Helm 3.6 or above version client for CN-Series deployment with Helm
CN-Series firewall licensing is managed by the Kubernetes
plugin on Panorama. The CN-Series firewalls are licensed based on
the total number of vCPUs (cores) used by the CN-NGFW pods deployed
in your Kubernetes environment. One token is consumed for each vCPU
used the CN-NGFW.
Activate Credits—begin by activating
your credits. Once activated, you can apply credits from your credit
pool to a CN-Series deployment profile.
Create a CN-Series Deployment Profile—in the deployment
profile, you will specify the number of vCPUs that allocate to the
generate authcode. You will then use the authcode associated with
your CN-Series deployment profile to license the CN-Series firewalls
in your Kubernetes cluster. The deployment profile can be used license
the CN-NGFW pods based on the number of vCPUs allocated. A single
authcode from a deployment profile can be used to license the CN-Series
across different Kubernetes environments, different clusters, or
on different Panorama instances.
In a CN-Series-as-a-Kubernetes-Service
deployment, if the number of CN-NGFW pods deployed in your environment
exceeds the number of allocated vCPUs, you have a 30-day grace period
to add more vCPUs to your deployment profile or delete enough CN-NGFW
pods. If you do not allocate additional vCPUs or delete unlicensed
pods within the 30-day grace period, all CN-Series firewalls in
your the cluster will be delicensed.
When a the CN-Series
is deployed a DaemonSet, if the number of CN-NGFW pods deployed
exceed the number of allocated vCPUs, you have a four-hour grace
period to add more vCPUs to your deployment profile or delete enough
CN-NGFW pods. If you do not allocate additional vCPUs or delete
unlicensed pods within the four-hour grace period, the unlicensed pods
will stop processing traffic. The already licensed pods remain licensed.
You
also have the option to provision a virtual Panorama appliance when
creating your CN-Series deployment profile.
Manage Deployment Profiles—you can edit,
clone, or delete CN-Series deployment profiles based on the requirements
of your CN-Series deployment. Additionally, you can add or remove
subscriptions from the deployment profile after it has been created.
Licenses are applied to the CN-Series at the cluster level.
Individual CN-NGFW might appear as unlicensed, however, all pods
in the cluster are licensed until the entire cluster is delicensed.