Your system must meet specific requirements for the Enforcer.
- Connectivity:Your Enforcer hosts need access to the Prisma Cloud domains and subdomains. Configure your hosts to allow ingress and egress traffic.
- Certificate authority:Ensure that your Enforcer hosts trust the Digicert certificate authority.
Before you deploy the Enforcer, you must allow traffic from the host to reach the Prisma Cloud Microsegmentation console. By default, the Enforcer allows traffic from the following ICMPv6 types and codes.
If you configure the Enforcer to monitor traffic, the default allow policies do not disrupt the flow of traffic. If you configure the Enforcer to enforce traffic rules, it rejects all traffic to and from the host by default. Create a network ruleset that allows the following traffic to avoid interruptions to core network services:
Supported Linux Distributions
You can deploy the Enforcer on the following supported distributions.
Oracle Enterprise Linux
Red Hat Enterprise Linux
Linux kernel requirements
When you Deploy the Enforcer on Kubernetes, OpenShift, and Linux hosts, the Linux kernel must meet the following requirements.
Enable the following kernel capabilities.
Install the following kernel modules.
Your Linux distribution should have the following required packages.
On Debian 10, the gnupg package is required.
Supported Windows Hosts
You can deploy the Enforcer on hosts running the following supported Windows versions.
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012 R2
- Windows 10
To deploy the Enforcer, your cluster must meet the following requirements. Cluster nodes: The Enforcer requires that your nodes run a supported Linux distribution.
To deploy the Enforcer on GKE, you must have Kubernetes Engine Admin permissions. The Enforcer ignores Fargate and other serverless workloads in your cluster.
The Enforcer supports the following orchestrators.
Google Kubernetes Engine (GKE)
OpenShift Container Platform (OCP)
- Supported release: 4.9.27
Microsegmentation doesn’t support the following features.
The following networking features overlap with the Enforcer capabilities. Do not use them together with the Enforcer.
Palo Alto Networks Cortex XDR agent The XDR agent hasn’t been tested with the Enforcer. Remove the Cortex XDR agent prior to installing the Enforcer.
Recommended For You
Recommended videos not found.