>
    CN-Series HSF System Requirements
    Focus
    Download PDF
    Focus
    1. Home
    2. CN-Series
    3. CN-Series HSF
    4. CN-Series HSF System Requirements
    Download PDF
    CN-Series

    CN-Series HSF System Requirements

    Table of Contents

    CN-Series HSF System Requirements

    Where Can I Use This?What Do I Need?
    • CN-Series HSF Firewall deployment
    • CN-Series 11.0.x or above Container Images
    • Panorama running PAN-OS 11.0.x or above version

    Recommended CN-Series HSF system and capacity matrix

    Here are our recommended system requirements for CN-Series HSF.
    The following table separates data by CN-Series sizes—small, medium, and large. The throughput inspection that the CN-Series HSF can perform varies based on the size of the cluster.
    • CN-Series Small for HSF
    • CN-Series Medium for HSF
    • CN-Series Large for HSF
    The CN-Series HSF requires two node groups—CN-MGMT and CN-DB with two nodes each. The number of nodes needed for CN-GW and CN-NGFW node groups depend on the throughput.
    Cluster FlavorSmallMediumLarge
    CN-GWCores242424
    Memory16 GB20 GB24 GB
    Bandwidth50 Gbps100 Gbps100 Gbps
    Instance Typec5n.9xlarge (36vCPU, 96Gi)c5n.18xlargec5n.18xlarge
    CN-DBCores8812
    Memory0.64 x 12 x MaxSession (in Million) GB0.64 x 12 x MaxSession (in Million) GB0.64 x 10 x 10 GB
    Bandwidth10 GbE25 GbE25 GbE
    Instance Typec5n.4xlarge (16vCPU, 42Gi)c5n.4xlargec5n.9xlarge
    CN-MGMTCores41212
    Memory16 GB16 GB - 24 GB16 GB - 24 GB
    Bandwidth10 GbE10 GbE10 GbE
    Disk56 Gi80 Gi80 Gi
    Instance Typec5n.4xlarge (8vCPU, 21Gi)c5n.4xlarge or c5d.9xlargec5n.4xlarge or c5d.9xlarge
    CN-NGFWCores152424 - 36
    Memory20 GB16 GB - 47 GB48 GB ( 56 GB for cores > 32)
    Bandwidth25 GbE50 GbE50 GbE
    Instance Typec5n.4xlarge (16vCPU, 42Gi)c5n.9xlargec5n.9xlarge

    Recommended CN-Series HSF Flavor

    Cluster FlavorNumber of NodesTotal Number of InterfacesMinimum Number of Interfaces
    SmallMediumLarge
    CN-GW2344-154
    CN-DB22222
    CN-MGMT22211
    CN-NGFW681033
    Additional CN-NGFW to cover DP Failure222--

    CN-Series HSF Jumbo Mode Support

    When jumbo support is enabled, Panorama configures maximum transmission unit (MTU) for all interfaces on the non CN-MGMT to 8744 bytes.
    The system MTU is 9000 bytes in jumbo mode and interfaces will inherit the system MTU if the MTU is not specified.
    In EKS hosts, the default MTU value for AWS EC2 instances is 9000. Hence, no configuration is needed on the host side.
    When jumbo support is disabled, Panorama configures maximum transmission unit (MTU) for all interfaces on the non CN-MGMT to 1756 bytes.
    You must match your jumbo and non-jumbo MTU values on your EKS environments with the Panorama MTU values.
    ModeMTU (Bytes)
    JumboEKS—9000 bytes
    Non-Jumbo1756 byes for all interfaces

    © 2024 Palo Alto Networks, Inc. All rights reserved.