( Firewalls in active/passive HA configurations ) Fixed an issue on firewalls where, after failover, certain subnets were missing from the Link State Database, which prevented OSPF routes from being immediately learned due to a Type-7 to Type-5 LSA translation conflict in the ABR when the same LSA was advertised by two peers in the NSSA area.

After upgrading to an affected release, the firewall restarts continuously because the brdagent process restarts multiple times and exhausts its restart limit, resulting in a segfault error. This issue occurs when a high burst of traffic is sent to the Azure PA-VM (Palo Alto Networks Virtual Machine), and impacts production environments due to the regular reboots. Workaround : Migrate the VM instance to Dv5 instance type. On these instance types, SYN packets are not routed to the synthetic path, avoiding this condition. Suggested direct resizing paths are: D3_v2/DS3_v2 to D8ds_v5 D4_v2/DS4_v2 to D8ds_v5 D5_v2/DS5_v2 to D16ds_v5 Azure VMs with ephemeral storage can only be resized to another type with ephemeral storage.