On your OpenShift environment, deploy the CN-Series firewalls.
Where Can I Use
This? | What Do I Need? |
|
- CN-Series 10.1.x or above Container Images
- Panorama running PAN-OS 10.2.x version and
above
|
Prerequisites for CN-Series on Openshift Operator Hub:
The following are the prerequisites for deploying the CN-Series firewall on the
Openshift operator hub:
Deploy the CN-Series on an OpenShift Operator hub:
The pan-cni secures traffic on the default eth0 interface of the application
pod. If you have multi-homed pods, you can configure the CN-NGFW pod to secure
additional interfaces that are configured with a bridge-based connection to
communicate with other pods or the host. Depending on the annotation in the
application YAML, you can configure the CN-Series firewall to inspect traffic from
all the interfaces or a selected number of interfaces attached to each pod.
The pan-cni does not create a network and hence, does not need IP addresses like
other CNI plugins.
You require PAN-OS 10.2 or later to deploy the CN-Series on OpenShift Operator
hub.
Following are the steps to deploy the CN-Series firewall on your Redhat OpenShift
operator hub: