Prisma AIRS
Deploy Prisma AIRS AI Runtime: Network Intercept in Public Clouds
Table of Contents
Deploy Prisma AIRS AI Runtime: Network Intercept in Public Clouds
Deploy Prisma AIRS AI Runtime: Network intercept in public
clouds.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
This section provides an overview of the deployment workflow overview for Prisma AIRS AI Runtime: Network intercept and VM-Series firewalls in public cloud environments. It can be deployed
in-line with your traffic to actively monitor and protect your network in real-time.
You can use the deployment workflow in Strata Cloud Manager (Insights →
Prisma AIRS > Prisma AIRS AI Runtime: Network intercept)
to generate a Terraform template. This template deploys either Prisma AIRS AI Runtime: Network intercept or VM-Series firewalls in your cloud environment.
Management: Depending on the deployment Terraform type that you create
and deploy in your environment, the firewall can be managed by either Strata Cloud Manager or Panorama.
The following sections summarize the deployment workflow, provide links to detailed
steps, and explain how to view and manage your deployment Terraform templates.
Additional Deployment Options:
- VM-Series firewall deployment: See Deploy a VM-Series Firewall from Strata Cloud Manager.
- Manual deployment and bootstrapping: See Manually Deploy and Bootstrap Prisma AIRS AI Runtime: Network Intercept.
Deploy, Configure, and Secure High-Level Workflow
This is the high-level workflow to:
- Deploy Prisma AIRS AI Runtime: Network intercept and
VM-Series firewall.Select the deployment workflow for your chosen platform and cloud provider.
- Configure Strata Cloud Manager or Panorama to secure your
resources: VM workloads and Kubernetes clusters (at the namespace level with
traffic steering inspection). Also, configure interfaces, zones, NAT policy,
and routers.Enable SSL/TLS decryption on Prisma AIRS: Network intercept to decrypt traffic between AI applications and the AI models to detect and enforce AI security protection.
- (Optional) Configure IP-tag harvesting to collect the application tags from your public and hybrid Kubernetes clusters and enforce security policy rules based on these harvested application tags.
- Create security policy rules to inspect AI and traditional traffic.
- Monitor: Threat Logs and AI Security Logs.
View and Manage Terraform Templates
- Log in to Strata Cloud Manager.
- Navigate to .
- Select Network from the AI Runtime Security drop-down list at the top.
- Click on the Terraform deployment shield icon on the top right.
- View a list of Terraform templates under the Firewall Protection tab:
- Terraform template name.
- Deployment Status (deployed or not deployed).
- Application Type (AI Runtime Security or VMSeries).To confirm that the Prisma AIRS AI Runtime: Network intercept is deployed in your cloud environment, ensure that the Application Type is listed as "AI Runtime Security."
- Cloud type, which the network intercept will protect.
- Strata Cloud Manager Region.
- Managed by column indicates the platform used to manage your
firewall:
- cloud for firewalls managed by Strata Cloud Manager.
- panorama:<ip-address> for firewalls managed by Panorama.
For Panorama managed firewalls, the dashboard displays a status of "Not Deployed". To verify successful deployment, check that the Managed By field shows the IP address of your Panorama instance. - Number of Applications discovered (protected and unprotected).
- Terraform Creation date.
- In the Actions tab you can:
- Download Terraform templates
- Delete Terraform templates
- View associated firewalls for each template
![]()
