The earliest recollection of this bug is traced back to PAN-OS 11.1.10-h4 - January 30, 2026. This bug is fixed in PAN-OS versions 11.1.6-h17, 11.2.8, 11.1.10-h4, 11.1.11. Fixed an issue where a selective push from Panorama caused the firewall security policy rules to be removed on firewalls associated with the device group. This occurred when the base configuration version chosen for the selective push preceded the device config import operation, which caused the imported configuration to not be included in the pushed configuration. Fixed an issue where a selective push from Panorama caused the firewall Security policy rules to be removed on firewalls associated with the device group. This occurred when the base configuration version chosen for the selective push preceded the device config import operation, which caused the imported configuration to not be included in the pushed configuration. Fixed an issue where a selective push from Panorama caused the firewall Security policy rules to be removed on firewalls associated with the device group. This occurred when the base configuration version chosen for the selective push preceded the device configuration import operation, which caused the imported configuration to not be included in the pushed configuration. For more information: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-10-known-and-addressed-issues/pan-os-11-1-10-h4-addressed-issues https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-11-known-and-addressed-issues/pan-os-11-1-11-addressed-issues https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-6-known-and-addressed-issues/pan-os-11-1-6-h17-addressed-issues https://docs.paloaltonetworks.com/pan-os/11-2/pan-os-release-notes/pan-os-11-2-8-known-and-addressed-issues/pan-os-11-2-8-addressed-issues