Securing Workloads in Azure with Zero Trust

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
L5 Sessionator

Securing Workloads in Azure with Zero Trust

In addition to securing traditional IaaS workloads, Palo Alto Networks also supports Zero Trust security using the Palo Alto Networks Virtual Firewall.

 

VM-Series in Azure

In Azure, customers leverage the VM-Series as an ingress security gateway for traditional IaaS workloads. In addition to the native security functionality offered by Azure, the VM-Series augments native cloud security by delivering first-class application visibility, control, and threat prevention. VM-Series support for Zero Trust further strengthens our capabilities in cloud security and will help customers accelerate their journey to the cloud with consistent and comprehensive protection across the Azure cloud environment. 

 

Protecting your Azure Workloads and Providing Zero Trust

Inbound autoscaling architecture with the VM-Series.Inbound autoscaling architecture with the VM-Series.

 

 

Panorama Plugin for Azure

To provide VM-Series support for Azure, the Panorama orchestrator is leveraged. The Panorama plugin for Azure secures inbound traffic to IaaS workloads and provides Zero Trust security for traffic exiting the virtual network. The Panorama plugin for Azure monitors the deployment state of each template as well as keeping the device count consistent with the Virtual Machine Scale Set. The plugin queries for services that are labeled and are assigned a valid port value. The plugin uses the port to create an inbound NAT rule on the VM-Series firewall. When traffic hits the firewall on that specified port, Panorama applies the inbound NAT rule for that port and routes the packet to its destination.

 

Automated Deployment

For the Azure Auto Scale architecture, the ARM templates automate the deployment. For the autoscaling template, the Panorama plugin configures the static information needed to automatically route traffic. NAT rules are added to perform address translation on inbound packets, ensuring that the initial traffic, as well as the return traffic, passes through the firewall. This deployment model provides a seamless cloud-centric approach to using the VM-Series to secure IaaS workloads in the cloud. 

 

You can launch or download the Azure Auto Scale templates on GitHub using the following link:

 
We encourage you to read more about this integration by reviewing the solutions brief attached below: 
 
You may also find more information about Azure on the LIVEcommunity VM-Series on Azure resource page.
  • 4307 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Labels