What’s New in Panorama Plugin for AWS 5.1.1
Table of Contents
Expand all | Collapse all
-
-
-
-
- Features Introduced in Zero Touch Provisioning 2.0
- Known Issues in the Zero Touch Provisioning 2.0.4 Release
- Known Issues in the Zero Touch Provisioning 2.0.3 Release
- Known Issues in the Zero Touch Provisioning 2.0.2 Release
- Known Issues in the Zero Touch Provisioning 2.0.1 Release
- Known Issues in the Zero Touch Provisioning 2.0.0 Release
- Limitations
-
-
What’s New in Panorama Plugin for AWS 5.1.1
Learn what's new in Panorama plugin for AWS 5.1.1.
Panorama Orchestrated VM-Series Deployments
Due to changes on AWS, Panorama-orchestration for the VM-Series firewall on
AWS requires the Panorama plugin AWS 5.1.0 or later. Previously deployed VM-Series
firewalls through orchestration feature are not impacted, however any new
deployments without AWS plugin 5.1.0 fail.
- The downgrade of AWS plugin 5.1.1 is blocked.
- The monitoring processing time is improved in AWS plugin 5.1.1 version.
Tag Based Policies
As you deploy or terminate AWS assets (such as EC2 instances) in the AWS
public cloud, you can automatically update security policy on your Palo Alto
Networks® Cloud NGFW resources so that you can secure traffic to these AWS
assets.
To enable this capability from Panorama, you must configure the Panorama
AWS plugin to fetch IP/Tags that your Cloud NGFW tenant harvests from the AWS
accounts you added. Then use the AWS Panorama plugin to push these tags to the Cloud
NGFW resources by configuring the Monitoring definition and Notify them to the
corresponding Device Groups corresponding to these Palo Alto Networks Firewalls. You
can then create PanoramaDynamic Address Group objectsin
those Device Groups using AWS resource tags. When you reference these tags in
Dynamic Address Groups and match against them in Security policy rules, you can
consistently enforce policy across all assets deployed within your AWS accounts.
For more information, seeTag Based Policies on Cloud NGFW on
AWS.