Prisma AIRS AI Runtime Firewall Prerequisites and Limitations

Table of Contents

A list of Prisma AIRS AI Runtime firewall prerequisites and limitations.

Where Can I Use This?	What Do I Need?
Prisma AIRS AI Runtime Security	Prisma AIRS Licenses

Prerequisites

Prisma AIRS Licenses.
Review the AI Models on Public Clouds Support Table.
Terraform version > 1.3 and < 2.
Each Prisma AIRS AI Runtime: Network intercept requires a minimum of 4 vCPUs.
Optional Helm if you want to protect the Kubernetes clusters.
Enable Cloud Management for Prisma AIRS AI Runtime: Network intercept using Strata Cloud Manager.

Contact Palo Alto Networks support or your account team and provide the following information: tenant service group (TSG) ID, tenant name, and region.

Licensing Capacity Limit: Limited to processing up to 10K AI transactions per day per vCPU of Prisma AIRS AI Runtime: Network intercept.
The following regions are supported:
- Strata Cloud Manager and tenant service group (TSG): US, UK, India, Canada, and Singapore regions only.
- Cloud Service Providers (AWS, Azure, and GCP): Any region supported.
- Log Storage and AI Traffic Processing:
  - All logs are stored in the above supported regions.
  - All AI traffic is sent to the US region for threat inspection.
Prisma AIRS AI Runtime: Network intercept can harvest IP-tags only from public and hybrid clusters on GCP, Azure, and AWS cloud platforms.
Prisma AIRS AI Runtime: Network intercept is supported for private clouds, for example, ESXi, KVM, Rancher, and Rosa OpenShift.