This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

The Power of PANW Universal Image: Streamline AI security through a seamless migration from VM-Series to Prisma AIRS

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Blogs
4 min read
Co-Author

The Power of PANW Universal Image: Streamline AI security through a seamless migration from VM-Series to Prisma AIRS

rapatil
L3 Networker
‎06-17-2026 12:16 PM

Enterprise infrastructure is moving fast. As organizations race to deploy GenAI applications, auto-scaling Kubernetes clusters, and multi-cloud architectures, security teams are left scrambling to protect them. Managing disjointed virtual appliances for different workloads is no longer sustainable. Palo Alto Networks has answered this challenge with the release of the Universal Image for Software Firewalls. The Palo Alto Networks Universal Image simplifies deployments by using a single software image for both the VM-Series firewall and the Prisma AI Runtime Security (AIRS) firewall. Infrastructure teams can now utilize a single software image, eliminating the need to manage various golden images and licenses. 

 

Additionally, through a straightforward licensing toggle in the Customer Support Portal, existing users can transition VM-Series deployments to the AI Runtime Firewall (AIRS VM). This shift immediately transforms your current VM-Series firewall from a standard virtual appliance into a multi-cloud security engine that is container-aware, highly scalable, and designed to safeguard your AI workloads.

 

Next-Gen Pillars Unlocked by the Universal Image Migration: 

 

VM-Series firewalls can be migrated to the AI Runtime Firewall (AIRS VM) by updating the deployment profiles. This process is supported across Panorama, Strata Cloud Manager (SCM), and standalone management environments. Before starting the migration, ensure your firewalls are running PAN-OS® 11.2.13, 12.1.7, or later versions to support the single image architecture. Please ensure the Panorama management server is running at the same or a higher PAN-OS version compared to firewalls. 

 

JayGolf_0-1781722840137.png

 

 

By upgrading to the required version and adjusting the deployment profile in the Customer Support Portal, you retain all core VM-Series features while unlocking five significant security enhancements for the enterprise:

 

1. Advanced Protection for AI Workloads

 

The AI Runtime Firewall (AIRS VM) acts as an inline runtime guardrail for model interactions across major ecosystems (such as OpenAI, AWS Bedrock, GCP Vertex AI, and Azure OpenAI). It detects and blocks AI-specific threats such as prompt injections and model DoS attacks while preventing PII or proprietary code from leaking into public LLMs.

 

2. Unified Firewall  and  Container Protection

 

Rather than relying on classic endpoint identity models, AI Runtime Firewall (AIRS VM)  implements a true network-level interception framework to deliver namespace-to-namespace micro-segmentation. It protects both standard VMs and container workloads by utilizing CNI chaining to steer raw pod traffic. It applies deep Layer 7 Threat Prevention to ensure protection against lateral movement risks. 

 

3. L7 Micro-Perimeter Architecture

 

AI Runtime Firewall (AIRS VM)   introduces a breakthrough in micro-segmentation by deploying a lightweight Pan-redirector module on Linux and Windows workloads, traffic is encapsulated in GENEVE tunnels and steered to the firewall for deep Layer 7 inspection. This prevents lateral movement within the same subnet without requiring complex VPC or network re-architectures.

 

4. Hyperscale Security Fabric

 

As data volumes explode, the new architecture leverages a unified Hyperscale Security Fabric. This allows the firewalls to dynamically scale throughput and capacity horizontally across data centers, ensuring that deep traffic inspection doesn't introduce latency to your production pipelines.

 

5. Multi-Cloud Security Fabric

 

Whether your infrastructure lives in AWS, Azure, or Google Cloud, the AI Runtime Firewall (AIRS VM) standardizes your footprint. It acts as a cohesive Multi-Cloud Security Fabric, allowing you to centralize policy management through Strata Cloud Manager (SCM). You get identical threat prevention capabilities and automation hooks across all cloud providers.


Here are the benefits of migrating VM-Series to Prisma AIRS using the single image:

 

  • Seamless Transition: Migrate your firewall operating modes (VM-Series to Prisma AIRS) without requiring a disruptive reboot.
  • Flexible Deployment: Adapt to evolving needs by migrating entire deployment profiles or specific firewalls.
  • Simplified Management: Consolidate VM-Series and Prisma AIRS into a single image for easier deployment and upgrades.

 

One Image, Seamless Migration and Absolute Visibility

 

 

In summary, Palo Alto Networks has eliminated the need for multiple golden images by introducing universal image, enabling customers to seamlessly migrate VM-series to Prisma AIRS, designed to safeguard AI applications. 

 

Start migrating your VM-series deployments to AI Runtime Firewall (AIRS VM) by following VM to AI Runtime Firewall (VM-AIRS) Migration Documentation

 

For additional assistance, please reach out to the Palo Alto Networks Support team.

 

0 Likes Likes
  • 69 Views
  • 0 comments
  • 0 Likes
Labels
Contributors
Popular Blogs
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks