BugZero | Palo Alto Networks BugID PAN-246056 - Fixed an issue where single TLS session packets we...

Palo Alto Networks - Defect ID: PAN-246056

Fixed an issue where single TLS session packets were sent to multiple firewalls when off-loading was enabled and ECMP was disabled.

Palo Alto Networks - Defect ID: PAN-246056

Fixed an issue where single TLS session packets were sent to multiple firewalls when off-loading was enabled and ECMP was disabled.

Last updated on May 27th, 2026

BugZero Risk Score
6.3 Medium

Overall: 6.3

Severity: 6.4

Community: 3.7

Lifecycle: 10.0

What is the BugZero Risk Score?

Palo Alto Networks Integration

Learn more about where this data comes from

Palo Alto Networks Integration

Learn more

BugZero Plan

Streamline upgrades with automated vendor bug scrubs

BugZero Plan

Learn more

BugZero Prevent

Wish you caught this bug sooner? Get proactive today.

BugZero Prevent

Learn more

Bug Details

Description

Disclaimer

Known affected versions were inferred from fixed-version data and were not explicitly confirmed by the vendor: 11.2.2-h2

The earliest recollection of this bug is traced back to PAN-OS 11.2.3 - May 27, 2026. This bug is fixed in PAN-OS versions 11.2.3. Fixed an issue where single TLS session packets were sent to multiple firewalls when off-loading was enabled and ECMP was disabled. For more information: https://docs.paloaltonetworks.com/pan-os/11-2/pan-os-release-notes/pan-os-11-2-3-known-and-addressed-issues/pan-os-11-2-3-addressed-issues

Change history

2026-05-27 Added: 11.2.2-h2

No changes to display

Top Palo Alto Networks Defects

6.3Defect ID: PAN-242147
( PA-1410 firewalls only ) Fixed an issue where the firewall did not block STP packets when the ports on the connected routers were in access mode.
6.3Defect ID: PAN-246059
Fixed an issue where forwarded logs were not visible on Panorama due to the Elasticsearch service not starting when it encountered old and unsupported indices.
6.3Defect ID: PAN-231194
Fixed an issue where the firewall was unable to clear hints from the disk.
6.3Defect ID: PAN-232214
Fixed an issue where GlobalProtect clients remained in the connecting state during portal pre-login when Kerberos single sign-on (SSO) was enabled.
6.3Defect ID: PAN-246056
Fixed an issue where single TLS session packets were sent to multiple firewalls when off-loading was enabled and ECMP was disabled.

Ready to prevent the next vendor outage?

Get a demo

Palo Alto Networks - Defect ID: PAN-246056

Fixed an issue where single TLS session packets were sent to multiple firewalls when off-loading was enabled and ECMP was disabled.

Palo Alto Networks - Defect ID: PAN-246056

Fixed an issue where single TLS session packets were sent to multiple firewalls when off-loading was enabled and ECMP was disabled.

Last updated on May 27th, 2026

BugZero Risk Score6.3 Medium

Bug Details

Disclaimer

Links

Top Palo Alto Networks Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.3 Medium