>
    Strata Copilot
    Pre-requisites to Deploy Microperimeter
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma AIRS
    3. Administration
    4. Microperimeter
    5. Pre-requisites to Deploy Microperimeter
    Download PDF
    Prisma AIRS

    Pre-requisites to Deploy Microperimeter

    Table of Contents

    Pre-requisites to Deploy Microperimeter

    Pre-requisites to deploy Microperimeter.
    Where Can I Use This?What Do I Need?
    • Prisma AIRS
    • Private and public cloud platforms, including ESXi, KVM, Nutanix, AWS, Azure, and GCP.
    The Microperimeter agent must be installed on a supported Linux distribution. The solution does not currently support bare metal servers or Windows workloads.
    Supported Operating Systems
    Ensure your workloads run one of the following non-EOL Linux distributions:
    Non-EOL Linux distributions supporting Microperimeter
    Ubuntu 22.04 or 24.04
    RedHat Enterprise Linux (RHEL) 8.x or 9.x
    AlmaLinux 8.x or 9.x
    Rocky Linux 8.x or 9.x
    OpenSuse 15.6
    Panredirect Package
    • Navigate to Updates > Software Updates > Traffic Redirector and download the panredirect installer package from the Customer Support Portal (CSP).
    • Allow UDP/6081 inbound and outbound traffic for firewall IP used for redirection.
    Firewall Requirements
    • Based on the linux distribution, configure the firewalls in your Linux environment to allow Geneve redirection.
      To enable geneve in RedHat Linux on public Linux firewall zone, execute the following command:firewall-cmd --zone=public --add-port=6081/udp --permanent
    • Redirected traffic re-entering the same firewall is not supported. The data interface used for this feature must be dedicated to this feature and not used for other traffic.
    ​​Software and Licensing
    This feature is supported with Prisma AIRS firewalls, standard VM-Series firewalls do not support this feature.
    Interface Configuration
    Configure at least one Layer 3 (L3) data interface with the following:
    • A static IPv4 address (IPv6 is not currently supported).
    • A dedicated Security Zone and Virtual Router (VRouter).
    Management Profile
    To support telemetry and health checks, attach an Interface Management Profile to the data interface that allows HTTPS and ping.

    © 2026 Palo Alto Networks, Inc. All rights reserved.