AI Runtime Security: Network intercept is deployed in-line with your
traffic, allowing it to actively monitor and protect your network in real-time.
The deployment workflow (Insights → AI Runtime Security > Network) in
Strata Cloud Manager, allows you to generate a Terraform template to deploy the
network intercept (AI firewall) in your cloud environment.
Depending on the deployment Terraform type that you created and deployed in
your environment, the network intercept (AI firewall) can be managed by either Strata Cloud Manager or Panorama.
The following sections summarize the deployment workflow, provide links to detailed
steps, and explain how to view and manage your deployment Terraform templates.
Deploy, Configure, and Secure High-Level Workflow
Following is the workflow to deploy a network intercept, configure the Strata Cloud Manager to secure your resources, and create an AI security policy to
inspect AI traffic:
For specific deployment steps refer to the upcoming deployment workflows
designed for your chosen platforms and cloud provider.
Configure Strata Cloud Manager to
secure your VM workloads, and Kubernetes clusters, and configure interfaces,
zones, NAT policy, and routers.
Enable SSL/TLS decryption on AI Runtime Security: Network intercept to decrypt traffic
between AI applications and the AI models to detect and enforce AI
security protection.
(Optional) Configure IP-tags harvesting to collect the
application tags from your public and hybrid Kubernetes clusters and enforce
security policy rules based on these harvested application tags.
Select Network from the AI Runtime Security drop-down list at the
top.
Click on the Terraform deployment shield icon on the top right.
View a list of Terraform templates under the Firewall Protection tab:
Terraform template name.
Deployment Status (deployed or not deployed).
Application Type.
Cloud type, which the network intercept will protect.
Strata Cloud Manager Region.
Managed by platform (Strata Cloud Manager or Panorama).
Number of Applications discovered (protected and
unprotected).
Terraform Creation date.
The Actions tab allows you to:
Download Terraform templates
Delete Terraform templates
View associated firewalls for each template
To confirm that the AI network intercept is deployed in your cloud
environment. Ensure the Application Type is AI Runtime
Security.
The Managed By column indicates "cloud" for Strata Cloud Managed
firewalls and "panorama:<ip-address>" for Panorama-managed
firewalls.
Panorama managed firewalls
display a "Not Deployed" status. To verify successful deployment for
these firewalls, check that the Managed By field shows
"panorama:<ip-address>".
Contact the Palo Alto Networks Support team to learn about
the SLR Monitoring tab.