CN-Series Supported Environments

Determine in which environments you can deploy a CN-Series firewall.
You can deploy the CN-Series firewall in the following environments.
Product
Version
PAN-OS 10.1
PAN-OS 10.2
PAN-OS 11.0
Container runtime
Docker
CRI-O
Containerd
Docker
CRI-O
Containerd
Docker
CRI-O
Containerd
Kubernetes version
1.17 through 1.24
1.17 through 1.24
1.17 through 1.24
Cloud provider managed Kubernetes
  • AWS EKS (1.17 through 1.23)
  • EKS on AWS Outpost (1.17 through 1.22)
    CN-Series for EKS on AWS Outpost does not support SR-IOV or Multus.
  • Azure AKS (1.17 through 1.23)
  • GCP GKE (1.17 through 1.23)
  • AWS EKS (1.17 through 1.23)
  • EKS on AWS Outpost (1.17 through 1.22)
    CN-Series for EKS on AWS Outpost does not support SR-IOV or Multus.
  • Azure AKS (1.17 through 1.24)
  • GCP GKE (1.17 through 1.24)
  • Google Anthos 1.12.3
  • OCI OKE (1.23)
  • AWS EKS (1.17 through 1.23)
  • EKS on AWS Outpost (1.17 through 1.22)
    CN-Series for EKS on AWS Outpost does not support SR-IOV or Multus.
  • Azure AKS (1.17 through 1.24)
  • GCP GKE (1.17 through 1.24)
  • OCI OKE (1.23)
Customer managed Kubernetes
On the public cloud or on-premises data center.
Make sure that the Kubernetes version, CNI Types, and Host VM OS versions are included in this table.
VMware TKG+ version 1.1.2
  • Infrastructure Platform—vSphere 7.0
  • Kubernetes Host VM OS—Photon OS
On the public cloud or on-premises data center.
Make sure that the Kubernetes version, CNI Types, and Host VM OS versions are included in this table.
VMware TKG+ version 1.1.2
  • Infrastructure Platform—vSphere 7.0
  • Kubernetes Host VM OS—Photon OS
On the public cloud or on-premises data center.
Make sure that the Kubernetes version, CNI Types, and Host VM OS versions are included in this table.
VMware TKG+ version 1.1.2
  • Infrastructure Platform—vSphere 7.0
  • Kubernetes Host VM OS—Photon OS
Kubernetes Host VM
Operating System:
  • Ubuntu 16.04
  • Ubuntu 18.04
  • RHEL/Centos 7.3 and later
  • CoreOS 21XX, 22XX
  • Container-Optimized OS
Operating System:
  • Ubuntu 16.04
  • Ubuntu 18.04
  • RHEL/Centos 7.3 and later
  • CoreOS 21XX, 22XX
  • Container-Optimized OS
Operating System:
  • Ubuntu 16.04
  • Ubuntu 18.04
  • RHEL/Centos 7.3 and later
  • CoreOS 21XX, 22XX
  • Container-Optimized OS
Linux Kernel Netfilter: Iptables
Linux kernel version:
Linux kernel version:
Linux kernel version:
Linux kernel Netfilter: Iptables
Linux kernel Netfilter: Iptables
CNI Plugins
CNI Spec 0.3 and later:
  • AWS-VPC
  • Azure
  • Calico
  • Flannel
  • Weave
  • For Openshift, OpenshiftSDN
  • The following are supported on the CN-Series firewall as a DaemonSet.
    • Multus
    • Bridge
    • SR-IOV
    • Macvlan
CNI Spec 0.3 and later:
  • AWS-VPC
  • Azure
  • Calico
  • Flannel
  • Weave
  • For Openshift, OpenshiftSDN
  • The following are supported on the CN-Series firewall as a DaemonSet.
    • Multus
    • Bridge
    • SR-IOV
    • Macvlan
CNI Spec 0.3 and later:
  • AWS-VPC
  • Azure
  • Calico
  • Flannel
  • Weave
  • For Openshift, OpenshiftSDN
  • The following are supported on the CN-Series firewall as a DaemonSet.
    • Multus
    • Bridge
    • SR-IOV
    • Macvlan
OpenShift
CN-Series as a DaemonSet:
4.2, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11
  • Version 4.2, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11
    OpenShift 4.7 is qualified on the CN-Series as a DaemonSet only.
  • OpenShift on AWS
  • Version 4.2, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11
    OpenShift 4.7 is qualified on the CN-Series as a DaemonSet only.
  • OpenShift on AWS
CN-Series as a K8s Service:
(PAN-OS 10.1.2 and later)
4.7, 4.8, 4.9, and 4.10

Recommended For You