The earliest recollection of this bug is traced back to PAN-OS 11.1.10-h7 - March 12, 2026. This bug is fixed in PAN-OS versions 11.1.13, 11.2.10-h2, 11.2.11, 11.1.10-h7. Resolved multiple issues affecting IPSec tunnels using NAT Traversal (NAT-T) when a Dynamic NAT policy was configured (including Dynamic NAT or DIPP). During rekey events, tunnels could go down or flap due to incorrect session handling. This issue impacted both cluster and standalone deployments. For more information: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-10-known-and-addressed-issues/pan-os-11-1-10-h7-addressed-issues https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-13-known-and-addressed-issues/pan-os-11-1-13-addressed-issues https://docs.paloaltonetworks.com/pan-os/11-2/pan-os-release-notes/pan-os-11-2-10-known-and-addressed-issues/pan-os-11-2-10-h2-addressed-issues https://docs.paloaltonetworks.com/pan-os/11-2/pan-os-release-notes/pan-os-11-2-11-known-and-addressed-issues/pan-os-11-2-11-addressed-issues