What’s New in VM-Series Plugin 2.0.1
Table of Contents
Expand all | Collapse all
-
-
-
-
- Features Introduced in Zero Touch Provisioning 2.0
- Known Issues in the Zero Touch Provisioning 2.0.4 Release
- Known Issues in the Zero Touch Provisioning 2.0.3 Release
- Known Issues in the Zero Touch Provisioning 2.0.2 Release
- Known Issues in the Zero Touch Provisioning 2.0.1 Release
- Known Issues in the Zero Touch Provisioning 2.0.0 Release
- Limitations
-
-
What’s New in VM-Series Plugin 2.0.1
The VM-Series plugin version 2.0.1 introduces
the following new features:
- AWS Active-Passive High Availability Using Secondary-IP
- Basic Configuration with User Data for Bootstrapping
- VLAN Access Mode with SR-IOV
- DPDK on AWS
AWS Active-Passive High Availability Using Secondary-IP
You can now configure active-passive high availability on
the VM-Series firewall on AWS that moves a secondary IP address from
the failed firewall to the new active upon failover. Secondary-IP
HA allows you to take advantage of DPDK to improve the performance
of your VM-Series firewall instances. AWS does not support movement
of Elastic Network Interfaces (ENI) with DPDK enabled; by moving
a secondary IP address instead of an ENI, you can enable DPDK on
your interfaces. Additionally, secondary-IP HA provides shorter
failover times compared to interface-move HA. Failover triggers
API calls to the AWS infrastructure to move the configured secondary
IP addresses from the dataplane interfaces of the failed peer to
itself. Additionally, AWS updates the route tables to ensure that
traffic is directed to the active firewall instance. These two operations
ensure that inbound and outbound traffic sessions are restored after
failover.
Basic Configuration with User Data for Bootstrapping
A basic configuration is a minimal configuration that
enables you to launch, license, and register the VM-Series firewall,
and connect with Panorama, if applicable. Bootstrapping with user
data is an alternative way to bootstrap a basic configuration. Instead
of creating a bootstrap package and
an init-cfg.txt file to provide
bootstrap configuration parameters, you enter them as key-value
pairs directly into the AWS or GCP user interface when you launch
a VM-Series firewall. Azure has a similar process with which you
provide the bootstrap parameters in a template or other text file
accessed from the Azure CLI.
You can enter any of the key-value pairs you ordinarily put in
an init-cfg.txt file, and
you can also enter authcodes and mgmt-interface-swap values
(which are normally configured from the CLI) as user data. Some
use cases for using bootstrapping with user data are: test deployments,
one-off deployments, or short-term deployments.
Each cloud has a different term for user data, and uses different
separators between bootstrap parameters.
- AWS User Data—Input key-value pairs into the User Data field, separated by a semicolon, or a newline (\n).
- Azure Custom Data— Use a template or the CLI to pass the bootstrap parameters. Use a semicolon to separate key-value pairs.
- GCP Metadata—In the Metadata for the instance, add each key value pair. In the CLI, if you are calling a text file, put each key-value pair on a new line (\n).
VLAN Access Mode with SR-IOV
When you bootstrap the VM-Series firewalls on KVM, you can include the
new bootstrap parameter plugin-op-commands=sriov-access-mode-on in
the init-cfg.txt file.
Requires PAN-OS 9.1.5 and later, or 10.0.1 and later.
DPDK on AWS
DPDK is the default packet-io mode for all newly deployed
VM-Series firewalls with VM Series Plugin 2.0.1 on AWS. If HA is enabled
on a vm-series firewall, the default HA mode is Secondary IP Move.
Interface Move is still supported but you must first disable DPDK
and change failover mode to interface-move using the command request plugins vm_series aws ha failover-mode interface-move before
configuring HA. If your VM-Series firewalls are deployed using bootstrapping
and you are using interface move HA, you can add op-cmd-dpdk-pkt-io=off to
the init-cfg.txt file to deploy the firewall with DPDK disabled.