Prisma AIRS
Deploy Prisma AIRS AI Runtime and VM-Series Firewalls
Table of Contents
Deploy Prisma AIRS AI Runtime and VM-Series Firewalls
Deploy Prisma AIRS AI Runtime and VM-Series firewalls in
public clouds.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
This section provides an overview of the deployment workflow overview for Prisma AIRS AI Runtime Firewall and VM-Series
firewalls in public cloud environments. It can be deployed in-line with your traffic to
actively monitor and protect your network in real-time.
You can use the deployment workflow in Strata Cloud Manager (Insights →
Prisma AIRS > Prisma AIRS Runtime Firewall) to generate a
Terraform template. This template deploys either Prisma AIRS AI
Runtime Firewall or VM-Series firewalls in your cloud environment.
Additionally, you Auto-Execute the deployment of AI
Runtime firewalls and VM-Series firewalls in AWS and Azure.
Management: Depending on the deployment Terraform type that you create
and deploy in your environment, the firewall can be managed by either Strata Cloud Manager or Panorama.
The following sections summarize the deployment workflow, provide links to detailed
steps, and explain how to view and manage your deployment Terraform templates.
Additional Deployment Options:
- VM-Series firewall deployment: See Deploy a VM-Series Firewall from Strata Cloud Manager.
- Manual deployment and bootstrapping: See Manually Deploy and Bootstrap Prisma AIRS AI Runtime Firewall.
Deploy, Configure, and Secure High-Level Workflow
This is the high-level workflow to:
- Deploy Prisma AIRS AI Runtime Firewall and VM-Series firewall.Select the deployment workflow for your chosen platform and cloud provider.
- Configure Strata Cloud Manager or Panorama to secure your
resources: VM workloads and Kubernetes clusters (at the namespace level with
traffic steering inspection). Also, configure interfaces, zones, NAT policy,
and routers.Enable SSL/TLS decryption on Prisma AIRS Firewall to decrypt traffic between AI applications and the AI models to detect and enforce AI security protection.
- (Optional) Configure IP-tag harvesting to collect the application tags from your public and hybrid Kubernetes clusters and enforce security policy rules based on these harvested application tags.
- Create security policy rules to inspect AI and traditional traffic.
- Monitor: Threat Logs and AI Security Logs.
View and Manage Terraform Templates
- Log in to Strata Cloud Manager.
- Navigate to .
- Select Network from the AI Runtime Security drop-down list at the top.
- Click on the Terraform deployment shield icon on the top right.
- View a list of Terraform templates under the Firewall Protection tab:
- Terraform template name.
- Deployment Status (deployed or not deployed).
- Application Type (AI Runtime Security or VMSeries).To confirm that the Prisma AIRS AI Runtime Firewall is deployed in your cloud environment, ensure that the Application Type is listed as "AI Runtime Security."
- Cloud type, which the network intercept will protect.
- Strata Cloud Manager Region.
- Managed by column indicates the platform used to manage your
firewall:
- cloud for firewalls managed by Strata Cloud Manager.
- panorama:<ip-address> for firewalls managed by Panorama.
For Panorama managed firewalls, the dashboard displays a status of "Not Deployed". To verify successful deployment, check that the Managed By field shows the IP address of your Panorama instance. - Number of Applications discovered (protected and unprotected).
- Terraform Creation date.
- In the Actions tab you can:
- Download Terraform templates
- Delete Terraform templates
- View associated firewalls for each template
![]()
