We are excited to announce the beta availability of “Panorama Orchestrated VM-Series Deployments” in your Azure environment. The Panorama orchestrated deployment method leverages the ability of Panorama to centrally manage firewalls while also providing a centralized location to enable the deployment of the VM-Series in your Azure networks.
With this feature, Palo Alto Networks offers a Panorama console for users to ease the deployment of Palo Alto Networks virtual firewalls that scales dynamically based on your traffic needs. With this console feature, you can easily build and operate the firewall deployments, integrating it with your Azure cloud networks. You no longer need to operate complex templates to deploy firewalls to protect your cloud workloads. You can now use the workflow offered by the console to build and manage scalable firewall deployments without experiencing a steep learning-curve on Azure networking constructs.
Understanding Panorama Orchestration in Azure Deployments
With this feature, you can use Panorama to enable one or two autoscaling firewall deployments. The "Hub firewall" deployment allows you to protect your outbound traffic and east-west traffic of your application workloads. The additional "Inbound firewall" deployment allows you to protect your inbound traffic to your applications. This feature allows you to deploy the hub and the Inbound firewall in the same or different VNETs
Panorama Plugin for Azure
The Panorama plugin for Azure allows you to read the tags of your Azure resources, and then centrally enable tag-based policies on a group of firewalls. With this feature, the Panorama plugin provides you a centralized location to deploy, configure, and monitor your security posture in the cloud. The Panorama plugin now allows you to orchestrate VM-Series deployments in your Azure network and then enable the security policies to these firewalls. The plugin also redirects you to your Azure ARM deployment and Azure Monitor pages to gain visibility into the deployment status, usage, and performance of your VM-Series firewalls.
The minimum VM-Series PAN-OS software version is 10.0.1
The minimum Panorama PAN-OS Software version is 10.0
The minimum Panorama plugin for Azure version is 3.0.0
There is no upgrade path for the beta plugin
In the cloud, you use templates to automate the deployment of Auto Scale architectures. Depending on your automation requirements, these templates can be very complex. They often involve multiple components and moving parts, which hampers your journey to the cloud. Panorama orchestration simplifies the current autoscaling solution by bringing all configurations into one workflow that your Panorama Plugin offers. The plugin automatically deploys the necessary Azure resources such as load balancers, subnets, NAT gateways. Additionally, the plugin also automatically creates the Panorama and VM-Series configurations, such as the device groups and template stacks, as well as the NAT policies.
We encourage you to learn more about this integration by watching the demo video:
For information on being a part of the Panorama Orchestrated Azure Deployment Beta, please reach out to your Palo Alto Networks account team.