CN-Series – Full Bundle – Bundle 1 + Premium Support

$620.00

PERFORMANCE & CAPACITIES

Firewall throughput (App-ID Enabled) 500 Mbps
Threat Prevention throughput 250 Mbps
Max sessions 20,000

Category: SKU: PAN-CN-X-BND1-PREM

Description

CN-SERIES

The CN-Series Container next-generation firewall

OVERVIEW

Conventional NGFWs can only be deployed at the edge of a Kubernetes environment and therefore cannot determine the specific pod where traffic originates. To overcome this challenge, CN-Series container firewalls are deployed on each node of a Kubernetes cluster, giving them precise visibility into container traffic. The CN-Series delivers Layer 7 visibility and control while enabling the enforcement of advanced security services. This protection can be enforced on allowed traffic traversing namespace boundaries—whether outbound, inbound, or east-west—between pods, and even between containerized applications and legacy workloads, such as virtual machines (VMs) and bare metal servers.

CN-Series firewalls are easy to deploy using Kubernetes orchestration to simplify integration of network security into continuous integration/continuous development (CI/CD) processes. Ongoing management of CN-Series firewalls is centralized in Panorama™ network security management—the same management console as all Palo Alto Networks firewalls—giving network security teams a single pane of glass to manage the overall network security posture of their organizations.

HOW THE CN-SERIES WORKS

CN-Series firewalls deploy as two sets of pods: one for the management plane (CN-MGMT) and another for the firewall dataplane (CN-NGFW). The firewall dataplane runs as a daemon set, allowing a single command from within Kubernetes to deploy firewalls on all nodes in a Kubernetes cluster at once. The management plane simply runs as a Kubernetes service.

CN-Series firewalls are managed through the Panorama console. A Kubernetes plugin within Panorama provides contextual information about containers in an environment, and this seamlessly enables context-based network security policies. For example, Kubernetes namespaces can be used to define a traffic source in a firewall policy.

Customers can deploy CN-Series firewalls in Kubernetes environments hosted on-premises or in public clouds. CN-Series firewalls can also be deployed into cloud-managed Kubernetes offerings, including Google Kubernetes Engine (GKE®), Azure Kubernetes Service (AKS), and Amazon Elastic Kubernetes Service (EKS).

Deployment via Kubernetes package managers, such as Helm, is also available and community-supported.

WHATS INCLUDED

  • CN-SERIES Firewall
  • Threat Prevention Subscription
  • Premium Support
  • 1 Year for Firewall, Subscriptions & Support