Fixed an issue where SMB performance caused overall network latency after an upgrade.

Fixed an issue where IGMP packets were offloaded with frequent IGMP Join and Leave messages from the client.

Fixed an issue where firewalls running LSVPN with tunnel monitoring enabled where, after an upgrade to PAN-OS 9.1.14 or a later PAN-OS release, LSVPN tunnels flapped.

Fixed an issue that caused the pan_task process to miss heartbeats and stop responding.

Fixed an issue where authd frequently created SSL sessions, which resulted in a out of memory (OOM) condition.

Fixed an issue where the ikemgr process stopped responding due to a timing issue, which caused VPN tunnels to go down.

Fixed an issue where new logs viewed from the CLI (show log <log_type>) and new syslogs forwarded to a syslog server contained additional, erroneous entries.

(

PA-220 firewalls only

) Fixed an issue where a commit and push from Panorama caused high dataplane CPU utilization.

Fixed an issue that caused the processing of incoming packets to take more time than expected, which caused latency-sensitive traffic and applications timeouts.

Fixed an issue where ARP broadcasts occurring in the same time interval and network segment as high availability (HA) path monitoring pings triggered an ARP cache request, which prevented the firewall from sending ICMP echo requests to the monitored destination IP address and caused an HA path monitoring failover.

Fixed an issue where, when next hop MAC address entries weren't found on the offload processor for active traffic, update messages flooded the firewall, which caused resource contention and traffic disruption.

Fixed an issue where an SCP export of the device state from the firewall added single quotes ( ' ) to the filename.

Fixed an issue where the firewall did not handle packets at Fastpath when the interface pointer was null.

Fixed an issue where the firewall restarted due to a dnsproxy process crash.

Fixed an issue where the NAT pool leaked for passive mode FTP predict sessions.

Fixed an issue where, when logging in to the GlobalProtect gateway, the authentication cookie was not reused.

Fixed an issue on firewalls in HA configurations where intermittent system alerts on the active firewall caused the pan_comm process to restart continuously.

Fixed an issue where a predict session didn't match with the traffic when both source NAT and destination NAT were enabled.

Fixed an issue where TCP packets were dropped during the first zone transfer when DNS security was enabled.

Fixed an issue where, when the Advanced Threat Prevention license was present on a firewall without a Threat Prevention license, the antivirus signature update packages that were normally available to install (

Device > Dynamic Updates

) were not displayed.

Fixed an issue where the dataplane went down, which caused a HA failover.

Fixed an issue where the firewall dropped packets when the session payload was too large.

Fixed an issue where canceling a commit caused the commit process to remain at 70% and the firewall had to be rebooted.

Fixed an issue where SIP TCP sequence numbers were calculated incorrectly when SIP cleartext proxy was disabled.

Fixed an issue where URL category match did not work for External Dynamic List URLS due to a leak related to the devsrvr process.

Fixed an issue where the GlobalProtect portal generated a cookie with a domain as NULL instead of empty-domain, which caused users to be identified incorrectly.

(

Firewalls in HA configurations only

) Fixed an issue where policy based forwarding (PBF) sessions between virtual systems (vsys) weren't pushed to the high availability peer.

Fixed an issue where enabling SSL decryption with a Hardware Security Model (HSM) caused a dataplane restart.

Fixed an issue where Session Initiation Protocol (SIP) REGISTER packets did not get transmitted when application-level gateway (ALG) and SIP Proxy were enabled, which caused a SIP-registration issue in environments where TCP retransmission occurred.

Fixed an issue where the firewall sent an incorrect IP address on ICMP sessions in NetFlow packets when NAT was applied to the target traffic.

(

PA-800 Series firewalls only

) Fixed an issue where the firewall rebooted during a software install job due to a kernel panic situation.

Fixed an issue where DNS security caused the (time-to-live) value of the pointer record (PTR) to be overwritten with a value of 30 seconds.

Fixed an issue where

Shared Gateway

was not visible in the

Virtual System

drop down when configuring a Layer3 aggregate subinterface.

Fixed an issue where PDF reports were not translated to the configured local language.

Fixed an issue where a delay to detect when an interface was down after a cable pull caused traffic to be black-holed to the downed link for 10 or more seconds.

Fixed an issue where the

devsrvr

process stopped responding after a local or Panorama pushed commit. This occurred when a single NAT policy contained more than 64 address objects.

Fixed an issue where the firewall did not detect that the management port was down the first time after booting up the system.

Fixed an issue on the firewall where, when attempting to change the master key, the existing master key was not validated first. As a result, all firewall keys were corrupted.

Fixed an issue where DHCP IP address renewal failed on the management interface

Fixed an issue where FQDN refresh did not work with the error message

No name servers found!

, and no subsequent retries occurred.

Fixed an issue where packets were dropped unexpectedly due to errors parsing the IP version field.

Fixed an issue where verbose mode did not display additional data for the

fe20 flow lookup

command.