CN-Series Firewall for Kubernetes

The Palo Alto Networks Container Native Firewalls (CN-Series) are natively integrated into Kubernetes (k8s) to provide complete L7 visibility, application level segmentation, DNS Security, and protection from advanced threats for traffic going across trusted zones in public cloud or data center environments. It enables you to isolate and protect workloads, application stacks, and services, even as individual containers scale up, down, or across hosts and consistently apply security policies that are based on Kubernetes labels.

App deployment in a Kubernetes environment is dynamic and the following teams are often involved in the container lifecycle:

Platform (PAAS) Admin

—Manages the Kubernetes clusters and other infrastructure components in public cloud and data centers.

App Teams

—Deploy their individual containerized and other applications in Kubernetes namespaces/projects provided by PAAS admin.

Security Admin

—Provisions security for the entire deployment including Kubernetes clusters and individual containerized applications.

In this dynamic scenario and interplay with multiple teams, security management and monitoring pose a challenge. The CN-Series firewall enables your security administrator to provision security for the containerized applications across a wide range of environments including Cloud Provider Managed k8s such as GKE, EKS, AKS, and Customer Managed k8s such as Openshift, and Native k8s on the public cloud or on premises data centers. The CN-Series firewall uses Kubernetes constructs and metadata driven policy so that the teams can automate the deployment and efficiently enforce security policy to consistently protect from known and unknown threats.

Start here:

CN-Series Key Concepts

CN-Series Core Building Blocks

Components Required to Secure Kubernetes Clusters with CN-Series Firewall

CN-Series Deployment—Supported Environments

CN-Series System Requirements

CN-Series Performance and Scaling

Additional CN-Series Resources