The Palo Alto Networks Container Native
Firewalls (CN-Series) are natively integrated into Kubernetes (k8s)
to provide complete L7 visibility, application level segmentation,
DNS Security, and protection from advanced threats for traffic going
across trusted zones in public cloud or data center environments.
It enables you to isolate and protect workloads, application stacks,
and services, even as individual containers scale up, down, or across
hosts and consistently apply security policies that are based on
App deployment in a Kubernetes environment is
dynamic and the following teams are often involved in the container
Platform (PAAS) Admin
Kubernetes clusters and other infrastructure components in public
cloud and data centers.
—Deploy their individual containerized
and other applications in Kubernetes namespaces/projects provided
by PAAS admin.
—Provisions security for
the entire deployment including Kubernetes clusters and individual containerized
In this dynamic scenario and interplay with multiple
teams, security management and monitoring pose a challenge. The
CN-Series firewall enables your security administrator to provision
security for the containerized applications across a wide range
of environments including Cloud Provider Managed k8s such as GKE,
EKS, AKS, and Customer Managed k8s such as Openshift, and Native
k8s on the public cloud or on premises data centers. The CN-Series
firewall uses Kubernetes constructs and metadata driven policy so
that the teams can automate the deployment and efficiently enforce
security policy to consistently protect from known and unknown threats.