As the days grow shorter, our list of virtual and container firewall capabilities grows longer. In this month’s digest covering the latest VM-Series and CN-Series developments, you’ll find news about an exciting integration with the brand new AWS Gateway Load Balancer, simplified public cloud bootstrapping options, support for new CNI plugins for CN-Series firewalls, added platform support, and more.
Leverage VM-Series Integration with AWS Gateway Load Balancer
Security scalability meets cloud simplicity! The newly announced integration between VM-Series virtual firewalls and the new AWS Gateway Load Balancer (GWLB) introduces customers to massive security scaling and performance acceleration while bypassing the awkward complexities traditionally associated with inserting virtual appliances in public cloud environments. The AWS GWLB makes it easy to deploy, scale, and manage VM-Series firewalls on Amazon Web Services (AWS). To learn more about the new VM-Series integration with the GWLB, check out our technical deep dive blog. This feature is available beginning in PAN-OS 10.0.2 and VM-Series plugin 2.0.2.
Discover More Public Cloud Bootstrap Options for VM-Series Firewalls
We’ve made it easier to bootstrap VM-Series firewalls in public clouds with the following capabilities:
Improvements for bootstrapping from shared storage on AWS, Azure, and GCP — Until now, managing the bootstrap package of each VM-Series deployment in your environment required you to dedicate a cloud storage container (such as an AWS S3 bucket, a GCP storage bucket, or an Azure storage account). This is no longer necessary! VM-Series Plugin 2.0.2 now allows for subdirectories within your cloud storage container. This enables you to store multiple bootstrap packages in a single storage container so that you can identify a bootstrap package using the full path (for example, MyBucket/MyConfigs/Configuration_003).
Secure bootstrapping on AWS — We continue to simplify bootstrapping to save you effort, such as the recent introduction of a simpler alternative to bootstrap your VM-Series firewalls with user data in VM-Series Plugin 2.0.1. By allowing basic configuration with user data,you can rapidly launch, license, and register your VM-Series firewall and connect it to Panorama.Now, with VM-Series plugin 2.0.2, you can use AWS Secrets Manager to store your basic configuration as a secret and then use that secret as the only entry in user data for bootstrapping your firewalls.
CN-Series Firewalls Add New CNI Plugins
We continue to enhance the industry’s first next-generation firewall for Kubernetes with features vital for securing containers, namespaces, and pods.
Support for SR-IOV and macvlan CNI plugins — How do you secure those pods? It’s an increasingly important consideration in a 5G world. For example, OpenShift Multus allows pods to have multiple network interface connections, which can address various use cases in 5G environments. Beginning with PAN-OS 10.0.2, we support macvlan and SR-IOV CNI plugins for creating additional networks and helping to protect application pods using CN-Series firewalls. Review this documentation for more information.
Panorama plugin for Kubernetes 1.0.1 — The Panorama Plugin for Kubernetes 1.0.1 is here — our first maintenance release after the CN-Series firewall launch. It includes customer requested enhancements such as service monitoring and offline licensing enhancements. This plugin is available beginning in PAN-OS 10.0.1.
Microsoft Hyper-V 2019 (starting with PAN-OS 9.0.11, PAN-OS 9.1.5, and PAN-OS 10.0.0)
Azure VMware Solutions (AVS) (starting with PAN-OS 9.1.0 and PAN-OS 10.0.0. Requires Panorama Plugin for VMware NSX 3.2.0 or later)
Openstack 13 (Queens) (starting with PAN-OS 9.1.5 and PAN-OS 10.0.2)
Simplify VM-Series Deployments in Azure with This Beta
As many of our customers know, building and operating firewall deployments in Azure is now a simpler task with the beta availability of “Panorama Orchestrated VM-Series Firewall Deployments in Azure.” This feature eliminates the need to manage complex templates for firewall deployments in Azure. Additionally, you can use the workflow on the console to build and manage scalable firewall deployments without the steep learning curve associated with Azure networking constructs. Learn more about this important productivity-enhancing beta in the Panorama Orchestrated Azure Deployments blog post.
Find Other Recent VM-Series and CN-Series Technical Updates
Did you miss October’s update? Review that October update to find information about new, cross-environment CN-Series firewall features, new VM-Series Azure deployment options, and ways to fine-tune HA deployments.