Fixed an issue where the pan_task process stopped responding when the firewall attempted to forward files to the WildFire public cloud, which caused the dataplane to experience heartbeat failures.

(VM-Series firewalls on Amazon Web Services (AWS) GWLB environments only) Fixed an issue where the firewall CPU usage reached 100% after upgrading to PAN-OS 11.1.6-h1.

Fixed an issue where, after an upgrade, the SNMP polled values for IF-MIB::ifInErrors displayed a high number of errors that did not match the values in the CLI show interface command.

(Firewalls in HA configurations only) Fixed an issue where, after an upgrade, the mac receive error counter in receive incoming errors increased, which resulted in SNMP alerts.

(PA-3400 Series firewalls only) Fixed an issue where the firewall unexpectedly rebooted and entered maintenance mode due to a ctd-agent out-of-memory (OOM) condition. This occurred during advanced services load testing and a high volume of IoT EAL log forwarding.

Fixed an issue where custom reports showed incomplete data when exported in CSV format from Panorama.

Fixed an issue on the web interface were you were unable to scroll up or down to view source zones in a NAT policy rule.

Fixed an issue with an SNMPv3 EngineBoots value discrepancy that prevented to SNMP server from logging.

Fixed an issue where packets were dropped initially when a SYN cookie with activation threshold 0 was enabled.

Fixed an issue where the firewall did not display VPC endpoints when there was a large amount of VPC endpoints to interface mappings.

Fixed an issue where DNS requests to malware sites were not blocked as expected, and the dns-security-categories log-level and action displayed default values instead of unavailable.

(PA-7000 Series firewalls in HA configurations only) Fixed an issue where the firewall failed over into a non-functional state, and the LFC LED was blinking on the passive firewall.

Fixed a memory leak issue related to the configd process that occurred when running consecutive commits for multiple days.

Fixed an issue where the firewall redirected the user to the first application instead of the portal page with a list of applications when multiple applications were configured for GlobalProtect clientless VPN along with any user match.

(Firewalls with DPDK enabled in Azure, GCP, AWS, and KVM environments only) Fixed an issue where, after an upgrade to PAN-OS 11.1.4, the mac receive error counter increased without an error even though traffic was not impacted.

(VM-Series firewalls on KVM only) Fixed an issue where the firewall entered maintenance mode after an auto-commit when sending an ARP packet through the loopback interface using an IPv6 address.

Fixed an issue where the firewall did not start Elasticsearch after a commit if Elasticsearch was not previously enabled and started.

Fixed an issue where the show auth radius-require-msg-authentic command CLI displayed no output.

Fixed an issue on Panorama where, when the Commit and Push button was clicked during a selective Commit and Push operation, the window stopped responding, which caused the operation to be delayed.

Fixed an issue where mTLS decryption bypass did not work when the decryption profile was configured with the maximum TLS version as TLS 1.3.

Fixed an issue where OSPF redistributed connected routes beyond the intended loopback IP address.

Fixed an issue where the firewall removed the TCP timestamp from client hello messages that did not fit in a single packet, which resulted in connection issues.

Fixed an issue where, after disabling and re-enabling the external syslog server, the TCP session was not resumed, which caused all logs that were forwarded to the syslog server to be dropped.

Fixed an issue where processes stopped responding when HTTPS Forward traffic was run.

Fixed an issue where DNS domain resolutions experienced intermittent delays due to the firewall not connecting to the DNS Security cloud.

Fixed an issue where the error message Failed to reload config files displayed in the system logs even when device telemetry was not enabled.

Fixed an memory leak issue related to TLS inbound decryption.

(PA-5250 firewalls only) Fixed an issue where IPv6 pings experienced a high number of dropped packets when forwarded to another dataplane, which resulted in ping failures. This occurred when initiating a ping to the link local address of the firewall and the packet drop percentage depended on the number of dataplanes.

Fixed an issue where the QSPF transceiver interface displayed an incorrect range figure on the temperature alarm.

Fixed an issue where the root partition reached 100% which caused the system to become non-functional and failover even when aggressive cleaning was enabled.

Fixed an issue where traffic failed when Inline cloud analysis (Advanced Threat Prevention) was enabled in the Anti-Spyware profile with the action set to anything other than allow or alert and the maximum latency condition was reached.

Fixed an issue where SNMP monitoring of tunnel interfaces displayed zero values for received bytes and packets.

Fixed an issue where User-ID connections were lost after an HA failover.

Fixed an issue where Device Telemetry failed due to an issue with the encoding of characters in the log file path.

Fixed an issue where the GlobalProtect client did not automatically initiate a Kerberos SSO connection after logging in to Windows.

Fixed an issue where socket files created in the /tmp directory were not cleared.

Fixed an issue where Panorama did not display the management IP address of devices onboarded via ZTP.

Fixed an intermittent issue where the firewall failed to process FTP traffic after upgrading to PAN-OS 10.1.14.

Fixed an issue where BFD sessions did not come up even when BGP peering was established.

Fixed an issue where multicast streams were unstable with ECMP and dropped every 30 seconds.

Fixed an issue where filtering BGP routes by peer name in Advanced Routing Engine (ARE) did not display the correct routes.

Fixed an issue where users were unable connect to the portal due to Certificate Revocation List (CRL) checks due to the downloaded CRL file being expired, which caused the CRL cache to be bypassed.

Fixed an issue where BFD sessions took longer than expected to establish after an HA failover due to BGP.

(VM-Series firewalls in Microsoft Azure environments only) Fixed an issue where enabling flow basic on firewalls caused ARP entries to be removed on both firewalls.

(Firewalls in active/active HA configurations only) Fixed an issue where packet loss occurred when dataport was used for HA3 for asymmetrically routed traffic during commits and a virtual wire was configured.

Fixed an issue where HA path monitoring using VWire did not work as expected after a reboot.

A fix was made to address CVE-2025-0123.

(Multi-vsys firewalls only) Fixed an issue where commits failed on the firewall after selecting Export or push device config bundle on Panorama and a force push was required.