CN-Series Firewalls for Securing Kubernetes Deployments
Learn how the containerized version of PAN-OS secures
Kubernetes environments in the public and private cloud.
As you adopt Kubernetes (k8s) and containers
for application development and operational agility, the CN-Series enables
the security administrators to provision security for the containerized
applications across different Kubernetes environments. The CN-Series
firewall facilitates consistent policy enforcement when multiple
teams are involved in the application lifecycle:
Platform
(PAAS) Admin - Manages the Kubernetes clusters and other infrastructure
components in public and private cloud.
App teams - Deploy their individual containerized and other
applications in Kubernetes namespaces/projects provided by PAAS
admin.
Security Admin - Provisions security for the entire deployment
including Kubernetes clusters and individual containerized applications.
The
CN-Series firewall requires Panorama and the Kubernetes plugin on
Panorama to enable centralized management, licensing, and security
policy enforcement. The container native firewall is integrated
into Kubernetes to enable the use of Kubernetes constructs and deploy the
firewalls along with the applications. The firewall fits together
with Kubernetes networking to apply policy before NAT and it uses
labels to dynamically learn of changes to IP addresses to enforce
security policies as containers come and go rapidly.
And as your containerized
applications communicate with other applications running in VMs,
physical servers or other containers, the CN-Series firewall and
Panorama provide oversight and control over traffic between container
pods, between individual containers, and with other workload types,
including virtual machines and bare-metal servers.