What’s New in Panorama Plugin for AWS 3.0.0
Table of Contents
Expand all | Collapse all
-
-
-
-
-
- Features Introduced in Enterprise Data Loss Prevention 4.0.2
- Known Issues in Enterprise DLP Plugin 4.0.2
- Features Introduced in Enterprise Data Loss Prevention 4.0.1
- Known Issues in Enterprise DLP Plugin 4.0.1
- Features Introduced in Enterprise Data Loss Prevention 4.0.0
- Known Issues in Enterprise DLP Plugin 4.0.0
-
- Features Introduced in Enterprise Data Loss Prevention 3.0.8
- Features Introduced in Enterprise Data Loss Prevention 3.0.7
- Features Introduced in Enterprise Data Loss Prevention 3.0.6
- Features Introduced in Enterprise Data Loss Prevention 3.0.5
- Features Introduced in Enterprise Data Loss Prevention 3.0.4
- Features Introduced in Enterprise Data Loss Prevention 3.0.3
- Features Introduced in Enterprise Data Loss Prevention 3.0.2
- Features Introduced in Enterprise Data Loss Prevention 3.0.1
- Features Introduced in Enterprise Data Loss Prevention 3.0.0
- Known Issues in Enterprise Data Loss Prevention 3.0.8
- Known Issues in Enterprise Data Loss Prevention 3.0.7
- Known Issues in Enterprise Data Loss Prevention 3.0.6
- Known Issues in Enterprise Data Loss Prevention 3.0.5
- Known Issues in Enterprise Data Loss Prevention 3.0.4
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.3
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.0
-
- Features Introduced in Enterprise Data Loss Prevention 1.0.8
- Features Introduced in Enterprise Data Loss Prevention 1.0.3
- Features Introduced in Enterprise Data Loss Prevention 1.0.1
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.8
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.7
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.6
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.4
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.3
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.2
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.1
- Features Introduced in the Enterprise Data Loss Prevention (DLP) Cloud Service
- Limitations
-
-
What’s New in Panorama Plugin for AWS 3.0.0
The AWS plugin for Panorama version 3.0.0 supports these
new capabilities:
Consult the Compatibility Matrix for Panorama plugins for public clouds to
determine the minimum software versions required to support these
features.
System Requirements
- VM-Series Plugin version 2.0.6 or later
- PanOS version 10.0.5 or later
General Enhancements
The Panorama Plugin for AWS version 3.0 introduces orchestration
for AWS autoscaling deployments. From Panorama, you can create a
security stack to redirect inbound, outbound, or east-west traffic
to secure your application stacks. The Panorama plugin user interface
aggregates the majority of networking and authentication information
for the security stack, eliminating the need to work with templates
directly.
The plugin introduce cloud formation template (CFT) hyperlinks
to configure security account and application account prerequisites.
- Use the hyperlink under Security Account to open the CFT in the AWS cloud platform to create a group and associate a policy created by the plugin.
- Use the hyperlink under Application Account to open the CFT in the AWS cloud platform to create a role and attach a policy with required permissions. Make sure that you have chosen all required permissions to create a cross-account role. Optionally, to handle a transit gateway (TGW) that is not in the security account, the cloud formation link deploys a Resource Access Manager (RAM) for the mentioned transit gateway and shares it with the security account provided in the template.
Monitoring Definition Enhancements
Monitoring Definition has been enhanced as follows:
- Along with monitoring virtual machines (VMs), you can now monitor Application Load Balancers, Network Load Balancers, VPC endpoints, and Elastic Network Interfaces (ENIs) associated to endpoints in the AWS cloud.
- Differentiate active and passive tags based on whether or not they are used on security policies. The plugin sends only IP addresses of the active tags from the Dynamic Address Groups to the firewall.
- You can view the detailed monitoring status for each monitoring definition using theDashboardlink.
- You can view the IP address-to-tag mapping and tag-to-IP address mapping using the newMonitoring Definition Detailed Statuswindow. You can filter tags based on AWS region and VPC IDs, and view associated IP addresses. You can also see if a tag is used on any security policy.
Deployment Orchestration
The AWS plugin for Panorama 3.0.0 simplifies the existing
Gateway Load Balancer solution by bringing all configurations in
to a single user interface. You can create, view, and update deployments
from the plugin user interface.
The plugin is validated for the following AWS regions.
- US East (N. Virginia)
- US East (Ohio)
- US West (Oregon)
- US West (N. California)
- Canada (Central)
- Europe (Frankfurt)
- Europe (London)
- Europe (Stockholm)m5.xlarge instances are not supported in the Europe (Stockholm) region.
The plugin deploys a security stack in AWS based on the configuration
information you enter in the plugin under . There are two
use cases:
AWS
Deployments
- The application to be secured is managed in the same AWS account as the security stack and the TGW.
- The application to be secured is managed in a different AWS account than the security stack and TGW.
- If you want to use a TGW as a part of your deployment configuration, deploy a TGW in the same AWS account as the security stack, then enter the TGW ID infrom the plugin.DeploymentsTransit Gateway
- To enable end-to-end traffic flow from your application to the security stack, make sure you create an attachment from your application to the TGW.