>
    Strata Copilot
    Networks Channels Management
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma AIRS
    3. AI Red Teaming
    4. Identify AI System Risks with AI Red Teaming
    5. Get Started with Prisma AIRS AI Red Teaming
    6. Network Channels
    7. Networks Channels Management
    Download PDF
    Prisma AIRS

    Networks Channels Management

    Table of Contents

    Networks Channels Management

    Procedure to create and manage network channels.
    Where Can I Use This?What Do I Need?
    • Prisma AIRS (AI Red Teaming)
    • Prisma AIRS AI Red Teaming License
    • Prisma AIRS AI Red Teaming Deployment Profile
    A channel is a unique communication pathway that clients use to establish connections. Each channel has a unique connection URL with authentication credentials. You will need to create and validate a channel first, before using it to add a target. Multiple channels can be created for different environments and each channel can handle multiple targets accessible to it.
    All the clients connected to the same channel are treated as homogenous. For channels with multiple clients connected, the requests will be routed through any of the clients using a round robin algorithm. This helps achieve a highly available client deployment.
    The status of the channel can be one of the following:
    Channel StatusDescription
    Draft
    The channel has not connected to any client yet.
    Online
    The channel is online, connected to a client and can be used to connect to the target.
    Offline
    The channel is offline, meaning it is not connected to any client.

    Create Channel

    Pre-requisites:
    Before creating a Network Channel, ensure you have the following tools installed and configured:
    • Kubernetes cluster—A running environment (local like Minikube/Kind, or cloud-based).
    • Kubectl—The command-line tool configured to communicate with your cluster.
    • Helm CLI—Version 3.x or higher for managing chart deployments.
    The Network Channel Client is configured with CPU and memory requests of 100m and 128Mi, respectively, while the resource limits are capped at 200m CPU and 256Mi memory.
    To create a new channel:
    1. Log in to Strata Cloud Manager.
    2. Navigate to AI SecurityAI Red TeamingNetwork Channels and Add Network channel.
    3. Enter the Channel Name.
    4. (Optional) Add a description.
    5. Add Channel.
      Once the channel is created, you will see the channel details along with the instructions to install and setup the client in your infra.
    6. Follow these steps for setting up the client and connecting to the channel.
      1. Setup network.
        Download the client to your desired location. Ensure the location meets the following requirements:
        • Network Access: Outbound (bidirectional) access to api.sase.paloaltonetworks.com,auth.apps.paloaltonetworks.com,registry.ai-red-teaming.paloaltonetworks.com.
        • Target Access: Access to all intended targets that will later be added via this channel. Any domains should also be resolvable if applicable.
      2. Configure Docker Registry.
        Create a pull secret using your tenant credentials:
        kubectl create secret docker-registry airs-pull-secret \
--docker-server=registry.ai-red-teaming.paloaltonetworks.com \
--docker-username=********** \
--docker-password=**********
        helm registry login registry.ai-red-teaming.paloaltonetworks.com \
--username=********** \
--password=**********
        • The docker pull secret is common across your tenant and can be generated only once.
        • To view the username and password, click the eye icon or copy to clipboard icon.
      3. Create Service Account.
        The client requires a service account to authenticate with the server. Follow the steps below to create one, or contact your admin if you lack the required permissions.
        1. Enter a name and description for the service account.
        2. Copy and save the Client ID and Client Secret.
        3. Assign a role with the "airt.network_channels_client" permission.
      4. Install Client.
        Create a pull secret using your tenant credentials:
        helm install panw-network-client oci://registry.ai-red-teaming.paloaltonetworks.com/pairs-redteam-prd-fckx/red-teaming-onprem/charts/panw-network-client:1.0.1 \
--set config.clientId=<CLIENT_ID> \
--set config.clientSecret=<CLIENT_SECRET> \
--set config.channelId=6eedd19e-649d-43d1-9135-032891976b2f
      5. Verify Connection & Validate Channel.
        Check the logs to ensure everything is configured correctly. Look for a message that says: "Connected to the server". Alternatively, you can select the Validate Channel to confirm the connection. If successful, the channel status will update to Online.
    7. Once the channel is validated and online, it's ready to be used to create a target.

    Manage Channels

    To manage channels:
    1. Log in to Strata Cloud Manager.
    2. Navigate to the AI SecurityAI Red TeamingNetwork Channels in the sidebar.
      This page lists all the channels added with their details.
      You can select the channel name to view the detailed overview of the channel that includes the channel validation details along with channel installation and setup information.
    3. You can now view and track the versions of all Network Channels clients. The Network Channel summary displays which channels have outdated clients, while the Channel Overview page shows instance-level information including hostname, IP address, connection time, and specific version for each client. When updates are available, passive notification is displayed with direct links to upgrade documentation, helping you maintain current deployments and access the latest Network Channel features.

    Additional Client Configurations

    • Client Upgrades
      Run the following command to upgrade the chart.
      helm upgrade panw-network-client oci://registry.ai-red-teaming.paloaltonetworks.com/pairs-
redteam-prd-fckx/red-teaming-onprem/charts/panw-network-client:<version> \
--set config.clientId=<CLIENT_ID> \
--set config.clientSecret=<CLIENT_SECRET> \
--set config.channelId=<CHANNEL_ID>
    • Custom SSL Support
      • Custom SSL is supported on client version 1.0.4 or higher.
      • To enable Custom SSL, set config.disableSSLVerification=true.
      helm upgrade panw-network-client oci://registry.ai-red-teaming.paloaltonetworks.com/pairs-
redteam-prd-fckx/red-teaming-onprem/charts/panw-network-client:1.0.4 \
--set config.clientId=<CLIENT_ID> \
--set config.clientSecret=<CLIENT_SECRET> \
--set config.channelId=<CHANNEL_ID> \
--set config.disableSSLVerification=true
      • This setting disables SSL certificate verification. Ensure you trust the endpoint you are connecting to.
      • For production environments with valid SSL certificates, this setting is not required.
      • Custom SSL certificates are typically used in on-premises or private cloud deployments with self-signed or internal CA certificates.
    • Proxy Configuration
      To configure proxy settings for the Network Channels client, use the following additional parameters (available in client version 1.0.5 and above):
      • config.noProxy
      • config.httpProxy
      • config.httpsProxy
      helm install panw-network-client oci://registry.ai-red-teaming.paloaltonetworks.com/pairs-redteam-prd-fckx/red-teaming-onprem/charts/panw-network-client:1.0.5 \
--set config.clientId=<CLIENT_ID> \
--set config.clientSecret=<CLIENT_SECRET> \
--set config.channelId=<CHANNEL_ID> \
--set config.noProxy= \
--set config.httpProxy= \
--set config.httpsProxy=

    © 2026 Palo Alto Networks, Inc. All rights reserved.