CN-Series HSF System Requirements
Focus
Focus
CN-Series

CN-Series HSF System Requirements

Table of Contents

CN-Series HSF System Requirements

Where Can I Use This?
What Do I Need?
  • CN-Series HSF Firewall deployment
  • CN-Series 11.0.x or above Container Images
  • Panorama
    running PAN-OS 11.0.x or above version

Recommended CN-Series HSF system and capacity matrix

Here are our recommended system requirements for CN-Series HSF.
The following table separates data by CN-Series sizes—small, medium, and large. The throughput inspection that the CN-Series HSF can perform varies based on the size of the cluster.
  • CN-Series Small for HSF
  • CN-Series Medium for HSF
  • CN-Series Large for HSF
The CN-Series HSF requires two node groups—CN-MGMT and CN-DB with two nodes each. The number of nodes needed for CN-GW and CN-NGFW node groups depend on the throughput.
Cluster Flavor
Small
Medium
Large
CN-GW
Cores
24
24
24
Memory
16 GB
20 GB
24 GB
Bandwidth
50 Gbps
100 Gbps
100 Gbps
Instance Type
c5n.9xlarge (36vCPU, 96Gi)
c5n.18xlarge
c5n.18xlarge
CN-DB
Cores
8
8
12
Memory
0.64 x 12 x MaxSession (in Million) GB
0.64 x 12 x MaxSession (in Million) GB
0.64 x 10 x 10 GB
Bandwidth
10 GbE
25 GbE
25 GbE
Instance Type
c5n.4xlarge (16vCPU, 42Gi)
c5n.4xlarge
c5n.9xlarge
CN-MGMT
Cores
4
12
12
Memory
16 GB
16 GB - 24 GB
16 GB - 24 GB
Bandwidth
10 GbE
10 GbE
10 GbE
Disk
56 Gi
80 Gi
80 Gi
Instance Type
c5n.4xlarge (8vCPU, 21Gi)
c5n.4xlarge or c5d.9xlarge
c5n.4xlarge or c5d.9xlarge
CN-NGFW
Cores
15
24
24 - 36
Memory
20 GB
16 GB - 47 GB
48 GB ( 56 GB for cores > 32)
Bandwidth
25 GbE
50 GbE
50 GbE
Instance Type
c5n.4xlarge (16vCPU, 42Gi)
c5n.9xlarge
c5n.9xlarge

Recommended CN-Series HSF Flavor

Cluster Flavor
Number of Nodes
Total Number of Interfaces
Minimum Number of Interfaces
Small
Medium
Large
CN-GW
2
3
4
4-15
4
CN-DB
2
2
2
2
2
CN-MGMT
2
2
2
1
1
CN-NGFW
6
8
10
3
3
Additional CN-NGFW to cover DP Failure
2
2
2
-
-

CN-Series HSF Jumbo Mode Support

When jumbo support is enabled, Panorama configures maximum transmission unit (MTU) for all interfaces on the non CN-MGMT to 8744 bytes.
The system MTU is 9000 bytes in jumbo mode and interfaces will inherit the system MTU if the MTU is not specified.
In EKS hosts, the default MTU value for AWS EC2 instances is 9000. Hence, no configuration is needed on the host side.
When jumbo support is disabled, Panorama configures maximum transmission unit (MTU) for all interfaces on the non CN-MGMT to 1756 bytes.
You must match your jumbo and non-jumbo MTU values on your EKS environments with the Panorama MTU values.
Mode
MTU (Bytes)
Jumbo
EKS—9000 bytes
Non-Jumbo
1756 byes for all interfaces

Recommended For You