What’s New in Panorama Plugin for Azure 2.0.0
Table of Contents
Expand all | Collapse all
-
-
-
-
- Features Introduced in Zero Touch Provisioning 2.0
- Known Issues in the Zero Touch Provisioning 2.0.4 Release
- Known Issues in the Zero Touch Provisioning 2.0.3 Release
- Known Issues in the Zero Touch Provisioning 2.0.2 Release
- Known Issues in the Zero Touch Provisioning 2.0.1 Release
- Known Issues in the Zero Touch Provisioning 2.0.0 Release
- Limitations
-
-
What’s New in Panorama Plugin for Azure 2.0.0
The following topics describe the features
introduced in this release.
- Auto Scale the VM-Series Firewall on Azure
- Secure Kubernetes Services in an Azure Kubernetes Cluster
- Minimum Versions for Azure Auto Scaling and Azure Kubernetes Service Deployments
Auto Scale the VM-Series Firewall on Azure
Palo Alto Networks now provides templates to help you
deploy an auto-scaling tier of VM-Series firewalls using several
Azure services such as Virtual Machine Scale Sets, Azure Application
Insights, Azure load balancers, Azure functions, Panorama and the
Panorama plugin for Azure, and the VM-Series automation capabilities including
the PAN-OS API and bootstrapping. The Azure Auto Scaling Version 1.0 templates
allow you to leverage the scalability features on Azure that are
designed to manage sudden surges in demand for application workload
resources by independently scaling VM-Series firewalls in response
to changing workloads.
Secure Kubernetes Services in an Azure Kubernetes Cluster
To secure Azure Kubernetes services (AKS), you must
first install the Azure plugin for Panorama, and the Azure auto
scaling solution. The auto scaling templates use information about
your network and your resources to create a hub and spoke architecture
and deploy an auto-scaling tier of VM-Series firewalls in a spoke Virtual
Network (VNet).The AKS version 1.0 templates
work with your auto scaling deployment to deploy an AKS cluster
in a new Azure VNet. The Azure plugin helps you configure a connection
that can monitor Azure Kubernetes cluster workloads, harvesting
services you have annotated as “internal load balancer” and automatically
creating tags you can use in Panorama dynamic address groups. You
can leverage dynamic address groups to apply Security Policy on
inbound traffic routed to services running on your AKS cluster.
Minimum Versions for Azure Auto Scaling and Azure Kubernetes Service Deployments
Consult the VM-Series plugin compatibility
matrix and the VM-Series plugin compatibility
matrix to verify the newest version information.
Panorama Management Server
The following table lists the minimum versions you must install
on Panorama.
| Panorama (PAN-OS) | VM-Series Plugin | Azure Plugin on Panorama | Templates |
|---|---|---|---|
| 9.0.3 | 1.0.4 (manual install) | azure-2.0.0 |
- Panorama can manage firewalls that have the same version
or earlier. You must install the VM-Series plugin so that Panorama
can manage VM-Series firewalls running 9.0.1 and later.Download the VM-Series plugin from the Customer Support portal, and manually upload and install the plugin on Panorama.Unlike PAN-OS 9.0.0 and later, Panorama does not include the VM-Series plugin by default. After the manual installation, PanoramaPluginsCheck Now does not detect changes in the VM-Series plugin version.To upgrade the VM-Series plugin, download it from the Customer Support portal, upload to Panorama, and install.
- You can download and install the Azure plugin on Panorama version 2.0 from PanoramaPlugins. You can also download it from the Customer Support portal, and manually upload and install the plugin on Panorama.
- If you have an Azure plugin on Panorama version 1.0 deployment, you can use version 2.0 to manage your existing firewalls (assuming they meet the minimum PAN-OS requirements), but you must redeploy using the Azure plugin version 2.0.There is no upgrade path from version 1.0 to version 2.0 because the schema changed in version 2.0. See Known Issues in Panorama Plugin for Azure 2.0.0.
VM-Series Firewalls
The minimum versions for managed firewalls are as follows:
| PAN-OS on VM-Series | VM-Series Plugin |
|---|---|
| 8.1.8 and later | N/A |
| 9.0.3 and later | 1.0.4 and later. |