Virtualization Features

Describes all the exciting new capabilities in PAN-OS® 9.0 for the VM-Series firewall.
New Virtualization Features
VM-Series firewall on KVM—VLAN Access Mode with SR-IOV
Available starting with PAN-OS
In VLAN access mode with SR-IOV, when you deploy the VM-Series firewall as a Virtual Network Function (VNF) on the KVM hypervisor, it can send and receive packets from SR-IOV virtual functions (VFs) without VLAN tags. This capability enables you to apply QoS policies on the access interface and provide differentiated treatment of traffic in a multi-tenant deployment.
VM-Series on AWS—Support for C5 and M5 Instance Types with ENA
The VM-Series firewall on AWS adds support for the C5 and M5 instance types that use the Elastic Network Adapter (ENA). With the support for these instance types, you can deploy the VM-Series firewall in all regions that support C5/M5 instance types including new AWS regions, such as AWS Paris that exclusively use newer instance types.
VM-Series Plugin
The VM-Series firewalls now support a plugin architecture that enables Palo Alto Networks to deliver cloud features and updates, including integrations with new cloud platforms or hypervisors, independent of a PAN-OS release. This VM-Series plugin manages interactions between the VM-Series firewalls and the supported public and private cloud deployments.
The plugin is digitally signed by Palo Alto Networks and built-in to all models of the VM-Series firewalls. You can update the installed plugin version just like software or content updates—locally on the firewall, using bootstrapping, or centrally from Panorama™.
Support for HA for VM-Series on Azure
The VM-Series firewall on Azure now supports an active/passive HA configuration. This capability is delivered using the VM-Series plugin (see above).
Higher Performance for VM-Series on Azure using Azure Accelerated Networking (SR-IOV)
To support higher throughput, VM-Series firewalls deployed on D/DSv2 and D/DSv3 class of Azure VMs include support for Accelerated Networking (SR-IOV). You can now deploy this higher performance firewall as an active/passive HA pair or in a scale-out deployment with Azure load balancers.

Recommended For You