Getting Started with CN-Series
  • Getting Started with CN-Series
  • CN-Series Documentation
  • All Documentation
>
Get the Images and Files for the CN-Series Deployment
Focus
Download PDF
Focus
  1. Home
  2. CN-Series
  3. Getting Started with CN-Series
  4. Get the Images and Files for the CN-Series Deployment
Download PDF
CN-Series

Get the Images and Files for the CN-Series Deployment

Table of Contents

Get the Images and Files for the CN-Series Deployment

Download the docker images and push it to your container registry.
Where Can I Use This?What Do I Need?
  • CN-Series deployment
  • CN-Series 10.1.x or above Container Images
  • Panorama running PAN-OS 10.1.x or above version
  • Helm 3.6 or above version client for CN-Series deployment using helm
Refer to the following table before beginning your deployment to ensure that you have downloaded the compatible files.
PAN-OS Version
YAML Version
CNI Version
MGMT-INIT Version
PAN-OS 11.1.x
3.0.x
3.0.x
3.0.x
PAN-OS 11.0.x
3.0.x
3.0.x
3.0.x
PAN-OS 10.2.x
3.0.x
3.0.x
3.0.x
PAN-OS 10.1.x
3.0.x
3.0.x
3.0.x
PAN-OS 10.0.x
1.0.x
1.0.x
3.0.x
Use the following steps to pull the docker images from the public container registry on Google Cloud Platform and then continue to deploy the CN-Series firewall:
Docker images from the public container registry:
  1. Based on your PAN-OS version, pull the required docker images from the public cloud repository.
  2. Select the required PAN-OS version.
  3. Copy the link for each image path to the appropriate location in your deployment YAML files.
Do the following to get the YAML files from GitHub:
  1. Open the folder for the deployment method—DaemonSet, Kubernetes Service, or Kubernetes CNF that you plan to use.
  2. Download the yaml files from the folder that corresponds to your environment.
    Get the files from the Native-k8s folder for use with native Kubernetes on premises or cloud deployments.
    Get the files from the respective Managed Kubernetes folder for GKE.
Docker images from the Palo Alto Networks CSP:
Use the following steps to get the YAML files from GitHub and to download the docker images from the Palo Alto Networks CSP and push them to your private registry before you continue to deploy the CN-Series firewall.
  1. Download the docker images and YAML files.
    1. Get the compressed tar archives from the Palo Alto Networks Customer Support Portal (CSP).
      1. Log in to the CSP using your support account.
      2. Select UpdatesSoftware Updates.
      3. Select PAN-OS Container Images from the Please Select drop-down.
      4. Download the following files for the PAN-OS version you want to deploy.
        PanOS_cn-X.X.X.tgz - for CN-MGMT and CN-NGFW Pods.
        Pan_cn_mgmt_init-X.X.X.tgz - for the init container that runs as a part of the CN-MGMT Pod.
        Pan_cni-2.0.0.tgz - for the PAN-CNI Pod.
    2. Get the YAML files from GitHub.
      1. Open the folder for the deployment method—DaemonSet, Kubernetes Service, or Kubernetes CNF—you plan to use.
      2. Download the yaml files from the folder that corresponds to your environment.
        Get the files from the Native-k8s folder for use with native Kubernetes on-premises or cloud deployments.
        Get the files from the respective Managed Kubernetes folder for AKS, EKS, or GKE.
  2. Retrieve the docker images and push it to your container registry.
    For example, on a GKE deployment, you will upload the images to a Container Registry on GKE and get the image path for referencing in the YAML files.Use the following commands on a client system running the docker engine.
    Replace the x variables in the following steps with the values that match the image version you are using. For example, Pan_cn_mgmt-init-2.0.0.tgz or pan_cni:2.0.0.
    1. Load the images.
      docker load -i PanOS_cn-x.x.x.tgz
      docker load -i Pan_cn_mgmt-init-x.x.x.tgz
      docker load -i Pan_cni-x.x.x.tgz
      After these steps, "docker images" will display the image, for example, "paloaltonetworks/panos_cn_mgmt:x.x.x".
    2. Tag these images to include your private registry detail.
      docker tag paloaltonetworks/panos_cn_mgmt:x.x.x <your_registry>/paloaltonetworks/panos_cn_mgmt:x.x.x
      docker tag paloaltonetworks/panos_cn_ngfw:x.x.x <your_registry>/paloaltonetworks/panos_cn_ngfw:x.x.x
      docker tag paloaltonetworks/pan_cn_mgmt_init:x.x.x <your_registry>/paloaltonetworks/pan_cn_mgmt_init:x.x.x
      docker tag paloaltonetworks/pan_cni:x.x.x <your_registry>/paloaltonetworks/pan_cni:x.x.x
    3. Push these images to your private registry.
      docker push <your_registry>/paloaltonetworks/panos_cn_mgmt:x.x.x
      docker push <your_registry>/paloaltonetworks/panos_cn_ngfw:x.x.x
      docker push <your_registry>/paloaltonetworks/pan_cn_mgmt_init:x.x.x
      docker push <your_registry>/paloaltonetworks/pan_cni:x.x.x

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.