Layer3 subinterface doesn't pass IPv6 traffic

• Client has configured a static IPV6 address on interface configuration and they also have selected "Use Interface ID as host portion" 

• Even though the IPV6 address was defined on the interface, client was unable to ping the sub-interface IPv6 address "2602:fe6a:a:d99::1/64". 
• When pinging from a IPV6 host to the firewall sub-interface, you could see that the neighbor solicitation messages being forward to the firewall, but there was no response. See the packet capture from the client below:

user1@ubuntu-49-59:~$ sudo tcpdump -vvveni eth1
[sudo] password for user1:
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
05:38:39.293587 00:50:56:81:f0:fd > 33:33:ff:00:00:01, ethertype IPv6 (0x86dd), length 86: (hlim 255, next-header ICMPv6 (58) payload length: 32) 2602:fe6a:a:d99:ff59:72db:2d58:9631 > ff02::1:ff00:1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2602:fe6a:a:d99::1
          source link-address option (1), length 8 (1): 00:50:56:81:f0:fd
            0x0000:  0050 5681 f0fd
05:38:40.291867 00:50:56:81:f0:fd > 33:33:ff:00:00:01, ethertype IPv6 (0x86dd), length 86: (hlim 255, next-header ICMPv6 (58) payload length: 32) 2602:fe6a:a:d99:ff59:72db:2d58:9631 > ff02::1:ff00:1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2602:fe6a:a:d99::1
          source link-address option (1), length 8 (1): 00:50:56:81:f0:fd
            0x0000:  0050 5681 f0fd
05:38:41.291859 00:50:56:81:f0:fd > 33:33:ff:00:00:01, ethertype IPv6 (0x86dd), length 86: (hlim 255, next-header ICMPv6 (58) payload length: 32) 2602:fe6a:a:d99:ff59:72db:2d58:9631 > ff02::1:ff00:1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2602:fe6a:a:d99::1
          source link-address option (1), length 8 (1): 00:50:56:81:f0:fd
            0x0000:  0050 5681 f0fd
05:38:42.309129 00:50:56:81:f0:fd > 33:33:ff:00:00:01, ethertype IPv6 (0x86dd), length 86: (hlim 255, next-header ICMPv6 (58) payload length: 32) 2602:fe6a:a:d99:ff59:72db:2d58:9631 > ff02::1:ff00:1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2602:fe6a:a:d99::1
          source link-address option (1), length 8 (1): 00:50:56:81:f0:fd
            0x0000:  0050 5681 f0fd
05:38:43.307873 00:50:56:81:f0:fd > 33:33:ff:00:00:01, ethertype IPv6 (0x86dd), length 86: (hlim 255, next-header ICMPv6 (58) payload length: 32) 2602:fe6a:a:d99:ff59:72db:2d58:9631 > ff02::1:ff00:1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2602:fe6a:a:d99::1
          source link-address option (1), length 8 (1): 00:50:56:81:f0:fd
            0x0000:  0050 5681 f0fd

• On the firewall, following commands can be used to determine the IPv6 address assigned to the interface. 

admin@Lab32-58-PA-500> show interface all

total configured hardware interfaces: 4

name                    id    speed/duplex/state        mac address
--------------------------------------------------------------------------------
ethernet1/2             17    1000/full/up              00:1b:17:32:a9:11
ethernet1/3             18    ukn/ukn/down(autoneg)     00:1b:17:32:a9:12
ethernet1/5             20    ukn/ukn/down(autoneg)     00:1b:17:32:a9:14
ethernet1/6             21    ukn/ukn/down(autoneg)     00:1b:17:32:a9:15

aggregation groups: 0


total configured logical interfaces: 5

name                id    vsys zone             forwarding               tag    address
------------------- ----- ---- ---------------- ------------------------ ------ ------------------
ethernet1/2         17    1    L3-Trust         vr:default               0      10.201.1.1/24
                                                                                fe80::21b:17ff:fe32:a911/64
                                                                                2602:fe6a:a:2::1/64
ethernet1/2.3892    310   1    L3-DMZ           vr:default               3892   10.201.99.1/24
                                                                                fe80::21b:17ff:fe32:a911/64
                                                                               2602:fe6a:a:d99:21b:17ff:fe32:a911/64

ethernet1/3         18    1    L3-Untrust       vr:default               0      10.46.40.58/23
ethernet1/5         20    1    L3-DMZ           vr:default               0      10.46.44.58/23
ethernet1/6         21    1    L3-Trust         vr:default               0      192.168.58.1/24

• From the screenshot above the GUI shows the static address as "2602:fe6a:a:d99::1/64"
• But from the CLI the interface address is "2602:fe6a:a:d99:21b:17ff:fe32:a911/64".
• Hence we are unable to ping the static address. 

• PAN-OS 8.1
• Layer 3 IPv6 interface or sub-interface 

• With "Use interface ID as host portion" is enabled on the IPv6 interface, the firewall uses the interface ID as the host portion of that address.
• If the interface has a static IPv6 address and "Use Interface ID as host portion" enabled. Firewall will take precedence over the static address and use address generated using the interface ID.  

1. If you are assigning a static IPv6 address to the interface, please make sure that "Use interface ID as host portion" is disabled on the interface. If that options is enabled, then the firewall will use the Interface ID to generate a IPv6 address and assign it to the interface.  

1. For Interface ID, enter the 64-bit extended unique identifier (EUI-64) in hexadecimal format (for example, 00:26:08:FF:FE:DE:4E:29).
2. If you leave this field blank, the firewall uses the EUI-64 generated from the MAC address of the physical interface.
3. If you enable the Use interface ID as host portion option when adding an address, the firewall uses the Interface ID as the host portion of that address.