K8s Pod Outbound Traffic Blocked by DNS-SecurityWhen an "allow-all" rule is configured in Strata Cloud Manager
( Manage →
Configuration → NGFW and Prisma
Access → Security Services
→ Security Policy) with the default
"best-practice" Profile Group, outbound traffic from a K8s
pod to the internet may be blocked due to DNS-Security
restrictions. Workaround: To ensure outbound traffic
functions correctly on Azure/AWS, set the security Profile
Group to "None" instead of "best-practice." |