| ISSUE ID | DESCRIPTION |
| PAN-265124 | K8s Pod Outbound Traffic Blocked by DNS-SecurityWhen an "allow-all" rule is configured in Strata Cloud Manager
( Manage →
Configuration → NGFW and Prisma
Access → Security Services
→ Security Policy) with the default
"best-practice" Profile Group, outbound traffic from a K8s
pod to the internet may be blocked due to DNS-Security
restrictions. Workaround: To ensure outbound traffic
functions correctly on Azure/AWS, set the security Profile
Group to "None" instead of "best-practice." |
| ADI-34257 | Cloning a security policy rule
(Manage →
Configuration → NGFW and Prisma
Access → Security Services
→ Security Policy) in Strata Cloud Manager that uses an AI profile
group does not update the AI profile usage in the cloned rule. |
| ADI-34273 | When moving an AI Security profile
(Manage →
Configuration → NGFW and Prisma
Access → Security
Services → AI Security) in Strata Cloud Manager from one device scope
to another, deleting the security profile in the new device scope
fails. |
| PAN-264445 Fixed in 11.2.3-h1 | SSL traffic failed between secure pods with decryption enabled,
leading to SSL handshake problems as packets were routed to the
incorrect endpoint. |
| PAN-268187 Fixed in 11.2.3-h1 | Traffic log incorrectly showed non-AI HTTP/2 traffic as AI traffic.
Logs are now accurate, reflecting only actual AI traffic. |
| PAN-266218 Fixed in 11.2.3-h1 | Kubernetes cluster ID from the CNI was not detected, resulting in
missing AWS traffic object IDs in east-west and outbound traffic session
information. |
| PAN-266219 Fixed in 11.2.3-h1 | Kubernetes cluster ID was missing in the HTTP/2 traffic
logs under Incidents and Alerts → Log
Viewer → Firewall/AI Security on
the Strata Cloud Manager. |
