Placeholder for Palo Alto Networks Partner/ ResellerPalo Alto Networks Partner/ Reseller
NextWave Diamond Partner

CN-series container NGFW

Keep cloud-native applications secure with the ML-powered NGFW built for Kubernetes® environments.

Talk to an expert
Placeholder for Palo Alto Networks Partner ResellerPalo Alto Networks Partner Reseller

The Palo Alto Networks CN-series container firewall is the industry’s first next-generation firewall (NGFW) delivered in a container form factor and natively integrated into Kubernetes®. Container firewalls prevent network-based threats from spreading across Kubernetes namespace boundaries.

Conventional NGFWs can only be deployed at the edge of a Kubernetes environment and therefore cannot determine the specific pod where traffic originates. To overcome this challenge, CN-series container firewalls move security inside the Kubernetes environment, giving them precise visibility into and control over container traffic.

The CN-series delivers Layer 7 visibility and control while enabling the enforcement of advanced security services, such as intrusion prevention. This protection can be enforced on allowed traffic traversing namespace boundaries within or between Kubernetes clusters, including between containerised applications and legacy workloads, such as virtual machines (VMs) and bare metal servers.

CN-series firewalls are easy to deploy using Kubernetes orchestration, allowing operators to deploy network security using the same processes and technology they use to manage the rest of their environments. Ongoing management of CN-series firewalls is centralised in the Panorama™ network security management solution—the same management console as all Palo Alto Networks firewalls—giving network security teams a single pane of glass to manage the overall network security posture of their organisations.

Palo Alto Networks

Why choose CN-series?

Outbound traffic protection

Block suspicious activity and prevent exfiltration with full outbound traffic content inspection, including encrypted SSL traffic and traffic originating from containerized applications.

East-west traffic protection

Discover Layer 7 visibility and control and protect east-west traffic between pods in different trust zones (such as two namespaces) or between pods and other workload types.

Inbound traffic protection

Protect against malware delivery, including variants not yet seen in the wild, through custom-built signatures based on content instead of hashes.

Key features

icon Application visibility and control
Application visibility and control
Get immediate visibility into application traffic within your Kubernetes environment. Define application-based policies to control application traffic and enforce zero trust best practices.
icon Threat prevention and sandboxing
Threat prevention and sandboxing
Threat prevention and WildFire services can be enabled on CN-series firewalls to block exploits, prevent malware, and stop both known and unknown advanced threats.
icon Automated scalability
Automated scalability
CN-series firewalls can leverage the autoscaling capabilities of Kubernetes to ensure protection in even the most dynamic environments.
icon DevOps-friendly configuration
DevOps-friendly configuration
All configuration of CN-series firewalls is specified in a YAML file and can be easily integrated into infrastructure deployment files for fast, repeatable deployments.
icon Flexible deployment options
Flexible deployment options
Customers can choose to deploy CN-series firewalls in distributed or clustered modes, depending on their use case, budget and environmental configuration.
icon Consistent CNI integration
Consistent CNI integration
The CN-series supports multiple container network interface (CNI) plugins for use in different types of Kubernetes deployments.
icon Public cloud
Public cloud
CN-Series firewalls can be deployed in hosted container environments such as GKE, AKS, Amazon EKS, and Red Hat OpenShift®.
icon On-premises
CN-series firewalls can also be deployed into Kubernetes environments hosted on-premises.
icon Centralised security management
Centralised security management
Manage the CN-series from Panorama. It centralises logging to simplify auditing and compliance.
Get in touch with us today

Ready to talk?

Are you looking for pricing details, technical information, support or a custom quote? Our team of experts in Zoeterwoude is ready to assist you.

Placeholder for Portrait of nomios employee2Portrait of nomios employee2

More updates