AI Runtime Security
Deploy AI Runtime Security: Network Intercept in Public Clouds
Table of Contents
Deploy AI Runtime Security: Network Intercept in Public Clouds
Deploy AI Runtime Security: Network Intercept in public
clouds.
This page provides an overview of the deployment workflow for AI Runtime Security: Network intercept in public cloud environments.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
AI Runtime Security: Network intercept is deployed in-line with your
traffic, allowing it to actively monitor and protect your network in real-time.
The deployment workflow (Insights → AI Runtime Security > Network) in
Strata Cloud Manager, allows you to generate a Terraform template to deploy the
network intercept (AI firewall) in your cloud environment.
Depending on the deployment Terraform type that you created and deployed in
your environment, the network intercept (AI firewall) can be managed by either Strata Cloud Manager or Panorama.
The following sections summarize the deployment workflow, provide links to detailed
steps, and explain how to view and manage your deployment Terraform templates.
Deploy, Configure, and Secure High-Level Workflow
Following is the workflow to deploy a network intercept, configure the Strata Cloud Manager to secure your resources, and create an AI security policy to
inspect AI traffic:
- For specific deployment steps refer to the upcoming deployment workflows designed for your chosen platforms and cloud provider.
- Configure Strata Cloud Manager to
secure your VM workloads, and Kubernetes clusters, and configure interfaces,
zones, NAT policy, and routers.Enable SSL/TLS decryption on AI Runtime Security: Network intercept to decrypt traffic between AI applications and the AI models to detect and enforce AI security protection.
- (Optional) Configure IP-tags harvesting to collect the application tags from your public and hybrid Kubernetes clusters and enforce security policy rules based on these harvested application tags.
- Create an AI Security Profile and associate it with a security policy to inspect AI traffic.
- Investigate Threat Logs and AI Security Logs: Log Viewer.
View and Manage Terraform Templates
- Log in to Strata Cloud Manager.
- Select Insights → AI Runtime Security.
- Select Network from the AI Runtime Security drop-down list at the top.
- Click on the Terraform deployment shield icon on the top right.
![]()
- View a list of Terraform templates under the Firewall Protection tab:
- Terraform template name.
- Deployment Status (deployed or not deployed).
- Application Type.
- Cloud type, which the network intercept will protect.
- Strata Cloud Manager Region.
- Managed by platform (Strata Cloud Manager or Panorama).
- Number of Applications discovered (protected and unprotected).
- Terraform Creation date.
- The Actions tab allows you to:
- Download Terraform templates
- Delete Terraform templates
- View associated firewalls for each template
![]()
- To confirm that the AI network intercept is deployed in your cloud environment. Ensure the Application Type is AI Runtime Security.
- The Managed By column indicates "cloud" for Strata Cloud Managed
firewalls and "panorama:<ip-address>" for Panorama-managed
firewalls.Panorama managed firewalls display a "Not Deployed" status. To verify successful deployment for these firewalls, check that the Managed By field shows "panorama:<ip-address>".
Contact the Palo Alto Networks Support team to learn about
the SLR Monitoring tab.