The CN-Series firewall is now licensed based
on the number of vCPUs (cores) used by the CN-NGFW pods deployed
in your Kubernetes environment. After creating your deployment profile
on the Palo Alto Networks Customer Support Site, you apply the authcode
and specify the number of vCPUs in the Kubernetes plugin. The CN-Series
can use up to the number of vCPUs to license the CN-Series. If you
deploy more CN-NGFW pods that require more than the number of vCPUs,
you have a 30-day grace period to add more vCPUs or delete enough
pods. If you exceed the 30-day grace period, the entire cluster
is delicensed.