Fixed an issue on the firewall where the source and destination NAT IP addresses did not display in traffic & threat logs.

Fixed an issue where SNMP walks returned a value of 0 for the CPS (Connections Per Second) per vsys on firewalls after upgrading to PAN-OS 11.1.6-h3, even when active connections were present.

Fixed an issue where a memory leak occurred related to the configd process when pushing configurations from Panorama to a firewall. This occurred when the configurations contained shared policy rules.

(Panorama appliances only) Fixed an issue on the web interface where resetting the rule hit counter for multiple policy rules failed with the error message Failed to reset rule-hit job.

Fixed an issue where BGP export policy rules with next-hop matching failed to block the advertisement of static routes, and the firewall incorrectly matched the egress interface IP address instead of the original next-hop IP address of the static route, which caused the deny rule to fail.

Fixed an issue where a large number of logs caused the logrcvr process to stop responding.

Fixed an issue where ECMP incorrectly balanced sessions across links based on the configured metric, which led to an imbalance in traffic distribution and resulted in traffic assignment shifting disproportionately to routes with lower metrics.

Fixed an issue where, when getting transceiver information from ESCC for SFP 25G modules, the transceiver code was incorrectly updated with Unknown instead of 25GBase-SR.

(Panorama appliances in Log Collector mode only) Fixed an issue where the vm_agent process restarted after an upgrade.

Fixed an issue on the firewall that caused commits to fail and the web interface to become inaccessible.

Fixed an issue where clients did not receive a valid response when searching a website due to a compression error.

(Panorama appliances and Log Collectors only) Fixed an issue where a VLD memory leak caused increased memory use, which resulted in OOM errors.

Fixed an issue where the Panorama web interface was slower than expected.

Fixed an issue where the index size limit was incorrectly calculated and indices rolled over earlier than expected, which resulted in high memory and OOM errors.

(Panorama appliances only) Fixed an issue where log exports were slower than expected or failed when filtering logs after an upgrade, which resulted in timeouts or delays in displaying logs on the web interface.

Fixed an issue where TLS connections failed to establish in asymmetric routing environments if the firewall did not see server-to-client (s2c) packets of the TLS handshake.

To use this fix, run the following CLI command: debug dataplane set ssl-decrypt accumulate-client-hello asym-disable yes.

Fixed an issue where service routes configured to use a data plane interface incorrectly used the management plane interface for traffic transmission. This issue affected syslog and CRL status traffic when a custom service route was not configured.

Fixed an issue where authentication to GlobalProtect failed with the error message User not in allowed list.

Fixed an issue where the firewall removed the Authentication Key Identifier (AKID) from the certificate during SSL decryption, which caused Python 3.13 to fail with a certificate verification error.

Fixed an memory leak issue related to TLS inbound decryption.

Fixed an issue where daily scheduled reports were not generated and emailed.

Fixed an issue where web-advertisement traffic was not immediately blocked which resulted in pages loading indefinitely.

Fixed an issue on the firewall where half-duplex settings on Ethernet were not visible.

(PA-450 firewalls only) Fixed an issue where, after an upgrade, data that was excluded using the query builder in a custom report was still visible in the report, and the logs displayed errors related to invalid threat names being queried.

(VM-Series firewalls only) Fixed an issue where, after an upgrade, the firewall was unable to send logs to the Strata Logging Service (SLS) when using a specific proxy server, and the SSL connection status displayed as failed when attempting to forward logs through the web proxy.

(M-600 appliances only) Fixed an issue where the Elasticsearch cluster certificate (CC) status displayed with a past expiration date, which caused all shards to be unassigned.

Fixed an issue where empty traffic logdb folders were generated for each day even when trafcfic logs were not received by the logrcvr process.

Fixed an issue where SNMP monitoring of tunnel interfaces displayed zero values for received bytes and packets.

Fixed an issue where auto-negotiation advertised and negotiated 10/100 half and full duplex.

Fixed an issue where User-ID connections were lost after an HA failover.

Fixed an issue where DNS requests to malware sites were not blocked as expected, and the dns-security-categories log-level and action displayed default values instead of unavailable.

Fixed a memory leak issue related to the configd process that occurred when running consecutive commits for multiple days.

Fixed an issue where the Panorama web interface was slower than expected when querying for device tags.

Fixed an issue where Panorama did not display logs from firewalls after upgrading to PAN-OS 10.2.11 on devices due to Elasticsearch (ES) getting restarted continuously.

Fixed an issue where users were unable to log in to Panorama and the following error message was displayed: Timed out while getting config lock. Please try again. This occurred when pushing configurations to a large number of devices.

Fixed an issue where all_task processes stopped responding on the remote network firewall, which caused tunnels to go down and the pan_task CPU usage to approach 100%.

Fixed an issue on Panorama where Elasticsearch repeatedly restarted.

Fixed an issue where administrators were unable to edit or add virtual router configurations when a filter was applied to the viewer.

Fixed an issue where commits from Panorama to Panorama virtual appliances failed with the error message Internal error during commit processing. Commit/Validate failed after upgrading Panorama.

(Firewalls in active/active HA configuration only) Fixed an issue where the firewall displayed the HA2 status as down when the HSCI port was used for both HA2 and HA3.

Fixed an issue where the firewall displayed inaccurate throughput utilization stats in NetFlow analyzer tools.

Fixed an issue on Panorama where traffic log details were not displayed under detailed log view.

Fixed an issue on Panorama where upgrades failed with validation errors.

(PA-5200 firewalls only) Fixed an issue where the all_pktproc process stopped responding when the firewall was under a heavy traffic load.

Fixed an issue on Panorama where configuration locks were observed during a partial rulebase commit.

Fixed an issue on Panorama where Rule Usage and Apps Seen under Security policy rules stopped incrementing.

(Multi-vsys firewalls only) Fixed an issue where commits failed on the firewall after selecting Export or push device config bundle on Panorama and a force push was required.