Addressed Issues
Focus
Focus
Prisma AIRS

Addressed Issues

Table of Contents

Addressed Issues

Addressed issues in Prisma AIRS.
Review the addressed issues in Prisma AIRS.
ISSUE IDDESCRIPTION
PAN-265124K8s Pod Outbound Traffic Blocked by DNS-Security
When an "allow-all" rule is configured in Strata Cloud Manager (Manage → Configuration → NGFW and Prisma Access → Security Services → Security Policy) with the default "best-practice" Profile Group, outbound traffic from a K8s pod to the internet may be blocked due to DNS-Security restrictions.
Workaround: To ensure outbound traffic functions correctly on Azure/AWS, set the security Profile Group to "None" instead of "best-practice."
ADI-34257Cloning a security policy rule (Manage → Configuration → NGFW and Prisma Access → Security Services → Security Policy) in Strata Cloud Manager that uses an AI profile group does not update the AI profile usage in the cloned rule.
ADI-34273When moving an AI Security profile (Manage → Configuration → NGFW and Prisma Access → Security Services → AI Security) in Strata Cloud Manager from one device scope to another, deleting the security profile in the new device scope fails.
PAN-264445
Fixed in 11.2.3-h1
SSL traffic failed between secure pods with decryption enabled, leading to SSL handshake problems as packets were routed to the incorrect endpoint.
PAN-268187
Fixed in 11.2.3-h1
Traffic log incorrectly showed non-AI HTTP/2 traffic as AI traffic. Logs are now accurate, reflecting only actual AI traffic.
PAN-266218
Fixed in 11.2.3-h1
Kubernetes cluster ID from the CNI was not detected, resulting in missing AWS traffic object IDs in east-west and outbound traffic session information.
PAN-266219
Fixed in 11.2.3-h1
Kubernetes cluster ID was missing in the HTTP/2 traffic logs under Incidents and Alerts → Log Viewer → Firewall/AI Security on the Strata Cloud Manager.