CN-Series Supported Environments

Determine in which environments you can deploy a CN-Series firewall.
You can deploy the CN-Series firewall in the following environments:
Product
Version
PAN-OS 10.0
PAN-OS 10.1
PAN-OS 10.2
Container runtime
Docker
CRI-O
Containerd
Docker
CRI-O
Containerd
Docker
CRI-O
Containerd
Kubernetes version
1.14 through 1.23
1.17 through 1.23
1.17 through 1.23
Cloud provider managed Kubernetes
  • AWS EKS (1.17 through 1.22)
  • EKS on AWS Outpost (1.17 through 1.22)
    CN-Series for EKS on AWS Outpost does not support SR-IOV or Multus.
  • Azure AKS (1.17 through 1.23)
  • GCP GKE (1.17 through 1.23)
  • AWS EKS (1.17 through 1.22)
  • EKS on AWS Outpost (1.17 through 1.22)
    CN-Series for EKS on AWS Outpost does not support SR-IOV or Multus.
  • Azure AKS (1.17 through 1.23)
  • GCP GKE (1.17 through 1.23)
  • AWS EKS (1.17 through 1.22)
  • EKS on AWS Outpost (1.17 through 1.22)
    CN-Series for EKS on AWS Outpost does not support SR-IOV or Multus.
  • Azure AKS (1.17 through 1.23)
  • GCP GKE (1.17 through 1.23)
  • OCI OKE (1.23)
Customer managed Kubernetes
On the public cloud or on-premise data center.
Make sure that the Kubernetes version, CNI Types, and Host VM OS versions are as listed in this table.
VMware TKG+ version 1.1.2
  • Infrastructure Platform—vSphere 7.0
  • Kubernetes Host VM OS—Photon OS
On the public cloud or on-premise data center.
Make sure that the Kubernetes version, CNI Types, and Host VM OS versions are as listed in this table.
VMware TKG+ version 1.1.2
  • Infrastructure Platform—vSphere 7.0
  • Kubernetes Host VM OS—Photon OS
On the public cloud or on-premise data center.
Make sure that the Kubernetes version, CNI Types, and Host VM OS versions are as listed in this table.
VMware TKG+ version 1.1.2
  • Infrastructure Platform—vSphere 7.0
  • Kubernetes Host VM OS—Photon OS
Kubernetes Host VM
Operating System:
  • Ubuntu 16.04
  • Ubuntu 18.04
  • RHEL/Centos 7.3 and later
  • CoreOS 21XX, 22XX
  • Container-Optimized OS
Operating System:
  • Ubuntu 16.04
  • Ubuntu 18.04
  • RHEL/Centos 7.3 and later
  • CoreOS 21XX, 22XX
  • Container-Optimized OS
Operating System:
  • Ubuntu 16.04
  • Ubuntu 18.04
  • RHEL/Centos 7.3 and later
  • CoreOS 21XX, 22XX
  • Container-Optimized OS
The Linux Kernel Netfilter: Iptables
Linux Kernel Netfilter: Iptables
Linux Kernel Version:
Linux Kernel Version:
Linux Kernel Netfilter: Iptables
CNI Plugins
CNI Spec 0.3 and later:
  • AWS-VPC
  • Azure
  • Calico
  • Flannel
  • Weave
  • Multus (supported on PAN-OS 10.0.1 and later)
  • Bridge (supported on PAN-OS 10.0.1 and later)
  • SR-IOV (supported on PAN-OS 10.0.2 and later)
  • Macvlan (supported on PAN-OS 10.0.2 and later)
  • For Openshift, OpenshiftSDN
CNI Spec 0.3 and later:
  • AWS-VPC
  • Azure
  • Calico
  • Flannel
  • Weave
  • For Openshift, OpenshiftSDN
  • The following are supported on the CN-Series firewall as a DaemonSet.
    • Multus
    • Bridge
    • SR-IOV
    • Macvlan
CNI Spec 0.3 and later:
  • AWS-VPC
  • Azure
  • Calico
  • Flannel
  • Weave
  • For Openshift, OpenshiftSDN
  • The following are supported on the CN-Series firewall as a DaemonSet.
    • Multus
    • Bridge
    • SR-IOV
    • Macvlan
OpenShift
4.2, 4.4, 4.5, 4.6, 4.7, 4.8, and 4.10.
CN-Series as a DaemonSet:
4.2, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, and 4.10
  • Version 4.2, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, and 4.10
    OpenShift 4.7 is qualified on the CN-Series as a DaemonSet only.
  • OpenShift on AWS
CN-Series as a K8s Service:
(PAN-OS 10.1.2 and later)
4.7, 4.8, 4.9, and 4.10

Recommended For You