>
    Strata Copilot
    PAN-OS 11.2.4-h4 Addressed Issues
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. PAN-OS 11.2.4 Known and Addressed Issues
    4. PAN-OS 11.2.4-h4 Addressed Issues
    Download PDF

    PAN-OS 11.2.4-h4 Addressed Issues

    Table of Contents

    PAN-OS 11.2.4-h4 Addressed Issues

    PAN-OS® 11.2.4-h4 addressed issues.
    Issue IDDescription
    PAN-276130
    Fixed an issue where, when a new IKEv2 was created on Panorama on a PAN-OS 11.2 release using the default IKE version (IKEv2) and IPSec crypto profiles with no specific changes to the crypto profile parameters, and the configuration was pushed to a firewall on PAN-OS 11.2.0 to PAN-OS 11.2.4, the firewall interpreted the IKEv2 gateway as IKEv1.
    PAN-274029
    Fixed an issue where upgrading Panorama and pushing configurations to the firewall caused an IKE version mismatch, which resulted in IPSec tunnel failure with the peer device.
    PAN-273994
    A fix was made to address CVE-2025-0111.
    PAN-273971
    A fix was made to address CVE-2025-0108.
    PAN-273278
    A fix was made to address CVE-2025-0109.
    PAN-273197
    Fixed an issue where the endpoint ID was not populated in logs when the least significant word of the Geneve header was 0.
    PAN-273165
    Fixed an issue where HTTP/2 sessions failed on the firewall when Dynamic Memory Management was enabled.
    PAN-273085
    Fixed an issue on the web interface where you were unable to edit or create policy rules.
    PAN-273019
    Fixed an intermittent issue where SSL decryption failed.
    PAN-272021
    (M-300 Appliances only) Fixed an issue where a split brain condition was not triggered during an inter-Log Collector disconnect between DLC firewalls in an Elasticsearch cluster, which resulted in missing logs.
    PAN-271926
    Fixed an issue where TLS 1.3 decryption failed with a bad record MAC error when the firewall was configured to decrypt and inspect TLS traffic.
    PAN-271828
    Fixed an issue where, after an accumulation proxy changed to no-decrypt or no proxy, only the Client Hello was sent to Content Threat Detection.
    PAN-270549
    Fixed an issue where some TLS connections were not handled correctly, which led to instability in the dataplane.
    PAN-270248
    		Fixed an issue where the firewall failed to forward logs to a SNMP trap server if the SNMP manager IP address was unable to be resolved.
    PAN-268815
    Fixed an issue where the firewall entered a non-functional state due to duplicate entries in the shared memory.
    PAN-268727
    		Fixed an issue where traffic was dropped when the accumulation proxy was enabled and header insertion modified packets.
    PAN-268229
    Fixed an issue where the firewall stopped responding during session setup for ECMP hit-count updates.
    PAN-268215
    (Panorama appliances in HA configurations only) Fixed an issue where, when Elasticsearch was forming a cluster and the port was disabled or disconnected and then reconnected, Elasticsearch did not reform the cluster
    PAN-267781
    Fixed an issue where Panorama did not display the Source Dynamic Address Group.
    PAN-267671
    Fixed an issue where the firewall rebooted unexpectedly due to the all_task process restarting and repeated OOM conditions occurring on the pan_task process.
    PAN-265742
    Fixed an issue on the Panorama web interface where the OK button on the GlobalProtect gateway configuration dialog box was not clickable.
    PAN-263987
    Fixed an issue on the firewall where, when a NAT transversal IPSec tunnel was terminated, and the NAT rule that was applied to the NAT-T IPSec tunnel was on the same firewall, traffic flowing through the tunnel was not correctly translated.
    PAN-252036
    Fixed an issue where, when the GlobalProtect portal was not configured, accessing the GlobalProtect gateway still loaded a portal malformed page.

    © 2026 Palo Alto Networks, Inc. All rights reserved.