Fixed an issue where, when a new IKEv2 was created on Panorama on a PAN-OS 11.2 release using the default IKE version (IKEv2) and IPSec crypto profiles with no specific changes to the crypto profile parameters, and the configuration was pushed to a firewall on PAN-OS 11.2.0 to PAN-OS 11.2.4, the firewall interpreted the IKEv2 gateway as IKEv1.

Fixed an issue where upgrading Panorama and pushing configurations to the firewall caused an IKE version mismatch, which resulted in IPSec tunnel failure with the peer device.

A fix was made to address CVE-2025-0111.

A fix was made to address CVE-2025-0108.

A fix was made to address CVE-2025-0109.

Fixed an issue where the endpoint ID was not populated in logs when the least significant word of the Geneve header was 0.

Fixed an issue where HTTP/2 sessions failed on the firewall when Dynamic Memory Management was enabled.

Fixed an issue on the web interface where you were unable to edit or create policy rules.

Fixed an intermittent issue where SSL decryption failed.

(M-300 Appliances only) Fixed an issue where a split brain condition was not triggered during an inter-Log Collector disconnect between DLC firewalls in an Elasticsearch cluster, which resulted in missing logs.

Fixed an issue where TLS 1.3 decryption failed with a bad record MAC error when the firewall was configured to decrypt and inspect TLS traffic.

Fixed an issue where early TLS data was not handled correctly by the accumulation proxy.

Fixed an issue where the firewall entered a non-functional state due to duplicate entries in the shared memory.

Fixed an issue where the firewall stopped responding during session setup for ECMP hit-count updates.

(Panorama appliances in HA configurations only) Fixed an issue where, when Elasticsearch was forming a cluster and the port was disabled or disconnected and then reconnected, Elasticsearch did not reform the cluster

Fixed an issue where Panorama did not display the Source Dynamic Address Group.

Fixed an issue where the firewall rebooted unexpectedly due to the all_task process restarting and repeated OOM conditions occurring on the pan_task process.

Fixed an issue on the Panorama web interface where the OK button on the GlobalProtect gateway configuration dialog box was not clickable.

Fixed an issue on the firewall where, when a NAT transversal IPSec tunnel was terminated, and the NAT rule that was applied to the NAT-T IPSec tunnel was on the same firewall, traffic flowing through the tunnel was not correctly translated.

Fixed an issue where, when the GlobalProtect portal was not configured, accessing the GlobalProtect gateway still loaded a portal malformed page.