Describes all the exciting new capabilities in PAN-OS®
11.0 for the VM-Series and CN-Series firewall.
New Virtualization Feature
Description
Hyperscale Security Fabric (HSF) 1.0 on CN-Series
With CN-Series Hyperscale Security
Fabric (HSF) 1.0, you can now create a cluster of
containerized next-gen firewalls that deliver a highly scalable and
resilient next-gen firewall solution, eliminating the dependency on
external load balancers for Mobile Service Providers deploying 5G
networks.
Key Management Service (KMS) Support
for VM-Series
This release enables cloud native key managers,
Azure Key Vault and AWS Secrets Manager, to store certificates for
VM-Series firewalls.
Software Cut-through Based Offload on Software
Firewalls
You can now configure software cut-through based offload on the
VM-Series and CN-Series firewall.
With the software cut-through based Intelligent Traffic Offload (ITO)
service, the CN-Series firewall eliminates the tradeoff between
network performance, security, and cost. The software cut-through
based offload supports the GTP-U tunnel protocol. In the CN-Series,
only the CN-Series as a Kubernetes CNF mode of deployment supports
software cut-through based ITO. For more information, see Software Cut-through Based
Offload on CN-Series Firewall.