What’s New in VM-Series Plugin 2.0.3
Table of Contents
Expand all | Collapse all
-
-
-
-
- Features Introduced in Zero Touch Provisioning 2.0
- Known Issues in the Zero Touch Provisioning 2.0.4 Release
- Known Issues in the Zero Touch Provisioning 2.0.3 Release
- Known Issues in the Zero Touch Provisioning 2.0.2 Release
- Known Issues in the Zero Touch Provisioning 2.0.1 Release
- Known Issues in the Zero Touch Provisioning 2.0.0 Release
- Limitations
-
-
What’s New in VM-Series Plugin 2.0.3
The VM-Series plugin 2.0.3 introduces
the following features. Each of these new features requires PAN-OS
10.0.3 or later.
PAYG License Support for the VM-Series on OCI
You can now deploy the VM-Series firewall from the Oracle
Cloud Infrastructure
Marketplace with a Pay-As-You-Go
(PAYG) license. The allows you to deploy a VM-300, VM-500, or VM-700
VM-Series firewall with
Bundle 1 or Bundle 2.
Additionally, you can bootstrap the VM-Series firewall using a PAYG
in the same way you can bootstrap with a BOYL license.
VM-Series on Alibaba Cloud
This VM-Series Plugin release includes integration support
for the VM-Series firewall in Alibaba Cloud. To secure North-South
traffic to and from an Alibaba VPC, use the latest VM-Series firewall
image from the Alibaba Marketplace and deploy the firewall as an
Elastic Compute service instance. When you configure the instance,
you can enter basic bootstrap configuration information as user
data. The deployed firewall supports one NIC, typically for the
management interface. To support the Untrust and Trust interfaces
you must create and attach two additional elastic network interfaces
(ENIs) and reboot the firewall to activate them.
Custom VM-Series Image for Microsoft Azure
You can create a custom VM-Series firewall image for
later use in your Azure deployment. A custom image gives you the
flexibility and consistency to deploy the VM-Series firewall with
the PAN-OS version you want to use instead of being restricted to
using only an image available though the Azure marketplace. Additionally,
your custom image can include the latest content and antivirus updates.
VM-Series HA Across AWS Availability Zones
You can now deploy the active and passive firewall peers
in different AWS availability zones (AZ) and enable HA without assigning
a secondary IP address to the VM-Series interfaces. However, you
can continue to use the
secondary IP mode settings.
This configuration provides limited HA functionality. It moves the
primary public IP addresses assigned to the VM-Series firewall interfaces
and changes the route tables to point to the active instance during
failover. And this cross-AZ HA enables configuration synchronization
but does not facilitate session synchronization.
Palo Alto Networks recommends that you use the new
VM-Series Integration with AWS
Gateway Load Balancer for faster failover.