Addressed Issues
Focus
Focus
AI Runtime Security

Addressed Issues

Table of Contents

Addressed Issues

Addressed issues in AI Runtime Security
Review the addressed issues in AI Runtime Security.
ISSUE IDDESCRIPTION
PAN-265124K8s Pod Outbound Traffic Blocked by DNS-Security
When an "allow-all" rule is configured in Strata Cloud Manager (Manage → Configuration → NGFW and Prisma Access → Security Services → Security Policy) with the default "best-practice" Profile Group, outbound traffic from a K8s pod to the internet may be blocked due to DNS-Security restrictions.
Workaround: To ensure outbound traffic functions correctly on Azure/AWS, set the security Profile Group to "None" instead of "best-practice."
ADI-34257Cloning a security policy rule (Manage → Configuration → NGFW and Prisma Access → Security Services → Security Policy) in Strata Cloud Manager that uses an AI profile group does not update the AI profile usage in the cloned rule.
ADI-34273When moving an AI Security profile (Manage → Configuration → NGFW and Prisma Access → Security Services → AI Security) in Strata Cloud Manager from one device scope to another, deleting the security profile in the new device scope fails.
PAN-264445
Fixed in 11.2.3-h1
SSL traffic failed between secure pods with decryption enabled, leading to SSL handshake problems as packets were routed to the incorrect endpoint.
PAN-26818
Fixed in 11.2.3-h1
Traffic log incorrectly showed non-AI HTTP/2 traffic as AI traffic. Logs are now accurate, reflecting only actual AI traffic.
PAN-266218
Fixed in 11.2.3-h1
Kubernetes cluster ID from the CNI was not detected, resulting in missing AWS traffic object IDs in east-west and outbound traffic session information.
PAN-266219
Fixed in 11.2.3-h1
Kubernetes cluster ID was missing in the HTTP/2 traffic logs under Incidents and Alerts → Log Viewer → Firewall/AI Security on the Strata Cloud Manager.