BugZero | Palo Alto Networks BugID PAN-299615 - Fixed an issue where, when the Network Packet Brok...

Palo Alto Networks - Defect ID: PAN-299615

Fixed an issue where, when the Network Packet Broker feature was enabled, forward TLS (non-decrypted) traffic was not working as expected when there were segmented client hellos and a no-decrypt rule existed. This issue occurred when Zone Protection profiles were configured for trust/untrust zones but not attached to NPB zones.

Palo Alto Networks - Defect ID: PAN-299615

Fixed an issue where, when the Network Packet Broker feature was enabled, forward TLS (non-decrypted) traffic was not working as expected when there were segmented client hellos and a no-decrypt rule existed. This issue occurred when Zone Protection profiles were configured for trust/untrust zones but not attached to NPB zones.

Last updated on December 3rd, 2025

BugZero Risk Score
6.3 Medium

Overall: 6.3

Severity: 6.4

Community: 3.7

Lifecycle: 10.0

What is the BugZero Risk Score?

Palo Alto Networks Integration

Learn more about where this data comes from

Palo Alto Networks Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Views: 1

Description

The earliest recollection of this bug is traced back to PAN-OS 11.1.10-h7 - December 03, 2025. This bug is fixed in PAN-OS versions 11.1.6-h21, 11.1.10-h7, 11.1.13. Fixed an issue where, when the Network Packet Broker feature was enabled, forward TLS (non-decrypted) traffic was not working as expected when there were segmented client hellos and a no-decrypt rule existed. This issue occurred when Zone Protection profiles were configured for trust/untrust zones but not attached to NPB zones. For more information: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-10-known-and-addressed-issues/pan-os-11-1-10-h7-addressed-issues https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-13-known-and-addressed-issues/pan-os-11-1-13-addressed-issues https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-6-known-and-addressed-issues/pan-os-11-1-6-h21-addressed-issues

Change history

2025-12-03 Added: 11.1.13

2025-12-03 Removed: 11.1.10-h7

2025-12-03 Added: 11.1.13

2025-12-02 Added: 11.1.13

2025-10-17 Added: 11.1.6-h21, 11.1.10-h7

Top Palo Alto Networks Defects

6.3Defect ID: PAN-214430
Fixed an issue where some commands did not have executable permissions.
6.3Defect ID: PAN-260185
Fixed an issue where a dataplane crash occurred in Inline Cloud Analysis action lookup because there were no vulnerability or anti-spyware profiles in the security policy rule.
6.3Defect ID: PAN-251646
Fixed an issue where commits failed with the error message Error: Error unserializing profile objects . This occurred due to memory allocation issues when a large number of scan profiles were configured.
6.3Defect ID: PAN-299615
Fixed an issue where, when the Network Packet Broker feature was enabled, forward TLS (non-decrypted) traffic was not working as expected when there were segmented client hellos and a no-decrypt rule existed. This issue occurred when Zone Protection profiles were configured for trust/untrust zones but not attached to NPB zones.
6.3Defect ID: PAN-288761
Fixed an issue on the firewall where the logrcvr process stopped responding.

Ready to prevent the next vendor outage?

Get a demo

Palo Alto Networks - Defect ID: PAN-299615

Palo Alto Networks - Defect ID: PAN-299615

Last updated on December 3rd, 2025

BugZero Risk Score6.3 Medium

Bug Details

Links

Top Palo Alto Networks Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.3 Medium