Describes all the exciting new capabilities in PAN-OS® 8.1 for the VM-Series firewall.
|New Virtualization Features||Description|
|VM-50 Lite||The VM-50 Lite is a resource optimized mode of the VM-50 firewall with a smaller memory footprint. This mode allows you to deploy the VM-Series firewall in environments where resources are limited while providing the same performance and features as the standard VM-50 firewall.|
|Integration with Azure Security Center||You can now deploy the VM-Series firewall directly from the Azure Security Center, which provides a consolidated view of the security posture of your Microsoft Azure workloads. This integration enables you to forward URL Filtering, Threat, and WildFire logs of high and critical severity that are generated on the firewall to Azure Security Center so that you can monitor security events from a single management console. When the firewall prevents an attack on your internet-facing web server and generates a threat log for a known vulnerability on an inbound request, for example, it forwards this log to Azure Security Center where you can directly review the security incident.|
|Bootstrapping Enhancements for VM-Series firewall on Azure||When bootstrapping the VM-Series firewall on Azure, you can now use Azure file storage (instead of a data disk) to store the bootstrap files. This change improves the bootstrapping workflow because it enables multiple virtual machines to simultaneously access the same bootstrap package.|
|Support for Azure Application Insights||To enable monitoring and alerts on the health and performance of the VM-Series firewall, you can now natively publish firewall metrics to Azure Application Insights. The integration with Azure Application Insights allows you to monitor custom PAN-OS metrics such as total number of active sessions or dataplane CPU utilization, in order to set alarms or trigger automation events.|
|VM Monitoring for Azure|
VM Monitoring of Microsoft® Azure® resources enables you to dynamically update security policy rules to consistently enforce Security policy across all assets deployed within your Azure subscription. VM Monitoring on Azure uses a VM Monitoring script that runs on a virtual machine within the Azure public cloud. This script collects the IP address-to-tag mapping for all your Azure assets and uses the API to push the VM information to your Palo Alto Networks® firewall(s).
|VM-Series Firewall on Google Cloud Platform|
To secure your workloads on the Google Cloud Platform, you can now deploy the VM-Series firewall from the Google Cloud Platform Marketplace. To scale security with your workloads, deploy one or more instances of the VM-Series firewall behind Google Cloud load balancers and bootstrap the firewall with a complete configuration that includes security policies at launch.
The VM-Series firewall can also natively publish metrics to the Google Stackdriver to monitor and trigger alerts for firewall health and performance. And, to create security policy rules that automatically adapt to changes to your workloads—adds, moves, or deletions of virtual machines in a Google Cloud Platform Project VPC—you can enable VM Monitoring for instances running on Google Cloud Platform on any hardware or VM-Series firewall running PAN-OS 8.1.
|Performance Enhancements for the VM-Series Firewall on NSX|
The VM-Series firewall for VMware NSX can now provide higher per-host traffic throughput. In addition to PAN-OS 8.1, you must also be running VMware NSX Manager 6.3.1 or higher. NSX Manager 6.3.1 introduced NetX APIs that support multiple device channels and multi-process I/O, allowing the VM-Series firewall to use these device channels to improve performance. NSX allocates device channels equal to the number of dataplane cores assigned to the firewall. When you upgrade to 8.1, your VM-Series firewall deployed in an NSX 6.3.1 or higher environment takes full advantage of the number of maximum effective cores assigned to the dataplane.
|FQDN Refresh Time Enhancement|
In PAN-OS 8.1, VM-Series firewalls support a larger range for the FQDN Refresh Time than in prior releases. The range is now 60-14,399 seconds, which allows VM-Series firewalls to refresh the IP addresses for an FQDN at shorter intervals. A shorter refresh time is helpful for VM-Series firewalls in cloud deployments where IP addresses for FQDNs change frequently.
The shorter refresh time along with the support for using the FQDN of a load balancer in Destination NAT policy (Dynamic IP Address Support for Destination NAT) makes it easier for you to deploy the Amazon ELB service and any other FQDN-based load balancer to distribute sessions evenly across more than one IP address.
Virtualization Features VM-50 Lite Integration with Azure Security Center View high-priority firewall logs as security alerts on the Azure Security Center dashboard with the default ...
Set up the VM-Series Firewall on Azure
Set up the VM-Series Firewall on Azure VM-Series firewall on Azure brings the security features of Palo Alto Networks next generation firewall as a virtual ...
About the VM-Series Firewall on Azure
About the VM-Series Firewall on Azure The VM-Series firewall on Azure must be deployed in a virtual network (VNet) using the Resource Manager deployment mode. ...
VM-Series Deployments The VM-Series firewall can be deployed on the following platforms: VM-Series for VMware vSphere Hypervisor (ESXi) and vCloud Air You can deploy any ...
Enable Azure Application Insights on the VM-Series Firewall
Publish firewall performance metrics to Application Insights. ...
Azure Security Center Integration
Forward firewall logs to the Azure Security Center dashboard for a consolidated view on the security of your Azure deployment. Use this view to assess ...
Support for Azure Application Insights
Support for Azure Application Insights In PAN-OS 8.1, the VM-Series firewall on Azure includes support for natively publishing PAN-OS metrics to an Azure Application Insights ...
Attributes Monitored in the AWS and VMware Environments
Learn about the attributes monitored on ESXi instances. ...
Deployments Supported on Azure
Deployments Supported on Azure Use the VM-Series firewall on Azure to secure your network users in the following scenarios: Hybrid and VNet to VNet —The ...