August VM-Series and CN-Series Updates

Showing results for 
Show  only  | Search instead for 
Did you mean: 
L1 Bithead

VM-Series and CN-Series Updates: August 2021VM-Series and CN-Series Updates: August 2021


Palo Alto Networks has further simplified the VM-Series firewall with NSX-T deployment using a new security-centric workflow. The new Amazon Web Services (AWS) 3.0 plugin is designed to simplify the orchestration of scalable firewall stacks in AWS. Keep reading for details on these new capabilities and much more in this month's VM-Series and CN-Series update.


Deploy VM-Series Easily Using the Security-Centric Workflow for NSX-T


You can use the security-centric workflow to control and manage your VM-Series firewall for NSX-T from Panorama. You do not need to access NSX-T Manager to create service chains and steering rules; however, the service deployment must still be created on NSX-T Manager. In addition, this capability helps speed things along with the auto generation of redirect policy rules that are based on zones and auto-generation of rules based on Panorama policy rules—both of which you can then push to NSX-T Manager. Get the full details in this release, Deploy the VM-Series Using the Security-Centric Workflow.


Find Other NSX-Related Enhancements


The Panorama plugin for VMware NSX 3.2.3 is now available. What’s more, PAN-OS® 10.1 is now certified with NSX-T. Find the details and supported NSX-T releases in the VMware compatibility guide.


Orchestrate Scalable Firewall Stacks in AWS


Securing public cloud environments with VM-Series firewalls keeps getting quicker and simpler with new orchestration and deployment capabilities. The new Panorama plugin extends this functionality to AWS and comes with an enhanced web interface. It simplifies the deployment of the existing AWS Gateway Load Balancer (GWLB) solution by bringing all of the configuration into a single Panorama screen. What’s more, you can attach an AWS Transit Gateway (TGW) to the firewall stack. Additionally, this plugin introduces CloudFormation template (CFT) hyperlinks to configure security accounts and prerequisites to further save time and effort. Read more about Panorama Orchestrated Deployments in AWS


Get In-Depth VM-Series Resource Monitoring on AWS


Panorama now also extends firewall monitoring capabilities in AWS to include tags for a host of network security needs, including application load balancers, network load balancers, subnet virtual private cloud (VPC) classless interdomain routing (CIDR), user-defined tags, and elastic network interfaces (ENIs). Panorama further allows limiting the number of entries in firewalls by pruning tags that are not part of your Security policy rules. An enhanced dashboard for viewing monitoring status and IP-tag/tag-IP mapping helps tidy up these capabilities. Find more information on Resource Monitoring on AWS


Get the AWS High-Availability (HA) Template for VM-Series


The Amazon CloudFormation template (CFT) deploys two VM-Series firewalls in HA failover mode in a single availability zone in a given AWS region. Cross-zone HA is not supported in this template. You can find further details on GitHub.


Get U.S. Government TAC support on VM-Series PAYG Listings in AWS and Azure Government Marketplaces  


You can find our new VM-Series pay-as-you-go (PAYG) listings available in AWS GovCloud and Azure Government marketplaces for our federal and public sector customers who require U.S. Government TAC support. 


Make the Most of Expanded Support Per-Instance Type in Azure


Discover everything you need to know about VM-Series firewalls on Azure virtual machines (VMs). Among other things, you’ll see how VM-Series firewalls—whether bring-your-own-license (BYOL) or PAYG—are now supported on Azure Fs_v2 and DV3 as well as DS_v3, D2_v4, D4_v4 D8_v4, and D16_v4 VMs. Find the complete list of VM-Series Models on Azure Virtual Machines.


Discover Expanded Support for Versa Hardware 


VM-Series with PAN-OS 9.1 is now supported on Versa VNF 21.1.2 and Versa 930 hardware. Find the specifics along with the latest interoperability and certification details for many other vendor platforms on this page, Palo Alto Networks Certified Integrations.


Leverage CN-Series Qualification for OpenShift 4.7


The CN-Series firewall—the industry’s first container firewall—now secures Red Hat OpenShift Container Platform 4.7 (RHSA-2020:5633). Users of this version are now able to safeguard the way OpenShift deploys clusters to both on-premises and cloud environments. Find the specifics on CN-Series Deployment—Supported Environments


Find Helm Charts for CN-Series Firewalls


The GitHub repository for automating the deployment of CN-Series firewalls using the Helm Package Manager for Kubernetes is now available. Head over to GitHub to learn more. 


Missed Last Month’s Update? Here’s Your Chance to Catch Up


You’re busy and we get that. So if you missed it, the July VM-Series and CN-Series Update of our software firewall update is still available. Take a look to see the number of ways we shared to secure applications with more speed, accuracy, efficiency, and cost-effectiveness. There’s big news about the recent launch of Google Cloud Intrusion Detection System (Cloud IDS), along with resources for getting the most out of our unique flexible consumption model and what’s new with the expanded features of VM-Series 2.2.1. Read to the end and you’ll discover the latest Panorama plugins for Cisco ACI, Alibaba Cloud, and Oracle Cloud and then you’ll get the latest news about our expanded CN-Series deployment environment support and how you can maximize VM-Support for newer sizes of Azure VMs.


  • 324 Subscriptions
Register or Sign-in