Create traffic objects to specify cloud entities within specific clusters or VPC
endpoints to enforce customized security policy rules.
This page helps you to create a traffic object with specific cloud assets and map
the traffic object to a zone. Attach the zone to a security policy to enforce the policy
rules on the AI traffic sourced from this zone. This feature is part of the
AI Runtime Security licensing. The AI traffic from the zone is routed to the AI
Runtime Security instance for inspection.
Where Can I Use This? | What Do I Need? |
|
- AI Runtime Security
Licenses
- AI Deployment Profile in CSP
- Onboard Cloud Account in SCM
- AI Runtime Security instance
- PAN-CNI plugin on K8s Cluster
|
Prerequisite
Configure a Cluster ID in the Kubernetes
environment and configure the PAN-CNI plugin on a Kubernetes cluster to allocate the
network interfaces on each pod. To configure the PAN-CNI plugin for your Kubernetes
cluster, you need three YAML files: `pan-cni-configmap.yaml`, `pan-cni.yaml`, and
`pan-cni-multus.yaml`. These files are essential for setting up and managing the
PAN-CNI plugin to secure your Kubernetes clusters with the CN-Series firewall.
To create a policy object
of type Traffic objects: