>
    Strata Copilot
    Create a Deployment Profile for Prisma AIRS AI Runtime: API Intercept
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma AIRS
    3. Activation & Onboarding
    4. Prisma AIRS AI Runtime: API Intercept Overview
    5. Create a Deployment Profile for Prisma AIRS AI Runtime: API Intercept
    Download PDF
    Prisma AIRS

    Create a Deployment Profile for Prisma AIRS AI Runtime: API Intercept

    Table of Contents

    Create a Deployment Profile for Prisma AIRS AI Runtime: API Intercept

    Create and associate a deployment profile in the Customer Support Portal for Prisma AIRS AI Runtime: API intercept.
    Where Can I Use This?What Do I Need?
    • Security-in-Code with Prisma AIRS AI Runtime: API intercept
    This section helps you to complete the onboarding process and generate a Strata Cloud Manager instance with Prisma AIRS AI Runtime: API intercept.

    Prerequisites

    • Prisma AIRS AI Runtime: API intercept feature is not available in FedRAMP-authorized cloud environments.
    • Contact Palo Alto Networks support for the first-time activation of a TSG in the Customer Support Portal.
    • To activate the deployment profile, you must have super-user privileges in TSG.
    • Ensure you have a credit pool available for Software NGFW credits, as these are required for licensing Prisma AIRS API. Your subscription includes Strata Cloud Manager, Enterprise DLP, and Strata Logging Service.
    • For onboarding Prisma AIRS AI Runtime: API intercept, ensure your TSG does not have an existing AIOps subscription. If it does, create a new TSG without AIOps (Strata Cloud Manager Base).

    Create a Deployment Profile for Prisma AIRS AI Runtime: API Intercept in Customer Support Portal

    1. Log in to the Palo Alto Customer Support Portal.
    2. Navigate to Products > Software/Cloud NGFW Credits.
    3. Locate your credit pool and click Create Deployment Profile.
    4. Under Select firewall type, select AI Runtime Security (API).
    5. Select Next.
    6. Enter a Profile Name.
    7. Enter the Max API calls per day (a minimum of 1000 API calls per day).
      All applications associated with a single deployment profile consume the daily API calls quota. When setting this value, consider how many applications you plan to associate with this deployment profile.
    8. Calculate Estimated Cost.
      The credits bundle the Strata Cloud Manager Pro, Enterprise DLP, and Strata Logging Service.
    9. Click Create Deployment Profile.
      This takes you to the Software NGFW Credits page in the Customer Support Portal.
      Next, you associate this deployment profile with a TSG as explained in the section below.

    Associate a Deployment Profile with a TSG

    The Hub creates an instance for Strata Cloud Manager Pro, DLP, and Strata Logging Service.
    Before you begin, create a deployment profile for Prisma AIRS AI Runtime: API intercept in the Customer Support Portal.
    1. Log in to Palo Alto Networks Customer Support Portal.
    2. Navigate to Products Software/Cloud NGFW Credits.
    3. Locate the credit pool you used to create the deployment profile and click Details.
    4. Locate your Prisma AIRS AI Runtime: API intercept deployment profile and click Finish Setup.
    5. In the Activate Subscriptions based on Deployment Profile(s) form, select the following:
    6. Select the Customer Support Account used to create your deployment profile from the available list.
    7. Select a Tenant.
      Verify that the Strata Logging Service is enabled for this tenant.
      Use separate tenants for enabling Prisma AIRS network and API intercepts.
    8. Select a Region.
      We support the Americas, EU (Germany), and India regions only.
      For more information on API key limitations, refer to the Prisma AIRS AI Runtime: API Intercept limitations documentation.
    9. In Select Deployment Profile, select the deployment profile you created previously.
    10. Click Done.
      Keep existing deployment profiles checked to maintain their association with the tenant.
    11. Enable Cloud Identity Engine or create a new one for centralized, cloud-based user identity management and enhanced security policy enforcement across your entire Palo Alto Networks deployment.
    12. Agree to the Terms and Conditions.
    13. Click Activate to activate the deployment profile.
      You must have super user privileges in the TSG to activate the deployment profile.
      When creating a new API key, associate it with an unused deployment profile. You can either select an existing unused deployment profile or create a new one.
      The activation takes you to the Hub page that shows the services that are activated. The Hub creates instances for:
      1. Strata Cloud Manager Pro (Cloud Management, Strata Cloud Manager, and ADEM SLS)
      2. Enterprise DLP
      3. Strata Logging Service
    14. Verify the TSG association completion in the Hub:
      1. Navigate to Common Services → Tenant Management.
      2. Select your tenant and switch to Deployment Profiles.
      3. Confirm that the Profile Association Status is Complete.
      This completes the provisioning. Next, activate the auth code to create an API key and an AI security profile in the Strata Cloud Manager.

    Edit Deployment Profile

    Edit your deployment profile to modify the value for maximum number of API calls per day limit.
    1. Log in to the Palo Alto Customer Support Portal.
    2. Navigate to Products → Software/Cloud NGFW Credits.
    3. Locate the credit pool you used to create the deployment profile and click Details.
    4. Locate your Prisma AIRS deployment profile, click on the three `...` dots next to the profile and click Edit Profile.
    5. Update the Max API call per day value and click Update Deployment Profile.
    6. Click View Tenant for the updated deployment profile. This takes you to the Hub page.
    7. Agree to the Terms and Conditions.
    8. Activate. This takes a while to re associate your updated deployment profile to the TSG, you can then connect to the Strata Cloud Manager tenant.

    Deactivate Deployment Profile

    This section shows how to deactivate a deployment profile in Customer Support Portal.
    1. Log in to the Palo Alto Customer Support Portal.
    2. Navigate to Products → Software/Cloud NGFW Credits.
    3. Select the AI Runtime Security (API) tab.
    4. Select the three `...` dots next to the Prisma AIRS and click Deactivate Firewall.
      This deactivates the Prisma AIRS AI Runtime: API intercept and revokes the API keys associated with this auth code.

    © 2025 Palo Alto Networks, Inc. All rights reserved.