![Page 1: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/1.jpg)
Introduction to CN -Series Container Firewalls
Partner Enablement for CN -Series June 2020
![Page 2: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/2.jpg)
Data Center (Private Cloud)
Interconnectivity in Hybrid Clouds Creates Security Complexity
Public Cloud 1 Public Cloud 2
2 | © 2020 Palo Alto Networks, Inc. All rights reserved.
![Page 3: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/3.jpg)
Container Adoption is Increasing
3 | © 2020 Palo Alto Networks, Inc. All rights reserved.
By 2023, more than 70% of global organizations will be running three or more containerized
applications in production.
“”Gartner, 2019
![Page 4: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/4.jpg)
Complete Cloud Native Security
Asset Inventory
Configuration Assessment
Compliance Management
IAM GovernanceVulnerability Management
Workload Security
Network Visibility
Microsegmentation
Layer 7 Inspection & Threat Protection
Privileged Activity Monitoring
User Entity Behavior AnalyticsRuntime Defense
Visibility & Governance Compute Security Network Protect ion Ident ity Security
![Page 5: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/5.jpg)
Network Visibility
5 | © 20 20 P a lo Alto Ne tw orks, In c . All rig h t s re se rve d .
A Multi -Layered Network Security Strategy
La ye r 7 Th re a t P ro t e c t io nMicro se g m e n t a t io n
![Page 6: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/6.jpg)
Container Network Security with Prisma Cloud & NGFW
Compute Security
Limit east -west traffic based on the machine and application identity
Network -based detection and protection of compromised
applications
6 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Identity -based Microsegmentation
Layer 7 Threat Protection
Reduce risk and protect compute with runtime and
application security
Prisma ™
Cloud Prisma ™
Cloud
Vulnerability Management
![Page 7: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/7.jpg)
Why can’t we use a virtual or hardware firewall?
![Page 8: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/8.jpg)
Other FW Form Factors Lack Container Visibility and Context
8 | © 2020 Palo Alto Networks, Inc. All rights reserved.
ContainerCluster
Ordering Payments
NODE NODE NODE
!!
INTERNET
![Page 9: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/9.jpg)
CN-Series Container Firewall Product Overview
![Page 10: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/10.jpg)
CN-Series Container Firewalls
NGFW for Kubernetes Environments
10 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Containerized PAN -OS
L7 Network Security & Threat Protection
Kubernetes Integrated
![Page 11: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/11.jpg)
Network Visibility and Threat Protection in Kubernetes
11 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Visibility into K8’s constructs for context -based,
app -level control
Consistent policy creation and
management with Panorama
Automate and scale with deep
Kubernetes integration
![Page 12: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/12.jpg)
CN-Series Deployed on Each Node
ContainerCluster
Ordering Payments
NODE NODE NODE
12 | © 2020 Palo Alto Networks, Inc. All rights reserved.
![Page 13: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/13.jpg)
Supported Cloud Native Infrastructures
13 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Self -Managed
On -premises Public Cloud
Cloud -Managed
![Page 14: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/14.jpg)
Key Use Cases
![Page 15: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/15.jpg)
CN-Series Container Firewall Use Cases
15 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Enforce trust boundaries between namespaces and other
workload types
East -West Layer 7 Traffic Protection
Inbound Threat Prevention
Outbound Traffic Protection
Stop known andunknown threats
URL filtering andcontent inspection
![Page 16: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/16.jpg)
Use Case 1: East -West Layer 7 Traffic Protection
SharedContainer
Cluster
Ordering Payments
NODE NODE NODE
16 | © 2020 Palo Alto Networks, Inc. All rights reserved.
RecommendedSubscriptions:
![Page 17: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/17.jpg)
Use Case 2: Outbound Traffic Protection
SharedContainer
Cluster
Ordering Payments
NODE NODE NODE
17 | © 2020 Palo Alto Networks, Inc. All rights reserved.
DEV RESOURCES(i.e. GitHub)
RecommendedSubscriptions:
![Page 18: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/18.jpg)
Use Case 3: Inbound Traffic Protection
SharedContainer
Cluster
Ordering Payments
NODE NODE NODE
INTERNET
18 | © 2020 Palo Alto Networks, Inc. All rights reserved.
RecommendedSubscriptions:
![Page 19: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020](https://reader036.vdocuments.site/reader036/viewer/2022062607/60477647e1bca911ad354b11/html5/thumbnails/19.jpg)
Thank You