Palo Alto Networks Compatibility Matrix
    : CN-Series Supported Environments
    Focus
    Download PDF
    Focus
    1. Home
    2. Palo Alto Networks Compatibility Matrix
    3. CN-Series Firewalls
    4. CN-Series Supported Environments
    Download PDF

    Palo Alto Networks Compatibility Matrix

    CN-Series Supported Environments

    Table of Contents

    CN-Series Supported Environments

    Determine in which environments you can deploy a CN-Series firewall.
    You can deploy the CN-Series firewall in the following environments.
    Product
    PAN-OS 10.1
    PAN-OS 10.2
    PAN-OS 11.0
    PAN-OS 11.1
    Container runtime
    Docker
    CRI-O
    Containers
    Docker
    CRI-O
    Containers
    Docker
    CRI-O
    Containers
    Docker
    CRI-O
    Containers
    Kubernetes version
    1.17 through 1.27
    1.17 through 1.27
    1.17 through 1.27
    1.17 through 1.27
    Cloud provider managed Kubernetes
    • AWS EKS (1.17 through 1.27 for CN-Series as a daemonset and CN-Series as a Service mode of deployment. )
    • EKS on AWS Outpost (1.17 through 1.22)
      CN-Series for EKS on AWS Outpost does not support SR-IOV or Multus.
    • Azure AKS (1.17 through 1.27)
      In Azure AKS, the PAN-OS 10.1.10h1 is the minimum required version to support Kubernetes 1.25 and above.
    • AliCloud ACK (1.26)
    • GCP GKE (1.17 through 1.27)
    • AWS EKS (1.17 through 1.27 for CN-Series as a daemonset and CN-Series as a Service mode of deployment. )
    • AWS EKS (1.17 through 1.22 for CN-Series as a CNF mode of deployment.)
    • EKS on AWS Outpost (1.17 through 1.22)
      CN-Series for EKS on AWS Outpost does not support SR-IOV or Multus.
    • Azure AKS (1.17 through 1.27)
      In Azure AKS, the PAN-OS 10.2.4h3 is the minimum required version to support Kubernetes 1.25 and above.
    • GCP GKE (1.17 through 1.27)
      In GCP GKE, the PAN-OS 10.2.4h3 is the minimum required version to support Kubernetes 1.25 and above.
    • Google Anthos 1.12.3
    • OCI OKE (1.23)
    • AWS EKS (1.17 through 1.27 for CN-Series as a daemonset and CN-Series as a Service mode of deployment. )
    • AWS EKS (1.17 through 1.22 for CN-Series as a CNF mode of deployment.)
    • EKS on AWS Outpost (1.17 through 1.22)
      CN-Series for EKS on AWS Outpost does not support SR-IOV or Multus.
    • Azure AKS (1.17 through 1.27)
      In Azure AKS, the PAN-OS 11.0.2 is the minimum required version to support Kubernetes 1.25 and above.
    • GCP GKE (1.17 through 1.27)
    • OCI OKE (1.23)
    • AWS EKS (1.17 through 1.27 for CN-Series as a daemonset and CN-Series as a Service mode of deployment. )
    • AWS EKS (1.17 through 1.22 for CN-Series as a CNF mode of deployment.)
    • EKS on AWS Outpost (1.17 through 1.22)
      CN-Series for EKS on AWS Outpost does not support SR-IOV or Multus.
    • Azure AKS (1.17 through 1.27)
      In Azure AKS, the PAN-OS 11.0.2 is the minimum required version to support Kubernetes 1.25 and above.
    • GCP GKE (1.17 through 1.27)
    • OCI OKE (1.23)
    Customer managed Kubernetes
    On the public cloud or on-premises data center.
    Make sure that the Kubernetes version, CNI Types, and Host VM OS versions are included in this table.
    VMware TKG+ version 1.1.2
    • Infrastructure Platform—vSphere 7.0
    • Kubernetes Host VM OS—Photon OS
    On the public cloud or on-premises data center.
    Make sure that the Kubernetes version, CNI Types, and Host VM OS versions are included in this table.
    VMware TKG+ version 1.1.2
    • Infrastructure Platform—vSphere 7.0
    • Kubernetes Host VM OS—Photon OS
    On the public cloud or on-premises data center.
    Make sure that the Kubernetes version, CNI Types, and Host VM OS versions are included in this table.
    VMware TKG+ version 1.1.2
    • Infrastructure Platform—vSphere 7.0
    • Kubernetes Host VM OS—Photon OS
    On the public cloud or on-premises data center.
    Make sure that the Kubernetes version, CNI Types, and Host VM OS versions are included in this table.
    VMware TKG+ version 1.1.2
    • Infrastructure Platform—vSphere 7.0
    • Kubernetes Host VM OS—Photon OS
    Kubernetes Host VM
    Operating System:
    • Ubuntu 16.04
    • Ubuntu 18.04
    • Ubuntu-22.04
    • RHEL/CentOS 7.3 and later
    • CoreOS 21XX, 22XX
    • Container-Optimized OS
    Operating System:
    • Ubuntu 16.04
    • Ubuntu 18.04
    • Ubuntu-22.04
    • RHEL/CentOS 7.3 and later
    • CoreOS 21XX, 22XX
    • Container-Optimized OS
    Operating System:
    • Ubuntu 16.04
    • Ubuntu 18.04
    • Ubuntu-22.04
    • RHEL/CentOS 7.3 and later
    • CoreOS 21XX, 22XX
    • Container-Optimized OS
    Operating System:
    • Ubuntu 16.04
    • Ubuntu 18.04
    • Ubuntu-22.04
    • RHEL/CentOS 7.3 and later
    • CoreOS 21XX, 22XX
    • Container-Optimized OS
    Linux Kernel Netfilter: Iptables
    Linux kernel version:
    Linux kernel version:
    Linux kernel version:
    Linux kernel version:
    Linux kernel Netfilter: Iptables
    Linux kernel Netfilter: Iptables
    Linux kernel Netfilter: Iptables
    CNI Plugins
    CNI Spec 0.3 and later:
    • AWS-VPC
    • Azure
    • Calico
    • Flannel
    • Weave
    • For AliCloud, Terway
    • For Openshift, OpenshiftSDN
    • The following are supported on the CN-Series firewall as a DaemonSet.
      • Multus
      • Bridge
      • SR-IOV
      • Macvlan
    CNI Spec 0.3 and later:
    • AWS-VPC
    • Azure
    • Calico
    • Flannel
    • Weave
    • For Openshift, OpenshiftSDN
    • The following are supported on the CN-Series firewall as a DaemonSet.
      • Multus
      • Bridge
      • SR-IOV
      • Macvlan
    CNI Spec 0.3 and later:
    • AWS-VPC
    • Azure
    • Calico
    • Flannel
    • Weave
    • For Openshift, OpenshiftSDN
    • The following are supported on the CN-Series firewall as a DaemonSet.
      • Multus
      • Bridge
      • SR-IOV
      • Macvlan
    CNI Spec 0.3 and later:
    • AWS-VPC
    • Azure
    • Calico
    • Flannel
    • Weave
    • For Openshift, OpenshiftSDN
    • The following are supported on the CN-Series firewall as a DaemonSet.
      • Multus
      • Bridge
      • SR-IOV
      • Macvlan
    OpenShift
    CN-Series as a DaemonSet:
    4.2, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 4.10, 4.11, 4.12, and 4.13
    • Version 4.2, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 4.10, 4.11, 4.12, and 4.13
      OpenShift 4.7 is qualified on the CN-Series as a DaemonSet only.
    • OpenShift on AWS
    The PAN-OS 10.2.4h3 is the minimum required version to support 4.12 and above.
    • Version 4.2, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 4.10, 4.11, 4.12, and 4.13
      OpenShift 4.7 is qualified on the CN-Series as a DaemonSet only.
      The PAN-OS 11.0.2 is the minimum required version to support 4.12 and above.
    • OpenShift on AWS
    • Version 4.2, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 4.10, 4.11, 4.12, and 4.13
      OpenShift 4.7 is qualified on the CN-Series as a DaemonSet only.
      The PAN-OS 11.0.2 is the minimum required version to support 4.12 and above.
    • OpenShift on AWS
    CN-Series as a K8s Service:
    (PAN-OS 10.1.2 and later)
    4.7, 4.8, 4.9, 4.10, 4.11, 4.12, and 4.13
    The PAN-OS 10.1.10h1 is the minimum required version to support 4.12 and above.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.