CN-Series
License the CN-Series Firewall
Table of Contents
Expand All
|
Collapse All
CN-Series Firewall Docs
-
- CN-Series System Requirements for the Kubernetes Cluster
- CN-Series System Requirements for On-Premises Kubernetes Deployments
- CN-Series Performance and Scaling
- Create Service Accounts for Cluster Authentication
- Get the Images and Files for the CN-Series Deployment
- Strata Logging Service with CN-Series Firewall
- IOT Security Support for CN-Series Firewall
- Software Cut-through Based Offload on CN-Series Firewall
-
Deployment Modes
- Deployment Modes
- HSF
- In-Cloud and On-Prem
- Quickstart- CN-Series Firewall Deployment
-
- CN-Series Deployment Checklist
- Deploy CN-Series Firewalls With (Recommended) and Without the Helm Chart
- Editable Parameters in CN-Series Deployment YAML Files
- Secure 5G With the CN-Series Firewall
- Enable Inspection of Tagged VLAN Traffic
- Enable IPVLAN
- Uninstall the Kubernetes Plugin on Panorama
- Features Not Supported on the CN-Series
License the CN-Series Firewall
Learn about licensing the CN-Series firewall.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
CN-Series firewall licensing is managed by the Kubernetes
plugin on Panorama. The CN-Series firewalls are licensed based on
the total number of vCPUs (cores) used by the CN-NGFW pods deployed
in your Kubernetes environment. One token is consumed for each vCPU
used the CN-NGFW.
- Activate Credits—begin by activating your credits. Once activated, you can apply credits from your credit pool to a CN-Series deployment profile.
- Create and Manage a Deployment Profile to activate CN-Series License—in the deployment profile, you will specify the number of vCPUs that allocate to
the generate authcode. You will then use the authcode associated with your CN-Series
deployment profile to license the CN-Series firewalls in your Kubernetes cluster.
The deployment profile can be used license the CN-NGFW pods based on the number of
vCPUs allocated. A single authcode from a deployment profile can be used to license
the CN-Series across different Kubernetes environments, different clusters, or on
different Panorama instances.In a CN-Series-as-a-Kubernetes-Service deployment, if the number of CN-NGFW pods deployed in your environment exceeds the number of allocated vCPUs, you have a 30-day grace period to add more vCPUs to your deployment profile or delete enough CN-NGFW pods. If you do not allocate additional vCPUs or delete unlicensed pods within the 30-day grace period, all CN-Series firewalls in your the cluster will be delicensed.When a the CN-Series is deployed a DaemonSet, if the number of CN-NGFW pods deployed exceed the number of allocated vCPUs, you have a four-hour grace period to add more vCPUs to your deployment profile or delete enough CN-NGFW pods. If you do not allocate additional vCPUs or delete unlicensed pods within the four-hour grace period, the unlicensed pods will stop processing traffic. The already licensed pods remain licensed.You also have the option to provision a virtual Panorama appliance when creating your CN-Series deployment profile.
- Manage Deployment Profiles—you can edit, clone, or delete CN-Series deployment profiles based on the requirements of your CN-Series deployment. Additionally, you can add or remove subscriptions from the deployment profile after it has been created.
Licenses are applied to the CN-Series at the cluster level.
Individual CN-NGFW might appear as unlicensed, however, all pods
in the cluster are licensed until the entire cluster is delicensed.