Microperimeter (PAN Traffic Redirector) is a secure microsegmentation solution that protects critical workloads within data centers and cloud environments. While traditional microsegmentation relies on coarse L3/L4 controls like IP addresses and ports, microperimeter enables L7-aware security. This allows you to inspect application-layer traffic and enforce Zero Trust policies for internal (East-West) traffic to detect lateral threat movement and modern application exploit.

Microperimeter solution further enhances this security posture by securing both ingress and egress traffic for a user-defined group of workloads. Security is established by redirecting all or selective traffic destined for and originating from the designated workload group through a user-selected software firewall, employing a hair-pin traffic pattern.

The Microperimeter solution currently operates over IPv4 and utilizes a pan-redirector package, which is supported on Linux distributions. To implement the solution, download the pan-redirector from the CSP portal, then copy, install, and configure it on the desired VM workload. This agent will then redirect the traffic to the firewall.

To maintain compliance, the panredirect service now requires successful telemetry reachability. Consequently, if the agent is unable to transmit telemetry data to the firewall, it will stop redirecting traffic. To enable telemetry, the firewall must be a Prisma AI Runtime Security (Prisma AIRS) firewall. Additionally, the firewall interface used for redirection must have a management profile with HTTPS enabled. Furthermore, the firewall interface requires a Layer 3 configuration, including an IP address, zone, and vrouter.