed an issue where the mp-monitor logs did not print disk SMART data.

Fixed an issue on the Panorama web interface where the template sync status showed Out-of-Sync for managed devices after a combined commit-all operation. This occurred due to Panorama sending the default MD5 sum of the template to the firewall instead of the correct MD5 sum.

Fixed an issue where exporting a Custom Report to CSV format did not display the full report if it contained non-ASCII characters.

Fixed an issue where the logrcvr stopped responding, which caused the firewall to restart.

(VM-Series firewalls only) Fixed an issue where firewalls with a DNS server IP address received by DHCP from Amazon Web Services (AWS) had a delay in resolving FQDNs after a reboot.

(PA-5200 firewalls only) Fixed an issue where the all_pktproc process stopped responding when the firewall was under a heavy traffic load.

Fixed an issue on Panorama where the ACC report for URL categories displayed inconsistent results for the same time range when run daily.

Fixed an issue where, when QoS was enabled on aggregate interfaces, the maximum aggregate interface throughput was capped, which limited network traffic. This occurred even with default QoS settings and no configured egress max-bandwidth.

Fixed an issue where commits failed when importing configurations to a device with a non-default master key.

(PA-450 firewalls in HA configurations only) Fixed an issue where the firewall remained in an active state and all traffic stopped until a failover to the passive firewall was performed.

Fixed an issue where the firewall did not establish a syslog connection to the probe VM syslog server in ADEM Regressions.

Fixed an issue where the TCP timeout value was reflected incorrectly when using application override for a custom application in TAP mode.

Fixed an issue where the show session cache all CLI command failed with the error message Server error : An error occured. See dagger.log for information.

Fixed an issue where the firewall HA2 keep-alive went down multiple times without a specific reason.

(PA-410 firewalls only) Fixed an issue where the firewall rebooted unexpectedly due to multiple all_task process restarts.

Fixed an issue where the show pbf rule name <name> CLI command failed.

(PA-7500 Series firewalls in a cluster configuration only) Fixed an issue where users were able to enable or disable certain configurations.

(PA-5450 firewalls only) Fixed an issue where the class of service (CoS) priority bit was not modified, causing access points to lose connectivity to the wireless controller when traffic was routed through the firewall.

Fixed an issue where the URL filtering response page for Continue and Override did not work with IPv6 Router Advertisement (RA) or Multicast Listener Query (MLQ) for IPv6-to-IPv6 and IPv6-to-IPv4 traffic.

Fixed an issue where frequent session failures occurred due to CTD resource exhaustion.

Fixed an issue where the firewall rebooted into maintenance mode if the authentication process restarted repeatedly.

Fixed an issue where applications did not load via the Clientless VPN portal when the portal was hosted on an L3 VLAN interface.

Fixed an issue where, on an NGFW cluster node, operations failed when QoS interfaces were configured with an egress max that exceeded 68,000 Mbps.

Fixed an issue where selective pushes failed due to a missing log collector reference.

Fixed an issue where SaaS quality profile probes were dropped on the SD-WAN hub.

Jumbo frame feature support is enabled.

Fixed an issue where DNS traffic did not match the intended SD-WAN policy rule when NAT was enabled.

Fixed an issue on the Panorama web interface where you were unable to add static IPv6 address entries to a logical router in a cluster template stack.

Fixed an issue where the firewall did not have a heartbeat mechanism for the authd process, which caused the firewall to become unresponsive if the authd process stopped responding.

Fixed an issue where memory leaks related to the devsrvr process occurred when downloading and pushing updates from the App-ID Cloud Engine to the dataplane.

Fixed an issue where the SNMP get request status value for Panorama connections was incorrect.

Fixed an issue where the firewall API returned inconsistent responses to a failed call using a valid API key. With this fix, the firewall returns the error Session is invalid if the session is not available for the cookie.

Fixed an issue where CPU base gateway auto-scaling failed, which caused performance issues.

Fixed an issue where the CLI command to set the target virtual system accepted a non-existent virtual system name, and the CLI prompt incorrectly changed to the non-existent virtual system.

Fixed an issue where, when a firewall was managed by Strata Cloud Manager and configured to use a proxy server for external connections, the management server did not use the configured settings to connect to the Cloud Management service.