Palo Alto Networks has further simplified the VM-Series firewall with NSX-T deployment using a new security-centric workflow. The new Amazon Web Services (AWS) 3.0 plugin is designed to simplify the orchestration of scalable firewall stacks in AWS. Keep reading for details on these new capabilities and much more in this month's VM-Series and CN-Series update.
Deploy VM-Series Easily Using the Security-Centric Workflow for NSX-T
You can use the security-centric workflow to control and manage your VM-Series firewall for NSX-T from Panorama.You do not need to access NSX-T Manager to create service chains and steering rules; however, the service deployment must still be created on NSX-T Manager. In addition, this capability helps speed things along with the auto generation of redirect policy rules that are based on zones and auto-generation of rules based on Panorama policy rules—both of which you can then push to NSX-T Manager. Get the full details in this release, Deploy the VM-Series Using the Security-Centric Workflow.
Securing public cloud environments with VM-Series firewalls keeps getting quicker and simpler with new orchestration and deployment capabilities. The new Panorama plugin extends this functionality to AWS and comes with an enhanced web interface. It simplifies the deployment of the existing AWS Gateway Load Balancer (GWLB) solution by bringing all of the configuration into a single Panorama screen. What’s more, you can attach an AWS Transit Gateway (TGW) to the firewall stack. Additionally, this plugin introduces CloudFormation template (CFT) hyperlinks to configure security accounts and prerequisites to further save time and effort. Read more about Panorama Orchestrated Deployments in AWS.
Get In-Depth VM-Series Resource Monitoring on AWS
Panorama now also extends firewall monitoring capabilities in AWS to include tags for a host of network security needs, including application load balancers, network load balancers, subnet virtual private cloud (VPC) classless interdomain routing (CIDR), user-defined tags, and elastic network interfaces (ENIs). Panorama further allows limiting the number of entries in firewalls by pruning tags that are not part of your Security policy rules. An enhanced dashboard for viewing monitoring status and IP-tag/tag-IP mapping helps tidy up these capabilities. Find more information on Resource Monitoring on AWS.
Get the AWS High-Availability (HA) Template for VM-Series
The Amazon CloudFormation template (CFT) deploys two VM-Series firewalls in HA failover mode in a single availability zone in a given AWS region. Cross-zone HA is not supported in this template. You can find further details on GitHub.
Get U.S. Government TAC support on VM-Series PAYG Listings in AWS and Azure Government Marketplaces
You can find our new VM-Series pay-as-you-go (PAYG) listings available in AWS GovCloud and Azure Government marketplaces for our federal and public sector customers who require U.S. Government TAC support.
Make the Most of Expanded Support Per-Instance Type in Azure
Discover everything you need to know about VM-Series firewalls on Azure virtual machines (VMs). Among other things, you’ll see how VM-Series firewalls—whether bring-your-own-license (BYOL) or PAYG—are now supported on Azure Fs_v2 and DV3 as well as DS_v3, D2_v4, D4_v4 D8_v4, and D16_v4 VMs. Find the complete list of VM-Series Models on Azure Virtual Machines.
Discover Expanded Support for Versa Hardware
VM-Series with PAN-OS 9.1 is now supported on Versa VNF 21.1.2 and Versa 930 hardware. Find the specifics along with the latest interoperability and certification details for many other vendor platforms on this page, Palo Alto Networks Certified Integrations.
Leverage CN-Series Qualification for OpenShift 4.7
The CN-Series firewall—the industry’s first container firewall—now secures Red Hat OpenShift Container Platform 4.7 (RHSA-2020:5633). Users of this version are now able to safeguard the way OpenShift deploys clusters to both on-premises and cloud environments. Find the specifics on CN-Series Deployment—Supported Environments.
Find Helm Charts for CN-Series Firewalls
The GitHub repository for automating the deployment of CN-Series firewalls using the Helm Package Manager for Kubernetes is now available. Head over to GitHub to learn more.
Missed Last Month’s Update? Here’s Your Chance to Catch Up
You’re busy and we get that. So if you missed it, the July VM-Series and CN-Series Update of our software firewall update is still available. Take a look to see the number of ways we shared to secure applications with more speed, accuracy, efficiency, and cost-effectiveness. There’s big news about the recent launch of Google Cloud Intrusion Detection System (Cloud IDS), along with resources for getting the most out of our unique flexible consumption model and what’s new with the expanded features of VM-Series 2.2.1. Read to the end and you’ll discover the latest Panorama plugins for Cisco ACI, Alibaba Cloud, and Oracle Cloud and then you’ll get the latest news about our expanded CN-Series deployment environment support and how you can maximize VM-Support for newer sizes of Azure VMs.