The earliest recollection of this bug is traced back to PAN-OS 8.1.15 - July 22, 2025. This bug is fixed in PAN-OS versions 9.1.3, 8.1.15. Fixed an issue where, in an HA active/active configuration in a virtual wire deployment with asymmetric traffic, decryption did not work for some sites. Fixed an issue where, in a high availability (HA) active/active configuration in a virtual wire deployment with asymmetric traffic, decryption did not work for some sites. For more information: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-15-addressed-issues https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-3-addressed-issues