Container Firewalls Give Hybrid Security a Big Boost
Container Firewalls Give Hybrid Security a Big Boost
ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
Plus, we’ve introduced a new data processing card to boost hardware firewall performance, launched new high-availability (HA) features, added even more public cloud and private cloud capabilities to VM-Series, and more.
You can see the summaries of these developments below, which include links to helpful resources.
Watch CN-Series Take On Container Threats
If you missed our virtual launch event in June, you can still access these on-demand hybrid cloud security sessions covering the state of heterogeneous network environments--which include a great demo of the just-made-available CN-Series firewall.
View the “What’s New in Hybrid Cloud Security: Speed, Scalability and Containers” session to see Palo Alto Networks Product Line Manager, Sudeep Padiyar, use the Graboid crypto-jacking worm attack to demonstrate the power of the CN-Series. In this session, I also walk you through some of the latest capabilities released in PAN-OS 10.0, including a Kubernetes plugin for Panorama to accompany the CN-Series firewall, our exciting new high-availability (HA) clustering capability, and a new data processing card for data center and hybrid cloud environments.
Detailed log view of Sudeep Padiyar’s demonstration showing how Panorama policy and the CN-Series container firewall thwart a cryptojacking attack.
Get More CN-Series Information
As you’ll see in our hybrid cloud webinar track, deploying the CN-Series firewall protects your containerized workloads running in Kubernetes from network-based threats. You get outbound traffic protection for pods accessing VMs/servers, repos and cloud services, and inbound traffic protection for Kubernetes services. East-west traffic is secured between pods and pods-to-services.
Supported environments include:
Native Kubernetes in public or private cloud
Amazon Elastic Kubernetes Service (EKS)
Azure Kubernetes Service (AKS)
Google Kubernetes Engine (GKE)
Red Hat OpenShift
For an in-depth look at the container firewall’s capabilities, read the datasheet. And if you have colleagues new to Kuberenetes and containers, do point them to this eBook.
Find New Panorama Kubernetes Plugin Info, More VM-Series Features
PAN-OS 10.0 is here and that means more ways to secure data centers and hybrid cloud environments. We’ve released a Kubernetes plugin (which Sudeep shows in his demo), along with more capabilities for VM-Series virtual firewalls:
Panorama now supports multiple IP-tag sources — Now you can have multiple Panorama plugins send IP address-to-tag mappings to the same firewall device groups. This new functionality allows you to get visibility into your hybrid infrastructure with centralized policy enforcement. Please read the release notes and known issues to enable and optimize this feature.
Collector group bootstrap parameters use automation for more efficient scaling — Collector group bootstrap parameters now let you automate the addition of firewalls to Panorama Log Collector Groups using the new bootstrap parameter. See the technical details for VM-Series here.
Boost Virtual Firewall Performance with Public Cloud Enhancements
Four new features specific to VM-Series deployments in public clouds are now available to provide you with more performance, insight, and ease of use:
Find more insight into firewall operational status, debugging, and automation. When the AWS Firewall Bootup and Health Status Logs are enabled, the firewall will post its bootup events and ongoing operation status into AWS CloudWatch. Available beginning in VM-Series Plugin 1.0.12.
Get additional customer metrics. Via custom metrics in AWS, Azure, and GCP you can now gain insight into throughput and connections-per-second for visibility, debugging, and automation on your firewalls. This feature is available beginning in VM-Series Plugin 1.0.12.
Enhance visibility with X-Forwarded-For (XFF) support. You can now use XFF IP addresses, such as source IP addresses, which enables better visibility and security policy control. This feature is available beginning in PAN-OS 10.0.
Get More Out of VMware NSX-V and NSX-T with Private Cloud Enhancements
Extended IP address range support for dynamic address groups is here. This increases subnet and IP address range support for Dynamic Address Groups in both NSX-V and NSX-T environments. See details of this feature, which is available beginning in PAN-OS 10.0.
Discover New Ways to Expand Virtualization Resiliency
Thanks to PAN-OS 10.0, your VM-Series firewalls now have more capabilities for continuous operation, as well as additional virtualization platform options:
Scale more efficiently with high-availability (HA) clustering — Now you can improve horizontal scaling while providing session resiliency. Now you can create multi-node clusters using the new HA-4 link. This feature, which requires L2 connectivity, is available beginning in PAN-OS 10.0.
Expand security with Corsa Networks support — The Network Virtualization Security Platform from Corsa Networks is now a supported, partner-qualified platform.
Be Sure to See Those On-Demand Hybrid Cloud Sessions
As mentioned in the outset of this post, we’ve been busy launching products that provide solutions for hybrid cloud challenges that network security professionals face. Register today for our on-demand hybrid cloud seminars and make the most of resources designed to manage the complexity of securing in hybrid clouds.