Describes all the exciting new capabilities in PAN-OS®
9.1 for the VM-Series firewall.
The VM-Series firewall running PAN-OS 9.1 requires
the VM-Series plugin 1.0.8.
New Virtualization Features
Description
East-West Traffic Inspection with VM-Series
Firewall on VMware NSX-T
You can now integrate the VM-Series firewall with
VMware NSX-T to provide comprehensive visibility and safe application
enablement of all east-west traffic in your NSX-T deployment. When you
deploy the VM-Series firewall as part of a service chain in a Host
Based (per ESXi host) or Clustered (as part of an ESXi service cluster)
NSX-T managed cloud environment, you can inspect and secure lateral
traffic between virtual machines in the data center and implement
micro-segmentation.
Performance Improvements for C5/M5 Instances on
AWS
VM-Series firewalls deployed on C5 or M5 instances
on AWS that use the Elastic Network Adapter (ENA), now support DPDK.
With DPDK, VM-Series firewalls provide higher throughput performance
for use cases in manual or managed firewall deployments and elastic
scale out deployments. The range of instance sizes in the C5 or
M5 instance family that support these use cases include 5.xlarge
to m5.4xlarge, and c5.18xlarge. DPDK is disabled by default on the
VM-Series on AWS, and you must enable it upon upgrade.
Support for DPDK on Cisco ENCS
For faster packet processing, the VM-Series firewall
running on Cisco Enterprise Network Compute System (ENCS) supports
DPDK on Cisco 5400 ENCS appliances with the NFVIS 3.10.x and 3.12.x.
Support for DPDK on VM-Series on Azure
DPDK support for VM-Series firewall instances on
Azure with Azure Accelerated Networking (AN) enables higher throughput.
This is achieved with a design change for efficiently processing
packets as they pass from the Azure network fabric to the VM-Series
firewall.