This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
CN-Series Discussions
CN-Series is the Palo Alto Networks' container native version of the ML-powered Next-Generation Firewall designed specifically for Kubernetes environments.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CN-Series Discussions
CN-Series is the Palo Alto Networks' container native version of the ML-powered Next-Generation Firewall designed specifically for Kubernetes environments.
About CN-Series Discussions
CN-Series is the Palo Alto Networks' container native version of the ML-powered Next-Generation Firewall designed specifically for Kubernetes environments.

Discussions

Start a conversation

Welcome to the CN-Series Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 1879 Views
  • 0 replies
  • 0 Likes

serviceaccount mounted as Read only

HI All ,For CN series firewall , we are getting below alertpanSystemDescription = /run/secrets/kubernetes.io/serviceaccount is mounted as Read-OnlyJust wanted to confirm if this is expected ? In config yml file its set as read only

Welcome to the CN-Series Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 1879 Views
  • 0 replies
  • 0 Likes

kubernetes plugin - monitoring definition, bug?

Took me long, but now i think i found strange behavior of the Kubernetes plugin - monitoring definition and especially matching criteria in the dynamic address groups. TL/DR - having service in the kubernetes cluster, which does not have assigned ports - breaks the polling and watcher Starting point was : working cn series as well the possibil...

YLesev by L0 Member
  • 8152 Views
  • 1 replies
  • 0 Likes

cn series pan-ngfw pod not ready

Hi All, While working for CN series deployment, pan-ngfw pods are not becoming ready status , as getting this error in logs Readiness probe failed: Panorama config is not pushed. pan_task is not running. However, eks cluster monitoring status can show kube-system pod from panorama. Can anyone guide for more debugging information. ...

skchakraborty_1-1705257414692.png
skchakraborty_0-1705257255151.png

pan-ngfw pods not ready

Hi, I'm deploying cnseries as services and catching the problem that pan-ngfw pods are running but not ready: I checked the pods log and got this warning "Readiness probe failed: Panorama config is not pushed. pan_task is not running.": Anyone knows what cause the problem? Thanks a lot for your support!

DNguyen46_0-1713778251880.png
DNguyen46_1-1713778333062.png

CN - Firewalls - Upgrade Sequence

So you have successfully updated container images for pan-mgmt-sts and pan-ngfw. However when you updates the CNI images ngfw pods stop being able to talk . Tried applying all and restarting all pods and it still fails. CNI 1.0.4 seems to be incompatible with 10.0.6.... Again no clues in release notes or no documentation... Can anyone...

Free CN-Series Firewall training!

Hello to all on the youtube channel "Strata by Palo Alto Networks" there is a free training. You can also schedule a workshop if want to play with the technology a little more: https://www.youtube.com/watch?v=sHZz9YkovgM&list=PLWGxHWZa19Z3KfdtBBvSqD0xkSWc-jqP9 https://www.youtube.com/watch?v=dzsIzClD174&list=PLWGxHWZa19Z2T4Al5yq...

Resolved! GKE. Dataplane V2

Hi,Is using Dataplane V2 supported by the cn-series firewall? https://cloud.google.com/kubernetes-engine/docs/how-to/dataplane-v2 This is the Recommended option and will be enabled by default in a future release by Google. /Jo Christian

Workload Identity

Hi,Does the CN-series firewalls support Kubernetes cluster with Workload Identity enabled?https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity Several reasons for asking. Main reasons being.* Cluster security is changed. * -workload-metadata=GKE_METADATA need to be enabled. This means that the cluster will prevent workloads f...

CN Firewalls - Syntax

OK - so I can my two pan-mgmt-sts containers running and all is in synch . Question , If I were usign a native PAN devices then I have a syntax I can use to download updates etc from the command line..... What is it on the CN firewalls - it's all native linux and I can't find where the commands would be . I know the answer is run it fro...

CN Firewalls - AV updates/ WF updates

Hello All First time posting to this board so be real gentle with me . My question is around the CN series firewalls . Been wrestling with these babies for a while now and have read PA-CTNR unsupported platform guide back to front , back to front and side to side a lot of time !!!!! I have the container firewalls up and running , licensed ...

Why would I need a CN-Series if I have a VM-Series?

Both VM-Series and CN-Series firewalls can be used to protect container environments. The major difference between the two is the granularity of visibility and control delivered by the CN-Series. VM-Series firewalls can enforce cluster-level security policies, which makes them good for basic perimeter security of an entire cluster. But in many...

rapatil by L3 Networker
  • 10832 Views
  • 0 replies
  • 3 Likes
  • 16 Posts
  • 49 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks