In addition to securing traditional IaaS workloads, you can manually build out a Zero Trust security posture using the Palo Alto Networks Virtual firewall.
VM-Series in GCP
In GCP, you can leverage the VM-Series as an ingress security gateway for traditional IaaS workloads. In addition to the native security functionality offered by GCP, the VM-Series augments native cloud security by delivering first-class application visibility, control, and threat prevention. VM-Series support for Zero Trust further strengthens our capabilities in cloud security and will help you accelerate your journey to the cloud with consistent and comprehensive protection across the Google cloud environment.
Protecting your GCP Workloads with the VM-Series
Inbound autoscaling architecture with the VM-Series.
Panorama Plugin for Google Cloud Platform
To provide VM-Series support for GCP, the Panorama orchestrator is leveraged. The Panorama plugin for GCP secures inbound traffic to IaaS workloads. The Panorama plugin for GCP monitors the deployment state of the template as well as keeping the device count consistent with the instance group. The plugin queries for services that are labeled and are assigned a valid port value. The plugin uses the port to create an inbound NAT rule on the VM-Series firewall. When traffic hits the firewall on that specified port, Panorama applies the inbound NAT rule for that port and routes the packet to its destination.
For the GCP Auto Scale architecture, the template automates the deployment. For the autoscaling template, the Panorama plugin configures the static information needed to automatically route traffic. NAT rules are added to perform address translation on inbound packets, ensuring that the initial traffic, as well as the return traffic, passes through the firewall. This deployment model provides a seamless cloud-centric approach to using the VM-Series to secure IaaS workloads in the cloud.
You can launch or download the GCP Auto Scale templates on GitHub using the following link: