Get the Images and Files for the CN-Series Deployment
Download the docker images and push it to your container registry.
Where Can I Use
This?
What Do I Need?
CN-Series deployment
CN-Series 10.1.x or above Container Images
Panorama running PAN-OS 10.1.x or above
version
Helm 3.6 or above version client for CN-Series deployment using helm
Refer to the following table before beginning
your deployment to ensure that you have downloaded the compatible
files.
PAN-OS Version
YAML Version
CNI Version
MGMT-INIT Version
PAN-OS 11.1.x
3.0.x
3.0.x
3.0.x
PAN-OS 11.0.x
3.0.x
3.0.x
3.0.x
PAN-OS 10.2.x
3.0.x
3.0.x
3.0.x
PAN-OS 10.1.x
3.0.x
3.0.x
3.0.x
PAN-OS 10.0.x
1.0.x
1.0.x
3.0.x
Use the following steps to pull the docker images from the public container registry on Google
Cloud Platform and then continue to deploy the CN-Series firewall:
Docker
images from the public container registry:
Based on your PAN-OS version, pull the required docker images from the public cloud repository.
Select the required PAN-OS version.
Copy the link for each image path to the appropriate location
in your deployment YAML files.
Do the following to get the YAML files from GitHub:
Open
the folder for the deployment method—DaemonSet, Kubernetes Service,
or Kubernetes CNF that you plan to use.
Download the yaml files from the folder that corresponds
to your environment.
Get the files from the Native-k8s folder
for use with native Kubernetes on premises or cloud deployments.
Get
the files from the respective Managed Kubernetes folder for GKE.
Docker
images from the Palo Alto Networks CSP:
Use the following steps to get the YAML files from GitHub and to download the docker images from
the Palo Alto Networks CSP and push them to your private registry before you
continue to deploy the CN-Series firewall.
Download the yaml files from the folder that corresponds
to your environment.
Get the files from the Native-k8s folder
for use with native Kubernetes on-premises or cloud deployments.
Get
the files from the respective Managed Kubernetes folder for AKS, EKS,
or GKE.
Retrieve the docker images and push it to your container registry.
For example, on a GKE deployment, you will upload the images
to a Container Registry on GKE and get the image path for referencing
in the YAML files.Use the following commands on a client system
running the docker engine.
Replace the x variables in
the following steps with the values that match the image version
you are using. For example, Pan_cn_mgmt-init-2.0.0.tgz or pan_cni:2.0.0.
Load the images.
docker load -i PanOS_cn-x.x.x.tgz
docker load -i Pan_cn_mgmt-init-x.x.x.tgz
docker load -i Pan_cni-x.x.x.tgz
After
these steps, "docker images" will display the image, for example, "paloaltonetworks/panos_cn_mgmt:x.x.x".
Tag these images to include your private registry detail.
docker tag paloaltonetworks/panos_cn_mgmt:x.x.x <your_registry>/paloaltonetworks/panos_cn_mgmt:x.x.x
docker tag paloaltonetworks/panos_cn_ngfw:x.x.x <your_registry>/paloaltonetworks/panos_cn_ngfw:x.x.x
docker tag paloaltonetworks/pan_cn_mgmt_init:x.x.x <your_registry>/paloaltonetworks/pan_cn_mgmt_init:x.x.x
docker tag paloaltonetworks/pan_cni:x.x.x <your_registry>/paloaltonetworks/pan_cni:x.x.x