Deploy AI Runtime Security: Network Intercept in Public Clouds
Focus
Focus
AI Runtime Security

Deploy AI Runtime Security: Network Intercept in Public Clouds

Table of Contents

Deploy AI Runtime Security: Network Intercept in Public Clouds

Deploy AI Runtime Security: Network Intercept in public clouds.
This page provides an overview of the deployment workflow for AI Runtime Security: Network intercept in public cloud environments.
Where Can I Use This?What Do I Need?
  • AI Runtime Security
AI Runtime Security: Network intercept is deployed in-line with your traffic, allowing it to actively monitor and protect your network in real-time.
The deployment workflow (Insights → AI Runtime Security > Network) in Strata Cloud Manager, allows you to generate a Terraform template to deploy the network intercept (AI firewall) in your cloud environment.
Depending on the deployment Terraform type that you created and deployed in your environment, the network intercept (AI firewall) can be managed by either Strata Cloud Manager or Panorama.
The following sections summarize the deployment workflow, provide links to detailed steps, and explain how to view and manage your deployment Terraform templates.

Deploy, Configure, and Secure High-Level Workflow

Following is the workflow to deploy a network intercept, configure the Strata Cloud Manager to secure your resources, and create an AI security policy to inspect AI traffic:
  • For specific deployment steps refer to the upcoming deployment workflows designed for your chosen platforms and cloud provider.
  • Configure Strata Cloud Manager to secure your VM workloads, and Kubernetes clusters, and configure interfaces, zones, NAT policy, and routers.
    Enable SSL/TLS decryption on AI Runtime Security: Network intercept to decrypt traffic between AI applications and the AI models to detect and enforce AI security protection.
  • (Optional) Configure IP-tags harvesting to collect the application tags from your public and hybrid Kubernetes clusters and enforce security policy rules based on these harvested application tags.
  • Create an AI Security Profile and associate it with a security policy to inspect AI traffic.
  • Investigate Threat Logs and AI Security Logs: Log Viewer.

View and Manage Terraform Templates

  1. Log in to Strata Cloud Manager.
  2. Select Insights → AI Runtime Security.
  3. Select Network from the AI Runtime Security drop-down list at the top.
  4. Click on the Terraform deployment shield icon on the top right.
  5. View a list of Terraform templates under the Firewall Protection tab:
    1. Terraform template name.
    2. Deployment Status (deployed or not deployed).
    3. Application Type.
    4. Cloud type, which the network intercept will protect.
    5. Strata Cloud Manager Region.
    6. Managed by platform (Strata Cloud Manager or Panorama).
    7. Number of Applications discovered (protected and unprotected).
    8. Terraform Creation date.
    9. The Actions tab allows you to:
      • Download Terraform templates
      • Delete Terraform templates
      • View associated firewalls for each template
    10. To confirm that the AI network intercept is deployed in your cloud environment. Ensure the Application Type is AI Runtime Security.
    11. The Managed By column indicates "cloud" for Strata Cloud Managed firewalls and "panorama:<ip-address>" for Panorama-managed firewalls.
      Panorama managed firewalls display a "Not Deployed" status. To verify successful deployment for these firewalls, check that the Managed By field shows "panorama:<ip-address>".
Contact the Palo Alto Networks Support team to learn about the SLR Monitoring tab.