What’s New in Panorama Plugin for Kubernetes 4.0.0
Table of Contents
Expand all | Collapse all
-
-
-
-
- Features Introduced in Zero Touch Provisioning 2.0
- Known Issues in the Zero Touch Provisioning 2.0.4 Release
- Known Issues in the Zero Touch Provisioning 2.0.3 Release
- Known Issues in the Zero Touch Provisioning 2.0.2 Release
- Known Issues in the Zero Touch Provisioning 2.0.1 Release
- Known Issues in the Zero Touch Provisioning 2.0.0 Release
- Limitations
-
-
What’s New in Panorama Plugin for Kubernetes 4.0.0
The Kubernetes plugin 4.0.0 is required for the CN-Series running on PAN-OS
11.0 and supports the following functionalities:
CN-Series Hyperscale Security Fabric (HSF)
Palo Alto Networks CN-Series Hyperscale Security Fabric (HSF) 1.0 is a
cluster of containerized next-gen firewalls that deliver a highly scalable and
resilient next-gen firewall solution for Mobile Service Providers deploying 5G
networks.
The CN-Series HSF solution offers:
- Hyper scalable with containerized NGFW: Horizontally scales out AppID and GTP performance on-demand.
- Highly available and resilient: Delivers Elastic Clustering which dynamically acts based on throughput and session expected and guarantees business continuity and session resiliency across workloads.
- Eliminates external load balancer dependency: Provides ease of deployment and DevOps friendly environment that can be fully orchestrated through Panorama plugins.
The CN-Series HSF solution is deployable in RedHat Openshift (On-premise)
or AWS EKS public cloud managed Kubernetes environment.
You can use Kubernetes plugin 4.0.0 to deploy the CN-Series Hyperscale Security
Fabric. This plugin facilitates and simplifies the overall CN-Series HSF bringup
process. You can now configure, deploy, and monitor the status of a cluster. You can
also update the status of a deployed cluster. The plugin helps in managing the
CN-firewall cluster in terms of software migrations.
The
Kubernetes plugin 4.0.0 on EKS and OpenShift environment supports the
autoscaling feature and enables the user to scale cluster pods and support
Horizongal Pod Autoscaling (HPA) based on the desired metrics configured on the
plugin.
Tag Length Enhancement
Kubernetes 4.0.0 plugin introduces the enhanced tag length feature that can add new
and shorter tags, by breaking one tag into multiple shorter tags. This feature
avoids tags crossing maximum character limits and being dropped by configd.
There will be no change in original tags.
Shared Dynamic Address Group Support
The Kubernetes 4.0.0 plugin can now send the IPs to tags in shared Dynamic Address
Groups on Panorama without any security policy attached to the tag. This feature
ensures that all the Kubernetes plugin tags associated with shared Dynamic Address
Groups and its corresponding IPs are pushed to configd, irrespective of
whether or not the shared Dynamic Address Group is attached to a policy or not.
Nested Dynamic Address Group Support
Nested Dynamic Address Groups support for Tag Pruning - When Dynamic Address Groups
are created using nesting and parent Dynamic Address Group is used in policy. The
plugin will now learn all the child Dynamic Address Groups and the associated match
criteria. Currently, up to 5 levels of Nested Dynamic Address Groups are supported.
You can nest Dynamic Address Groups in the following two ways:
- Create a static tag, and reference each Dynamic Address Group to nest using the static tag you created. Attach this static tag as match criteria for Dynamic Address Group and use it in security policy.
- Create Dynamic Address Groups as usual and then create a static address group that attaches all the Dynamic Address Groups to be nested. Use the static address group in a security policy.
You cannot club the above mentioned use cases together
to nest Dynamic Address Groups.