The earliest recollection of this bug is traced back to PAN-OS 10.1.5-h2 - February 19, 2025. This bug is fixed in PAN-OS versions 10.2.4, 10.1.6, 10.1.5-h2. ( PA-5450 and PA-3200 Series firewalls that use an FE101 processor only ) Fixed an issue where packets in the same session were forwarded through a different member of an aggregate ethernet group when the session was offloaded. The fix is that you can use the following CLI command to change the default tag setting to the tuple setting: admin@firewall> set session lag-flow-key-type ? > tag tag > tuple tuple tag is the default behavior (tag based on the CPU, tuple based on the FE). tuple is the new behavior, where both CPU and FE use the same selection algorithm. Use the following command to display the algorithm: admin@firewall> show session lag-flow-key-type dp0: tuple based on fe100 dp1: tuple based on fe100 For more information: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-5-known-and-addressed-issues/pan-os-10-1-5-h2-addressed-issues https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-6-known-and-addressed-issues/pan-os-10-1-6-addressed-issues https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-release-notes/pan-os-10-2-4-known-and-addressed-issues/pan-os-10-2-4-addressed-issues