Fixed an issue where PA Explicit proxy blocked ICMP packets from flowing towards Envoy for Geneve due to the router not camping MSS when the MTU was lower in the path.

(PA-3400 and PA-5400 Series firewalls only) Fixed an issue where the firewall dataplane frequently restarted when lockless QoS was enabled

Fixed an issue where traffic was incorrectly identified as unknown-tcp/unknown-udp due to App-ID resource leak and eventually dropped.

Fixed an issue where IPv6 IPsec WAN support was not available in Prisma Access.

Fixed an issue where DNS Security logs incorrectly displayed a sinkhole action for benign DNS categories due to the firewall saving the drop or sinkhole action in session flags without discarding the session.

Fixed an issue where certificate data was missing in decryption logs for No decrypt policy rules and TLS1.2 traffic after upgrading, and the Subject Common Name, Issuer Common Name, Certificate Start Date, Certificate End Date, Certificate Serial Number, and Certificate Fingerprint fields were blank in the decryption logs.

Fixed an issue where the GlobalProtect gateway firewall intermittently failed to assign an IP address to GlobalProtect clients from the DHCP server, even after successfully receiving a DHCP offer. This occurred when the DHCP retry and timeout settings were overwritten due to parsing results being stored in the same variable, which caused the last gateway configuration to take effect.

Fixed an issue where the firewall calculated available memory incorrectly on CENTOS devices, which caused the firewall to display high memory usage alerts even when sufficient memory was available.

Fixed an issue where, when the DHCP server was enabled for GlobalProtect, the commit error message was not properly displayed when Any was selected as the source interface in the service router configuration (DeviceSetupServiceService Router Configuration).