Prisma AIRS AI Runtime: Network Intercept Prerequisites and Limitations
Focus
Focus
Prisma AIRS

Prisma AIRS AI Runtime: Network Intercept Prerequisites and Limitations

Table of Contents

Prisma AIRS AI Runtime: Network Intercept Prerequisites and Limitations

A list of Prisma AIRS AI Runtime prerequisites and limitations.
Where Can I Use This?What Do I Need?
  • Prisma AIRS AI Runtime Security

Prerequisites

  • Prisma AIRS Licenses.
  • Review the AI Models on Public Clouds Support Table.
  • Terraform version > 1.3 and < 2.
  • Each Prisma AIRS AI Runtime: Network intercept requires a minimum of 4 vCPUs.
  • Optional Helm if you want to protect the Kubernetes clusters.
  • Enable Cloud Management for Prisma AIRS AI Runtime: Network intercept using Strata Cloud Manager.
    Contact Palo Alto Networks support or your account team and provide the following information: tenant service group (TSG) ID, tenant name, and region.

Limitations

  • Licensing Capacity Limit: Limited to processing up to 10K AI transactions per day per vCPU of Prisma AIRS AI Runtime: Network intercept.
  • The following regions are supported:
    • Strata Cloud Manager and tenant service group (TSG): US, UK, India, Canada, and Singapore regions only.
    • Cloud Service Providers (AWS, Azure, and GCP): Any region supported.
    • Log Storage and AI Traffic Processing:
      • All logs are stored in the above supported regions.
      • All AI traffic is sent to the US region for threat inspection.
  • Prisma AIRS AI Runtime: Network intercept can harvest IP-tags only from public and hybrid clusters on GCP, Azure, and AWS cloud platforms.
  • Prisma AIRS AI Runtime: Network intercept is supported for private clouds, for example, ESXi, KVM, Rancher, and Rosa OpenShift.