CN-Series
CN-Series Firewall for Kubernetes
Table of Contents
Expand All
|
Collapse All
CN-Series Firewall Docs
-
- Strata Logging Service with CN-Series Firewall
- IOT Security Support for CN-Series Firewall
- Software Cut-through Based Offload on CN-Series Firewall
-
Deployment Modes
- Deployment Modes
- HSF
- In-Cloud and On-Prem
- Quickstart- CN-Series Firewall Deployment
-
- CN-Series Deployment Checklist
- Deploy CN-Series Firewalls With (Recommended) and Without the Helm Chart
- Editable Parameters in CN-Series Deployment YAML Files
- Secure 5G With the CN-Series Firewall
- Enable Inspection of Tagged VLAN Traffic
- Enable IPVLAN
- Uninstall the Kubernetes Plugin on Panorama
- Features Not Supported on the CN-Series
CN-Series Firewall for Kubernetes
Where Can I Use This? | What Do I Need? |
---|---|
|
|
The Palo Alto Networks Container Native Firewalls (CN-Series) are natively
integrated into kubernetes (k8s) to provide complete L7 visibility, application level
segmentation, DNS Security, and protection from advanced threats for traffic going
across trusted zones in public cloud or data center environments. It enables you to
isolate and protect workloads, application stacks, and services, even as individual
containers scale up, down, or across hosts and consistently apply security policies that
are based on kubernetes labels.
Application deployment in a kubernetes environment is dynamic and the following
teams are often involved in the container life cycle:
- Platform (PAAS) Admin—Manages the Kubernetes clusters and other infrastructure components in public cloud and data centers.
- App Teams—Deploy their individual containerized and other applications in kubernetes namespaces/projects provided by PAAS admin.
- Security Admin—Provisions security for the entire deployment including kubernetes clusters and individual containerized applications.
In this dynamic scenario and interplay with multiple teams, security management and
monitoring pose a challenge. The CN-Series enables your security
administrator to provision security for the containerized applications across a wide
range of environments including Cloud Provider Managed k8s such as GKE, EKS, AKS,
AliCloud ACK, and Customer Managed k8s such as Openshift, and Native k8s on the public
cloud or on premises data centers. The CN-Series uses Kubernetes
constructs and metadata driven policy so that the teams can automate the deployment and
efficiently enforce security policy to consistently protect from known and unknown
threats.