We recently announced the upcoming launch of our PAN-OS 10.1 software release, which delivers Complete Zero Trust Network Securityanda host of additional innovations across security services and next-generation firewall (NGFW) platforms, including our software firewalls. In this May software firewalls update, we are pleased to share a preview of two key capabilities introduced for our software firewalls with PAN-OS 10.1: Intelligent Traffic Offload (ITO) service for VM-Series firewalls and a new auto scale deployment model for CN-Series firewalls within a Kubernetes cluster. Also this month, we released VM-Series plugin 2.0.7, we launched two new beta opportunities, and we added a few more enhancements for our software firewalls.
Turbocharge Your VM-Series Performance with Intelligent Traffic Offload (ITO) service
In service provider networks and hyperscale data centers, roughly 80% of traffic consists of traffic that cannot or will not benefit from security inspection. Deploying enough large firewalls to secure these enormous networks without sacrificing performance makes security costs prohibitive. The just-announced Intelligent Traffic Offload (ITO) service for VM-Series firewalls eliminates these tradeoffs. The ITO service integrates with smart network interface cards (Smart NICs) to offload traffic to a Smart NIC when that traffic does not benefit from security inspection, which reduces CAPEX by up to 150%. This is available beginning with PAN-OS 10.1. Find out more here.
Scale Your CN-Series Firewall Deployments Using the Enhanced Auto Scale Deployment Feature
CN-Series firewalls,the industry’s first next-generation firewall (NGFW) delivered in a container form factor, will be even more tightly integrated with Kubernetes for greater scalability and flexibility. With PAN-OS 10.1, administrators can now deploy firewalls in a cluster deployment mode where the firewall dataplane runs as a Kubernetes service in a dedicated security node. This feature is ideal for large Kubernetes environments where distributed deployment is resource intensive and cost prohibitive. It simplifies the deployment as the firewalls can be deployed on all cluster nodes with a single command, optimizes for the underlying resources, and enables CN-Series firewalls to take advantage of the native auto scale capabilities of Kuberenetes to ensure threat protection in even the most dynamic Kubernetes environments. This is available beginning with PAN-OS 10.1. Find out more here.
Stay Flexible in AWS with VM-Series Plugin 2.0.7
Make sure you access this latest plugin, which resolves important issues when using VM-Series firewalls with VMware ESXi and open-source KVM in AWS. Interface management swap support for ESXi and KVM provides more flexibility for deployment, particularly in situations where interfaces need to be pre-mapped to a public IP address and not identified by AWS as a security risk. With this new plugin version, interface management swap support provides a workaround. Find out more in the release notes.
Run VM Series on Adva Platforms
VM-Series virtual firewalls now interoperate with Adva Ensemble Connector Version 18.104.22.168 and PAN-OS 10.0 (and later version) on the Adva FSP 150-XG304u, which is a 10Gbit-per-second hardware-accelerated white box. Find out more here.
Find the Latest Panorama Hypervisor Support – Including Ubuntu Qualification
See the latest version of our continuously updated hypervisor support matrix. This includes the many new developments about extended—and oft requested for KVM—support for Panorama virtual appliances with Ubuntu 18.04 LTS and CentOS/RHEL 8.0. Find out more here.
Easily Migrate VM-Series Firewalls from NSX-V to NSX-T
Change is a fact of life in network security so why not make the changes quick and nondisruptive? Now there’s a procedure which does just that when you migrate your VM-Series firewall configuration from operations-centric VMware NSX-V to VMware NSX-T. By using the VMware Migration Coordinator tool in NSX-T, you can migrate your current configuration and reuse the policy and dynamic address groups you’ve already configured on your Panorama management server. It’s a superb way to migrate operations-centric deployments where VM-Series traffic redirection policy rules were created in NSX-V Manager rather than on your Panorama server. Find out more here.
Call for Beta Participation!
We’re looking for customers to participate in ongoing beta trials for two exciting new capabilities:
The Panorama NSX-T Plugin 4.0 Security-Centric Workflow East-West (E-W) Beta
This feature introduces a security-centric workflow designed to let customers control and manage the entire network security operations from a single pane of glass—the Panorama web interface. In addition to East-West and North-South service insertion workflows, the beta enables you to create NSX-T Security Groups and manage their dynamic membership criteria. What’s more, this beta includes autogeneration of redirection policy rules based on zones and autogeneration of Panorama-based policy rules, which you can then push to NSX-T Manager. Find more information about this beta and participation details here.
The Panorama Plugin for AWS 3.0 Beta with Orchestration
This feature makes it easy to secure application workloads in AWS because it fully automates network security provisioning in that environment. This plugin, which comes with an enhanced web interface, orchestrates and manages the deployment of scalable VM-Series firewall stacks integrated with an AWS Gateway Load Balancer (GWLB) to secure inbound, outbound, and east-west traffic flows. Get more information on the beta and participation details here.
See How a Leading Analyst Firm Describes the Benefits of VM-Series Firewalls
Read this Forrester Research Spotlight report to see the benefits they discovered when using VM-Series firewalls as part of a broader research study focusing on the Total Economic Impact (TEI) of deploying a full stack of Palo Alto Networks Security products. You can access the full report here.
Don’t Miss Out on Last Month’s VM-Series and CN-Series Firewall News
Did you miss the April update? If you did, you should take a look because we announced several new capabilities: new features, new plugins; and new qualifications. We also announced news about AWS overlay routing, expanded CN-Series environment support, VM-Series firewalls on IBM Cloud qualification details, and the latest Panorama plugin details for NSX and Azure. Plus, find details about an in-depth hybrid cloud research report from the Enterprise Strategy Group (ESG) analyst firm.