>
    Strata Copilot
    PAN-OS 11.2.6 Addressed Issues
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. PAN-OS 11.2.6 Known and Addressed Issues
    4. PAN-OS 11.2.6 Addressed Issues
    Download PDF

    PAN-OS 11.2.6 Addressed Issues

    Table of Contents

    PAN-OS 11.2.6 Addressed Issues

    PAN-OS® 11.2.6 addressed issues.
    Issue ID
    Description
    PAN-287812
    Fixed an intermittent issue where the dataplane stopped responding when advanced DNS was enabled.
    PAN-286255
    Fixed an issue where, when the firewall received an unexpected termination request for SSL sessions, the dataplane experienced a slow buffer resource leak.
    PAN-284908
    Fixed an issue where retrieving filenames from OneDrive resulted in a cache miss.
    PAN-284116
    Fixed an issue where mTLS decryption bypass did not work when the decryption profile was configured with the maximum TLS version as TLS 1.3.
    PAN-284036
    (PA-450R and PA-450R-5G firewalls only) Fixed an issue where the maximum temperature threshold and shutdown threshold were not set correctly.
    PAN-283467
    (PA-3400 Series firewalls only) Fixed an issue where the firewall unexpectedly rebooted and entered maintenance mode due to a ctd-agent out-of-memory (OOM) condition. This occurred during advanced services load testing and a high volume of IoT EAL log forwarding.
    PAN-282968
    Fixed an issue where the firewall did not identify the test threat file when the content was installed via a traditional bootstrap.
    PAN-282236
    Fixed an issue where large IPv6 packets were reassembled incorrectly on the firewall when the packets arrived fragmented over an IPv4 tunnel.
    PAN-282206
    Fixed an issue where configuring Secure Web Gateway (SWG) in no-auth mode led to latency when no decryption policy rules or No-decrypt policy rules were present.
    PAN-282069
    Fixed an issue on Panorama where Security policy rules were removed from device groups when you cloned or edited Security policy rules that used more than 63 characters.
    PAN-282022
    Fixed the support limitation for the Panorama M-600 and M-700 appliances.
    PAN-280700
    Fixed an Issue where commits failed with the error invalid IPv6 x:x - must be global/link-local unicast when the management IPv6 address had a specific value.
    PAN-280471
    Fixed an issue where navigating Panorama > Monitor > Logs was slower than expected.
    PAN-279983
    (PA-1400 Series firewalls only) Fixed an issue on the web interface where Enable Bonjour Reflector was not displayed (Network > Interfaces > Ethernet Interface).
    PAN-279746
    Fixed an issue where SMTP packets were not sent out when the Client Hello arrived at the firewall in multiple out-of-order segments and the traffic was not subject to SSL decryption.
    PAN-279621
    Fixed an issue where processes stopped responding when HTTPS Forward traffic was run.
    PAN-279197
    (PA-450R-5G firewalls only) Fixed an issue where the firewall stopped responding and displayed the error message Thermal temperature exceeds system threshold! Shutting down NOW even when the firewall was within the threshold.
    PAN-279191
    Fixed an issue where a GlobalProtect gateway stopped responding when handling HTTP/1.1 traffic with web inspection enabled.
    PAN-278684
    (PA-445 firewalls only) Fixed an issue where the firewall did not properly power cycle during a reboot.
    PAN-278322
    (VM-Series firewalls on Amazon Web Services (AWS) Gateway Load Balancer (GWLB) deployments only) Fixed an issue where the firewall did not display the correct source user in traffic logs and session details.
    PAN-278296
    Fixed an issue where the system MAC address of the aggregate interface was the same on the active firewall and the passive firewall after an upgrade.
    PAN-277762
    (VM-Series firewalls only) Fixed an issue where unexpected failovers occurred on firewalls running PAN-OS 11.2.2-h2.
    PAN-277751
    Fixed an issue where a policy-based forwarding (PBF) rule with an action of no-pbf and a service of TCP-22 did not match traffic after upgrading to PAN-OS 11.1.5-h1. As a result, traffic was matched by a lower rule with a service of any and an action of forward.
    PAN-277629
    Fixed an issue where the firewall did not match the correct policy for SSL forward decrypted HTTP/2 traffic when upgrading from PAN-OS 10.2.9-h1 to PAN-OS 11.2.3.
    PAN-277417
    Fixed an memory leak issue related to TLS inbound decryption.
    PAN-277135
    Fixed an issue where the firewall stopped responding when a DNS client closed or reset a TCP connection while the firewall was sending a response.
    PAN-276822
    Fixed an issue where the packet buffer size increased significantly when WildFire File Forwarding was continued after a threat detection and then canceled.
    PAN-276607
    Fixed an issue where GlobalProtect users experienced DNS resolution timeouts when using Prisma Access.
    PAN-276546
    Fixed an issue where a session lost the PBF rule mapping after a configuration change or commit.
    PAN-276177
    Fixed an issue where App Acceleration did not work with Oracle databases.
    PAN-276090
    Fixed an issue where the DLP feature did not work as expected and performance issues occurred when uploading files. This was caused by incomplete error handling when writing CTD WIF messages to shared memory and incomplete checking of parameters when freeing entries in the shared memory.
    PAN-276016
    Fixed an issue where Prisma Access cap700 instances did not insert HTTP headers when accessing certain Google domains if the 32 byte pool size was low.
    PAN-275032
    (M-600 appliances only) Fixed an issue where the Elasticsearch cluster certificate (CC) status displayed with a past expiration date, which caused all shards to be unassigned.
    PAN-274592
    (Firewalls in high availability (HA) configurations only) Fixed an issue where the firewall did not fail over when the active firewall experienced data plane issues.
    PAN-274314
    (PA-1400 Series firewalls, PA-3400 Series firewalls, and PA-5400 Series firewalls only) Fixed an issue where, when the pan_task process restarted, control plane packets were dropped, which could impact LACP and pings to host interfaces.
    PAN-273949
    Fixed an issue where the firewall generated the following error message in the snmpd logs: pan_get_keystr_from_cryptod(pan_snmpinterface.c:181): Key X2F1dGhfa2V5 import from cryptod failed.
    PAN-273727
    Fixed an issue where the firewall skipped the DNS policy rule of a domain external dynamic list (EDL) during an EDL refresh.
    To use this fix, run the following CLI command and commit: set deviceconfig setting ctd custom-edl-domains-continuous-reload yes/no
    PAN-273195
    Fixed an issue where the firewall did not log the correct NAT IP address and source zone for HTTP2 traffic with SSL decryption enabled on RNHP nodes.
    PAN-273129
    Fixed an issue on the web interface where the negate option was visible when you clicked on the rule name, but not when you viewed the target options from the rulebase attribute.
    PAN-273026
    Fixed an issue where traffic logs did not display correctly when filters were applied.
    PAN-273021
    Fixed an issue where 25G port links did not come up due to a change in the handling of 25G DAC modules.
    PAN-272959
    Fixed an issue where the firewall generated BGP update packets larger than 1500 bytes when the interface MTU was 1500 bytes and jumbo frames were enabled globally.
    PAN-272849
    Fixed an issue where log forwarding to a UDP syslog server stopped when an unreachable TCP syslog server was configured and applied.
    PAN-272538
    Fixed an issue where the configd process stopped responding during a commit-all validation when there were uncommitted changes and share-unused-objects-with-devices was set to off.
    PAN-272171
    Fixed an issue where the firewall dropped the AAAA DNS server response and caused delays in traffic from Ubuntu or Linux clients when DNS Security was enabled.
    PAN-272085
    Fixed an issue where the firewall unexpectedly stopped responding and rebooted when DoH was enabled for DNS Security and multiple DoH transactions were sent in a single HTTP/1 connection.
    PAN-271912
    Fixed an issue on Panorama where the configd process stopped responding when filtering in the configuration audit window after upgrading to PAN-OS 11.1.3.
    PAN-271701
    Fixed an issue where Advanced Services, App-ID Cloud Engine (ACE), and Enhanced Application Log stopped working due to incorrect memory usage accounting, which caused memory usage to remain at 99% after an extended period of time.
    PAN-271314
    Fixed an issue where pushing changes to a prefix list used for BGP from Panorama affected OSPF routes.
    PAN-271273
    Fixed an issue where dynamic update downloads failed when IPv6 firewalling was enabled on the firewall and both IPv4 and IPv6 were configured on the management interface.
    PAN-271181
    Fixed an issue where committing changes to Advanced Routing and redistribution profiles failed while pushing the configuration from SCM.
    PAN-271152
    (7000-Series firewalls in HA configurations only) Fixed an issue where the firewall failed over into a non-functional state, and the LFC LED was blinking on the passive firewall.
    PAN-270607
    (Firewalls in active/passive HA configurations only) Fixed an issue where OSPF failed to establish after a failover from the active firewall to the passive firewall.
    PAN-270471
    Firewalls in active/active configurations only) Fixed an issue where the firewall did not detect configuration changes when only the interface of an IKE gateway was changed, which caused IPSec tunnels to not come up after migrating the IKE gateway IP address from a subinterface to a physical interface.
    PAN-269956
    Fixed an issue where the all_pktproc process stopped responding, which caused internal path monitor failures.
    PAN-269731
    Fixed an issue where Panorama did not display logs from firewalls after upgrading to PAN-OS 10.2.11 on devices due to Elasticsearch (ES) getting restarted continuously.
    PAN-269291
    Fixed an issue where the scheduled report generation script did not return debug information.
    PAN-269052
    Fixed an issue where traffic was blocked by a URL filtering profile even though the Security policy rule did not have a URL filtering profile configured.
    PAN-268705
    Fixed an intermittent issue where the firewall failed to process FTP traffic after upgrading to PAN-OS 10.1.14.
    PAN-268168
    Fixed an issue where uploading files that were 5GB or larger to Google Drive or YouTube failed when a decryption policy rule for http2 was enabled.
    PAN-267662
    Fixed an issue where the firewall experienced a memory out-of-bounds access when the firewall was configured with SD-WAN and the SD-WAN plugin was loading, which caused the firewall to stop responding and drop VPN tunnels.
    PAN-267580
    Fixed an issue where an External Dynamic List (EDL) IP address in an unsupported format was recognized as valid on the firewall.
    PAN-267489
    Fixed an issue where firewalls on PAN-OS 11.2 releases were not able to successfully onboard to SCM with ZTP due to a commit failure in the bootstrap process.
    PAN-267444
    Fixed an issue where large file downloads or uploads failed or remained in an incomplete state when using DLP HTTP2 mirror mode.
    PAN-265219
    (VM-Series firewalls only) Fixed an issue where GRE traffic did not work properly.
    PAN-265021
    Fixed an issue where the firewall did not inspect NXDomain responses and follow the regular traffic inspection flow.
    PAN-261998
    Fixed an issue where the firewall configuration process restarted during an External Dynamic List refresh or a commit and push operation.
    PAN-261825
    Fixed an issue where traffic was dropped when Data Loss Prevention or Advanced URL Filtering were enabled. This occurred when the payload size was greater than 3.5 KB.
    PAN-261429
    Fixed an issue where the show auth radius-require-msg-authentic command CLI displayed no output.
    PAN-260300
    (PA-5410, PA-5420, PA-5430, PA-5440 and PA-5445 firewalls only) Fixed an issue related to the all_pktproc process where DPC slot 3 stopped responding.
    PAN-260235
    Fixed an issue where the firewall sent Threat logs and URL logs to an external syslog server without Security profile settings when Enhanced Application Logging was enabled.
    PAN-260090
    Fixed an issue where commit all operations failed when the application openair-psa was used as a keyword on a remote network instance that was upgraded to PAN-OS 10.2.4-h20.
    PAN-260015
    Fixed an issue on the firewall where enabling Inline Cloud Analysis features might cause the firewall to unexpectedly reboot, due to an issue related to loopback data handling.
    PAN-259076
    Fixed an issue where the firewall displayed an OCSP/CRL check failure when accessing websites.
    PAN-257619
    Fixed an issue on Panorama where the Task Manager took longer than expected to display managed firewall report tasks.
    PAN-255914
    (VM-Series firewalls on AWS environments only) Fixed an issue where a newly bootstrapped firewall required a management server restart, relicensing, or license push from Panorama to invoke the device certificate.
    PAN-255619
    Fixed an intermittent issue where file downloads from websites failed when decrypting HTTP/2 traffic.
    PAN-252381
    Fixed an issue where the Panorama web interface was slower than expected when opening interfaces, virtual routers, and zones in a template or template stack.
    PAN-245064
    (Multi-vsys firewalls only) Fixed an issue where commits failed on the firewall after selecting Export or push device config bundle on Panorama and a force push was required.
    PAN-233647
    Fixed an issue where Panorama management servers generated duplicate configuration logs.

    © 2026 Palo Alto Networks, Inc. All rights reserved.