Istio outbound https traffic troubleshooting

I have 2 AKS clusters, Cluster 1 and Cluster 2 both running Istio 1.14 minimal out-of-the-box (default configs).

Everything on Cluster 1 works as expected (after deploying Istio).

On Cluster 2, all HTTPS outbound connections initiated from my services (injected with istio-proxy) fail.

curl  #works
curl #fails

If I create a service entry for google, then the https curl works:

kind: ServiceEntry
  name: google
  - number: 443
    name: https
    protocol: HTTPS
  resolution: DNS
  location: MESH_EXTERNAL

Both Istio installations are out-of-the-box so meshConfig.outboundTrafficPolicy.mode is set to ALLOW_ANY (double-checked).

I’m starting to think the problem may lie in some cluster configs because I know there are some differences between the 2 clusters here.

How would you go about troubleshooting this? Do you think the issue is related to Istio or Cluster services/configs? What should I look into first?

Try to dump the outbound listener and router for 443

could you give a little more details as to how I would do that? Thanks