CN-Series Firewalls for Securing Kubernetes Deployments
Table of Contents
10.0 (EoL)
Expand all | Collapse all
-
- Automatic Content Updates Through Offline Panorama
- Enhanced Authentication for Dedicated Log Collectors and WildFire Appliances
- Syslog Forwarding Using Ethernet Interfaces
- Increased Configuration Size for Panorama
- Access Domain Enhancements for Multi-Tenancy
- Enhanced Performance for Panorama Query and Reporting
- Log Query Debugging
- Configurable Key Limits in Scheduled Reports
- Multiple Plugin Support for Panorama
End-of-Life (EoL)
CN-Series Firewalls for Securing Kubernetes Deployments
Learn how the containerized version of PAN-OS secures
Kubernetes environments in the public and private cloud.
As you adopt Kubernetes (k8s) and containers
for application development and operational agility, the CN-Series enables
the security administrators to provision security for the containerized
applications across different Kubernetes environments. The CN-Series
firewall facilitates consistent policy enforcement when multiple
teams are involved in the application lifecycle:
- Platform (PAAS) Admin - Manages the Kubernetes clusters and other infrastructure components in public and private cloud.
- App teams - Deploy their individual containerized and other applications in Kubernetes namespaces/projects provided by PAAS admin.
- Security Admin - Provisions security for the entire deployment including Kubernetes clusters and individual containerized applications.
The
CN-Series firewall requires Panorama and the Kubernetes plugin on
Panorama to enable centralized management, licensing, and security
policy enforcement. The container native firewall is integrated
into Kubernetes to enable the use of Kubernetes constructs and deploy the
firewalls along with the applications. The firewall fits together
with Kubernetes networking to apply policy before NAT and it uses
labels to dynamically learn of changes to IP addresses to enforce
security policies as containers come and go rapidly.
And as your containerized
applications communicate with other applications running in VMs,
physical servers or other containers, the CN-Series firewall and
Panorama provide oversight and control over traffic between container
pods, between individual containers, and with other workload types,
including virtual machines and bare-metal servers.
- Review the supported environmentsand components required for
the CN-Series firewall on Kubernetes.Make sure to purchase the auth code for the CN-Series firewalls.
- Get the images and files for the CN-Series.
- Register the auth code on the CSP and generatethe registration PIN for the device certificate.
- Create the service accounts for cluster authentication.
- Edit the YAML files for deploying the firewall within your Kubernetes cluster.
- Install the Kubernetes plugin on Panorama.
- Deploy the CN-Series firewalls within the cluster.
- Configure Panorama to
secure your Kubernetes setup.Monitor the logs on Panorama to verify that your policies work as expected.