September VM-Series and CN-Series Updates
Threats never rest--and neither do we. Get caught up on the latest VM-Series virtual and CN-Series container firewalls capabilities so they can work tirelessly on your behalf. In this September update, you’ll find news about improved support and deployment options, plugin developments, NSX and virtualization enhancements, accelerated boot time, and an exciting Azure beta.
CN-Series Firewalls Add New Capabilities and Deployment Options
The industry’s first Next-Generation Firewall for Kubernetes continues to provide more and more capabilities for securing container environments.
- Expand Kubernetes firewall capabilities with Openshift 4.4 and Multus CNI support
More ways to secure pods are at hand, because we’ve qualified Red Hat Openshift 4.4 and added support for Multus CNI. Multus CNI is a container network interface (CNI) plugin for Kubernetes, which enables you to simply attach multiple network interfaces to pods. For example, you can attach Calico as the primary network interface and Weave as a secondary network interface. This feature is available beginning in PAN-OS 10.0.1.
- Get added flexibility with Kubernetes 1.16 qualification
Keeping pace with the evolution of Kubernetes allows the CN-Series to keep protecting Kubernetes environments. Customers in both public (GKE, EKS, and AKS) and private (native k8s) clouds can now adopt CN-Series firewalls in Kubernetes 1.16. This feature is available beginning in PAN-OS 10.0.0.
- Speed deployment with GCP Marketplace listing
You can now deploy CN-Series firewalls directly from GCP Marketplace using a bring-your-own license (BYOL).
VM-Series Public Cloud Developments Streamline Deployment
Speed is of the essence in public clouds - and security is no exception to the rule.
- Stay current with Panorama Plugin for Azure 2.0.3
We’ve addressed an issue in the Azure plugin. Do also take a look at the Plugin Compatibility Matrix.
- Auto-register PAYG VM-Series firewalls to Customer Support Portal
Make it easier to get support. You can now automatically register your pay-as-you-go (PAYG) VM-Series firewalls to your CSP account. This feature is available beginning in PAN-OS 10.0.0.
- Get automatic site license activation on PAYG VM-Series Firewalls
Pay-as-you-go (PAYG) VM-Series firewalls can now use AutoFocus™ and Cortex™ Data Lake site licenses. This feature is available beginning in PAN-OS 10.0.0.
- Leverage simplified bootstrapping for public clouds
You now have a simpler option to bootstrap your VM-Series firewalls without using cloud storage accounts and buckets. Firewalls can be bootstrapped by passing configuration information as key-value pairs in User Data on AWS, Azure, and GCP. The basic configuration includes information for licensing, registration, and connecting to Panorama. This feature is available beginning with VM-Series Plugin 2.0.1.
- Take advantage of AWS HA improvements
Protect your traffic with faster failover times and improved throughput performance. A new mode of VM-Series active-passive high availability (HA) firewalls on AWS moves a secondary IP address from the failed firewall to the new active firewall after failover. This feature is available beginning with VM-Series Plugin 2.0.1.Find the documentation here and be sure to check out the GitHub CFT template.
- Easily deploy on Oracle Government Cloud
You can now bring your own license (BYOL) for VM-Series firewalls on Oracle Government Cloud. This feature is available beginning with PAN-OS 9.1.3 and VM-Series plugin 1.0.12.
- Stay current with Panorama Plugin for AWS 2.0.2
We’ve addressed a few issues in the AWS plugin. Do also take a look at the Plugin Compatibility Matrix.
- Stay current with Panorama Plugin for Azure 2.0.3
We’ve addressed an issue in the Azure plugin. Do also take a look at the Plugin Compatibility Matrix.
Private Cloud Updates Provide More NSX Capabilities
Plugin updates and security policy extensions are designed to reduce a whole lot of effort on your part.
- Stay current with Panorama Plugin for NSX 3.2.0.
Use this recommended Panorama plugin for NSX release when you upgrade to PAN-OS 9.0, PAN-OS 9.1, or PAN-OS 10.0 release, or when you migrate from NSX-V to NSX-T. Do also take a look at the Plugin Compatibility Matrix.
- Seamlessly extend your security policies from NSX-V to NSX-T.
Save some time here. With Panorama plugin for NSX 3.2.0, you can now easily extend your existing NSX-V Security policy rules to your new NSX-T environment, which eliminates the need to rewrite all your Panorama policy rules for NSX-T. This feature is available beginning with Panorama plugin for NSX 3.2.0.
Virtualization enhancements cover ESXi/vSphere and vMotion
Take advantage of new ways to secure bare metal hypervisors and the migration of virtual machines.
- Leverage vMotion support with VM-Series Firewalls (CLI only) for ESXi and NSX-T.
A simple configuration step in the CLI is now all it takes to support vMotion of your VM-Series running on ESXi hosts. This feature is available beginning in PAN-OS 10.0.1.
Platform Refinements Speed Firewall Operation Across Environments
VM-Series deployment, performance, and use gets elevated even more with simplified deployment, faster boot time, and increased scale.
- Stay current with VM-Series Plugin 2.0.1.
The maintenance release of VM-Series Plugin 2.0.1 addresses issues with fixes you’ll want. It also adds significant new functionality - such as simplified bootstrapping for public clouds, AWS HA Improvements, and SR-IOV Access Mode Configuration.
- Faster VM-Series boot time.
As part of our effort to improve your experience with VM-Series firewall orchestration and automation, we improved the boot time by 20%. This is just a start—more optimizations are on the way! This feature is available beginning in PAN-OS 10.0.1.
- Increased flexibility with SR-IOV access mode configuration
Scale your operations by configuring VM-Series firewalls in SR-IOV access mode using bootstrap methods. This feature is available beginning in PAN-OS 10.0.1 and VM-Series Plugin 2.0.1.
- Make the most of increased VM-700 scale limits on NAT Rules and Service Objects.
The VM-700 firewall now supports up to 5,000 service objects and 15,000 NAT rules. This feature is available beginning in PAN-OS 10.0.0.
Panorama Orchestrated Azure Deployments Beta Now Available
We are excited to announce the beta availability of “Panorama Orchestrated VM-Series Firewall Deployments” in your Azure environment. With this feature, you can easily build and operate your firewall deployments and integrate them with your Azure cloud networks. You no longer need to operate complex templates to deploy firewalls that protect your cloud workloads. You can also now use the workflow available on the console to build and manage scalable firewall deployments without a steep learning curve on Azure networking constructs. More details about this beta can be found here.
Make sure you’re caught up with VM-Series and CN-Series news
Miss last month’s update? You might be missing out. Check it out here.