>
    Strata Copilot
    Manage Auto-Execute Deployed Firewalls
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma AIRS
    3. Administration
    4. Manage Auto-Execute Deployed Firewalls
    Download PDF
    Prisma AIRS

    Manage Auto-Execute Deployed Firewalls

    Table of Contents

    Manage Auto-Execute Deployed Firewalls

    Learn how to decommission AI Runtime Firewalls and associated cloud resources that you deployed with the Auto-Execute process.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • Prisma AIRS AI Runtime Firewall
    You might need to decommission some deployed firewalls and cloud resources as your network changes. To decommission a auto-executed firewall, delete a Terraform template of an auto-execute deployment, the associated firewalls, and any cloud resources deployed in your cloud environment. Additionally, this process releases the Software NGFW credits used to license the deployed firewalls. This process does not modify or delete your cloud account, so you can deploy more firewalls in that cloud account as needed.
    If you have mesh-enabled firewalls deployed in AWS or you have an AWS account onboarded for orchestration, but not yet deployed any mesh-enabled firewalls,ensure that you've added the permission "ec2:RevokeSecurityGroupIngress" to your IAM roles. Then reapply the Terraform template to sync your IAM Role with the latest permissions required by Prisma AIRS orchestration.
    1. Log in to Strata Cloud Manager.
    2. Disable and reenable the cloud account.
    3. Navigate to AI SecurityAI RuntimeAI Runtime Firewall.
    4. Click the shield
      icon.
    5. Click the Terraform Templates tab.
    6. Select the delete
      icon to decommission the Terraform template and cloud resources deployed by Prisma AIRS.

    Monitor the Decomissioning Process

    You can monitor the progress of the removal on the Cloud Task log tab. If any errors occur, the removal fails and the log states the reason for the failure.
    1. Navigate to AI SecurityAI RuntimeAI Runtime Firewall.
    2. Click the shield
      icon.
    3. Select the Cloud Task log tab.
    4. Locate the Terraform template by entering its name in the search bar.
      The decommission might succeed but some errors might be logged. In the following example, the decommission succeeded but the Cloud Task log displayed errors in the Purge MSF Managed Folders from SCM.
      The Purge MSF Managed Folders from SCM activity within the Decommission task may currently log an error if other active firewall clusters exist in the same folder, but this error has no functional impact on the system.

    © 2025 Palo Alto Networks, Inc. All rights reserved.