CN-Series Firewalls
Table of Contents
Expand all | Collapse all
- CN-Series Firewalls
- MFA Vendor Support
-
- Cloud Identity Engine Cipher Suites
-
- PAN-OS 11.2 GlobalProtect Cipher Suites
- PAN-OS 11.2 IPSec Cipher Suites
- PAN-OS 11.2 IKE and Web Certificate Cipher Suites
- PAN-OS 11.2 Decryption Cipher Suites
- PAN-OS 11.2 Administrative Session Cipher Suites
- PAN-OS 11.2 HA1 SSH Cipher Suites
- PAN-OS 11.2 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 11.2 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 11.1 GlobalProtect Cipher Suites
- PAN-OS 11.1 IPSec Cipher Suites
- PAN-OS 11.1 IKE and Web Certificate Cipher Suites
- PAN-OS 11.1 Decryption Cipher Suites
- PAN-OS 11.1 Administrative Session Cipher Suites
- PAN-OS 11.1 HA1 SSH Cipher Suites
- PAN-OS 11.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 11.1 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 11.0 GlobalProtect Cipher Suites
- PAN-OS 11.0 IPSec Cipher Suites
- PAN-OS 11.0 IKE and Web Certificate Cipher Suites
- PAN-OS 11.0 Decryption Cipher Suites
- PAN-OS 11.0 Administrative Session Cipher Suites
- PAN-OS 11.0 HA1 SSH Cipher Suites
- PAN-OS 11.0 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 11.0 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 10.2 GlobalProtect Cipher Suites
- PAN-OS 10.2 IPSec Cipher Suites
- PAN-OS 10.2 IKE and Web Certificate Cipher Suites
- PAN-OS 10.2 Decryption Cipher Suites
- PAN-OS 10.2 Administrative Session Cipher Suites
- PAN-OS 10.2 HA1 SSH Cipher Suites
- PAN-OS 10.2 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 10.2 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 10.1 GlobalProtect Cipher Suites
- PAN-OS 10.1 IPSec Cipher Suites
- PAN-OS 10.1 IKE and Web Certificate Cipher Suites
- PAN-OS 10.1 Decryption Cipher Suites
- PAN-OS 10.1 Administrative Session Cipher Suites
- PAN-OS 10.1 HA1 SSH Cipher Suites
- PAN-OS 10.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 10.1 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 9.1 GlobalProtect Cipher Suites
- PAN-OS 9.1 IPSec Cipher Suites
- PAN-OS 9.1 IKE and Web Certificate Cipher Suites
- PAN-OS 9.1 Decryption Cipher Suites
- PAN-OS 9.1 Administrative Session Cipher Suites
- PAN-OS 9.1 HA1 SSH Cipher Suites
- PAN-OS 9.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 9.1 Cipher Suites Supported in FIPS-CC Mode
- Prisma Access
- Strata Cloud Manager and Panorama Feature Parity
- User-ID Agent
- Terminal Server (TS) Agent
- Strata Logging Service Software Compatibility
- Cortex XDR
- Endpoint Security Manager (ESM)
- IPv6 Support by Feature
- Mobile Network Infrastructure Feature Support
CN-Series Firewalls
Learn about supported environments and required and compatible
files for CN-Series firewalls.
The CN-Series firewall is supported only
in certain environments and is compatible with or requires a specific
set of files to do so.
CN-Series Supported Environments
You can deploy the CN-Series firewall in the following environments.
Product | PAN-OS 10.1 | PAN-OS 10.2 | PAN-OS 11.0 | PAN-OS 11.1 | PAN-OS 11.2 |
---|---|---|---|---|---|
Container runtime | Docker CRI-O Containers | Docker CRI-O Containers | Docker CRI-O Containers | Docker CRI-O Containers | Docker CRI-O Containers |
Kubernetes version | 1.17 through 1.27 | 1.17 through 1.27 | 1.17 through 1.27 | 1.17 through 1.27 | 1.17 through 1.27 |
Cloud provider managed Kubernetes |
|
|
|
|
|
Customer managed Kubernetes | On the public cloud or on-premises data center. Make sure that the Kubernetes version, CNI Types, and Host VM OS
versions are included in this table. VMware TKG+ version 1.1.2
| On the public cloud or on-premises data center. Make sure that the Kubernetes version, CNI Types, and Host VM OS
versions are included in this table. VMware TKG+ version 1.1.2
| On the public cloud or on-premises data center. Make sure that the Kubernetes version, CNI Types, and Host VM OS
versions are included in this table. VMware TKG+ version 1.1.2
| On the public cloud or on-premises data center. Make sure that the Kubernetes version, CNI Types, and Host VM OS
versions are included in this table. VMware TKG+ version 1.1.2
| On the public cloud or on-premises data center. Make sure that the Kubernetes version, CNI Types, and Host VM OS
versions are included in this table. VMware TKG+ version 1.1.2
|
Kubernetes Host VM | Operating System:
| Operating System:
| Operating System:
| Operating System:
| Operating System:
|
Linux Kernel Netfilter: Iptables | Linux kernel version:
| Linux kernel version:
| Linux kernel version:
| Linux kernel version:
| |
Linux kernel version:
| Linux kernel Netfilter: Iptables | Linux kernel Netfilter: Iptables | Linux kernel Netfilter: Iptables | Linux kernel Netfilter: Iptables | |
CNI Plugins | CNI Spec 0.3 and later:
| CNI Spec 0.3 and later:
| CNI Spec 0.3 and later:
| CNI Spec 0.3 and later:
| CNI Spec 0.3 and later:
|
OpenShift | CN-Series as a DaemonSet: 4.2, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 4.10, 4.11, 4.12, and 4.13 |
The PAN-OS 10.2.4h3 is the minimum required version to
support 4.12 and above. |
|
|
|
CN-Series as a K8s Service: (PAN-OS 10.1.2 and later) 4.7, 4.8, 4.9, 4.10, 4.11, 4.12, and 4.13 The PAN-OS 10.1.10h1 is the minimum required version to
support 4.12 and above. |
CN-Series Firewall Image and File Compatibility
Deploying the CN-Series firewall requires a number of different of
files. To help ensure a successful deployment, check the following information to
make sure you download the correct combination of files for CN-Series firewall
deployment.
PAN-OS Version | YAML Version | CNI Version | mgmt-init Version |
---|---|---|---|
PAN-OS 11.2.x PAN-OS 11.1.x PAN-OS 11.0.x PAN-OS 10.2.x PAN-OS 10.1.x | 3.0.x | 3.0.x | 3.0.x |