We hope this December edition of our monthly software firewall update finds you getting ready for the holidays and looking forward to a new and promising year.
In this month’s digest covering the latest VM-Series and CN-Series developments, you’ll be among the first to know about getting 5G-native security in VMware Tanzu Kubernetes Grid environments with CN-Series container firewalls. In the spirit of providing the gift of security everywhere, you’ll see why VM-Series firewalls are easier to deploy in even more public clouds, including the latest details on integration with the AWS Gateway Load Balancer (GWLB). Plus you’ll find tips on how to start the new year right in private clouds with information about migrating VM-Series deployments from VMware NSX-V to VMware NSX-T.
Get 5G-Native Security with CN-Series Firewalls in VMware Tanzu Kubernetes Grid (TKG) Environments
To secure highly distributed 5G networks—including edge clouds and across multivendor and multicloud environments—you can now enable three types of security on the CN-Series container firewall: network slice security, equipment ID security, and subscriber ID security. So how does this work? Starting with PAN-OS 10.0.3, CN-Series firewalls are supported on the VMware Tanzu Kubernetes Grid (TKG) platform, along with the Intel x710, macvlan, and Multus container network interfaces (CNIs). To learn more about what CN-Series firewalls can provide, visit our LIVECommunity page.
VM-Series Expands Its Ease of Deployment in Even More Public Clouds
Simplifying deployment is the gift that keeps giving. That’s why we’ve made it easier to deploy VM-Series firewalls in public clouds with the following capabilities:
- AWS ELB Autoscaling Scripts Updated to Python 3—If you are autoscaling VM-Series firewalls on AWS using the AWS ELB autoscaling scripts, you’ll want to update your deployment to use these new scripts because AWS plans to deprecate support for Python 2.7 in Lambda on June 1, 2021. Alternatively, consider updating your deployment to use the new VM-Series firewall integration with AWS Gateway Load Balancer.
- Azure Custom VHD Support—You can now create a custom VM-Series firewall image for later use in your Azure deployment. You’ll thank yourself for using this approach because a custom image gives you the flexibility and consistency to deploy the VM-Series firewall with the PAN-OS version you want to use instead of being restricted to using only those images available though the Azure marketplace. Additionally, your custom image can include the latest content and antivirus updates. You can use this script to automate the process of creating the custom image. This feature is available beginning with VM-Series Plugin 2.0.3.
- Community-Supported Terraform Template for IBM Cloud—You can use this Terraform template to create a VM-Series instance on IBM Cloud. The template is community supported.
Find the latest details about VM-Series Integration with AWS Gateway Load Balancer
Last month we announced the availability of integration between VM-Series virtual firewalls and the new AWS Gateway Load Balancer (GWLB). This integration makes it easy to deploy, scale, and manage VM-Series firewalls on Amazon Web Services (AWS). Here is additional information about this milestone integration:
- The deployment guide is now available.
- Cloud Formation and Terraform templates for the AWS GWLB integration are published on GitHub. You can use these templates to create your own customized deployments. The templates are community supported.
- Demo videos are available on the LIVEcommunity blog page.
Migrate Your VM-Series Deployments from NSX-V to NSX-T
Use the VMware in-host migration capability to move your VM Series deployments from NSX-V to NSX-T. This capability supports only operations-centric NSX-V deployments and is available beginning with Panorama plugin for NSX 3.2.0 and VMWare NSX-T Manager 3.1.0. Make sure to review the compatibility requirements in the Plugin Compatibility Matrix before installing this plugin and, if you need an overview of the NSX integration, review the VM-Series on NSX-T data sheet.
Help Colleagues Understand Your Vital Security Work
Do folks on your team need a primer covering the complexities of hybrid infrastructure security? Point them toward this white paper full of helpful illustrations. From public and private clouds to on-premises data centers, they’ll see just why increased infrastructure complexity and interconnectivity significantly expand the attack surface. What’s more, this resource will walk them through the key characteristics of a security platform designed specifically for hybrid architectures and they’ll discover how our approach repels real-world threats such as ransomware, cryptojacking, and container worms.
Don’t Miss Other Recent VM-Series and CN-Series Firewall Technical Updates
Did you miss November’s update? Take a look for information about the exciting integration with the brand new AWS Gateway Load Balancer along with news about simplified public cloud bootstrapping options, support for new CNI plugins for CN-Series firewalls, added platform support, and more.