CN-Series Supported Environments

Determine in which environments you can deploy a CN-Series firewall.

You can deploy the CN-Series firewall in the following environments.

Product	Version
Product	PAN-OS 10.1	PAN-OS 10.2	PAN-OS 11.0
Container runtime	Docker CRI-O Containerd	Docker CRI-O Containerd	Docker CRI-O Containerd
Kubernetes version	1.17 through 1.24	1.17 through 1.24	1.17 through 1.24
Cloud provider managed Kubernetes	AWS EKS (1.17 through 1.23) EKS on AWS Outpost (1.17 through 1.22) CN-Series for EKS on AWS Outpost does not support SR-IOV or Multus. Azure AKS (1.17 through 1.23) GCP GKE (1.17 through 1.23)	AWS EKS (1.17 through 1.23) EKS on AWS Outpost (1.17 through 1.22) CN-Series for EKS on AWS Outpost does not support SR-IOV or Multus. Azure AKS (1.17 through 1.24) GCP GKE (1.17 through 1.24) Google Anthos 1.12.3 OCI OKE (1.23)	AWS EKS (1.17 through 1.23) EKS on AWS Outpost (1.17 through 1.22) CN-Series for EKS on AWS Outpost does not support SR-IOV or Multus. Azure AKS (1.17 through 1.24) GCP GKE (1.17 through 1.24) OCI OKE (1.23)
Customer managed Kubernetes	On the public cloud or on-premises data center. Make sure that the Kubernetes version, CNI Types, and Host VM OS versions are included in this table. VMware TKG+ version 1.1.2 Infrastructure Platform—vSphere 7.0 Kubernetes Host VM OS—Photon OS	On the public cloud or on-premises data center. Make sure that the Kubernetes version, CNI Types, and Host VM OS versions are included in this table. VMware TKG+ version 1.1.2 Infrastructure Platform—vSphere 7.0 Kubernetes Host VM OS—Photon OS	On the public cloud or on-premises data center. Make sure that the Kubernetes version, CNI Types, and Host VM OS versions are included in this table. VMware TKG+ version 1.1.2 Infrastructure Platform—vSphere 7.0 Kubernetes Host VM OS—Photon OS
Kubernetes Host VM	Operating System: Ubuntu 16.04 Ubuntu 18.04 RHEL/Centos 7.3 and later CoreOS 21XX, 22XX Container-Optimized OS	Operating System: Ubuntu 16.04 Ubuntu 18.04 RHEL/Centos 7.3 and later CoreOS 21XX, 22XX Container-Optimized OS	Operating System: Ubuntu 16.04 Ubuntu 18.04 RHEL/Centos 7.3 and later CoreOS 21XX, 22XX Container-Optimized OS
	Linux Kernel Netfilter: Iptables	Linux kernel version: 4.18 or later (K8s Service Mode only) 5.4 or later required to enable AF_XDP mode. See Editable Parameters in CN-Series Deployment YAML Files for more information.	Linux kernel version: 4.18 or later (K8s Service Mode only) 5.4 or later required to enable AF_XDP mode. See Editable Parameters in CN-Series Deployment YAML Files for more information.
	Linux kernel version: 4.18 or later (K8s Service Mode only) 5.4 or later required to enable AF_XDP mode. See Editable Parameters in CN-Series Deployment YAML Files for more information.	Linux kernel Netfilter: Iptables	Linux kernel Netfilter: Iptables
CNI Plugins	CNI Spec 0.3 and later: AWS-VPC Azure Calico Flannel Weave For Openshift, OpenshiftSDN The following are supported on the CN-Series firewall as a DaemonSet. Multus Bridge SR-IOV Macvlan	CNI Spec 0.3 and later: AWS-VPC Azure Calico Flannel Weave For Openshift, OpenshiftSDN The following are supported on the CN-Series firewall as a DaemonSet. Multus Bridge SR-IOV Macvlan	CNI Spec 0.3 and later: AWS-VPC Azure Calico Flannel Weave For Openshift, OpenshiftSDN The following are supported on the CN-Series firewall as a DaemonSet. Multus Bridge SR-IOV Macvlan
OpenShift	CN-Series as a DaemonSet: 4.2, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11	Version 4.2, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11 OpenShift 4.7 is qualified on the CN-Series as a DaemonSet only. OpenShift on AWS	Version 4.2, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11 OpenShift 4.7 is qualified on the CN-Series as a DaemonSet only. OpenShift on AWS
OpenShift	CN-Series as a K8s Service: (PAN-OS 10.1.2 and later) 4.7, 4.8, 4.9, and 4.10

Most Popular