Palo Alto Networks Cloud Virtualized Next-Generation Firewall

  

  

 

VM-Series Virtualized Next-Generation Firewall 

Virtualization is fueling an upheaval in today’s data centers, resulting in architectures that are oftentimes a mix of private and public cloud computing environments. The benefits of cloud computing are well-known; so too are the security challenges, exemplified by recent high-profile security incidents.

Just as an attack or compromise within your physical data center is a significant incident, the impact of a compromise in your virtualized environment is amplified because your workloads, some of which use varied trust levels, and the associated data are centralized, without any security barriers in between to keep them segmented. If your virtual environment is compromised, the attacker has access to your entire virtualized environment. 

 

 

VM-Series Virtualized Next-Generation Firewall

The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of public and private cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft,  Citrix and KVM.

IP Fabrics can help get the most in P2V deployments. In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, preventing threats from moving from workload to workload. 

 

Hybrid Cloud: Securely Leverage AWS to Augment Your Data Center

Expanding your data center into AWS across an IPsec VPN is an easy way to establish a hybrid data center that will more quickly address new application requirements and cloud-first development initiatives. A hybrid approach combines fixed, on-premises resources with scalable, more agile public cloud resources. Using the VM-Series as a VPN termination point means your security policies can include an IPsec VPN tunnel element, which lets you move applications and data from your network to the cloud in a secure manner.

High-profile breaches have shown that cybercriminals are adept at hiding in plain sight, bypassing perimeter controls and moving at will across networks – both physical and virtualized. While an AWS VPC provides an isolation and security boundary for your workloads, the VM-Series can augment a VPC with application-level segmentation policies to control the traffic between them, giving you greater control over lateral movement. You can apply threat prevention policies to block their movement as well. If traffic is flowing between VPCs in different regions across the Internet, you can enable encryption for added protection.

 

Internet Gateway: Protect the Network, the Cloud, the Device

Building upon your hybrid deployment, the VM-Series for AWS can act as an Internet gateway, protecting the AWS perimeter with applications whitelisting policies that are based on user while preventing advanced threats. When deployed in conjunction with GlobalProtect, the VM-Series allows you to extend your corporate security policies globally to device users, regardless of their location. GlobalProtect establishes a secure connection to enforce application-based access control policies and prevent threats. Whether the need is for access to the Internet, data center or SaaS applications, the user enjoys the full protection provided by the VM-Series.

GlobalProtect: Extending Security to All Users and Devices

The scalability and global presence of the AWS computing infrastructure, combined with the VM-Series and GlobalProtect™ mobile security, enable you to extend your corporate security policies to your remote users and mobile devices, regardless of their location. GlobalProtect establishes a secure connection to protect the user from Internet threats and enforces application-based access control policies. Whether the user, or network, needs access to the Internet, data center or SaaS applications, the platform provides full protection.

 

The Palo Alto Networks® VM-Series on Citrix NetScaler SDX joint solution enables secure access to all types of applications, regardless of location, while blocking known and unknown threats. With the combined solution, organizations can achieve substantial infrastructure consolidation, and reduce costs and complexity, without compromising on functionality.

With the addition of VM-Series on Citrix NetScaler SDX, security, threat prevention, and ADC services can be consolidated on a single, virtual appliance. This addresses the unique application needs for enterprise and service provider multitenant deployments. The joint solution delivers the following benefits:

  • Secure multitenant cloud delivery
  • Mainstream virtual desktop delivery

    Palo Alto Networks VM-Series for KVM brings next-generation firewall and threat protection capabilities to protect KVM (Kernel-based Virtual Machine) hypervisor-based virtual infrastructure from advanced cyberthreats. VM-Series for KVM can be deployed and managed across a range of Linux operating systems, including Red Hat (RHEL), CentOS and Ubuntu. 

    The VM-Series for KVM can be deployed to address a number of different use cases, each of which takes full advantage of our next-generation firewall and advanced threat prevention features.
     

    Firewall/Perimeter Gateway

    For enterprises embarking down a build-your-own cloud computing environment, the VM-Series for KVM enables you to apply all of our next-generation firewall and advanced threat prevention features to the traffic traversing your cloud computing perimeter.
     

    OpenStack Orchestration

    Service providers commonly use KVM and OpenStack to efficiently and cost-effectively scale their cloud computing service offerings for customers. When combined with the next-generation firewall and automation features in the VM-Series, service providers can build highly profitable cloud computing service offerings. 

     

    The VMware NSX and VM-Series integrated solution enables application-level micro- segmentation by extending the NSX basic firewall services to include comprehensive, next-generation firewall and advanced threat prevention capabilities via the VM-Series.

    The joint solution enables customers to automate the provisioning of next-generation security, dynamically update policies when new workloads are created or changed, and protect virtualized applications and data from known and unknown threats.

     

     

    The VM-Series for ESXi and vCloud Air

    The VM-Series for ESXi is a virtualized form factor of our next-generation firewall that spans VMware-based private, public and hybrid cloud deployments. Whichever scenario you choose, the VM-Series can act as a perimeter gateway, an IPSec VPN termination point, and a segmentation gateway, preventing threats from moving from workload to workload. The VM-Series for AWS can be deployed to address a number of different use cases, each of which takes full advantage of our next-generation firewall and advanced threat prevention features. 

    Securing the Private Cloud

    Defined as an environment in which you are responsible for the management of all aspects of the virtualization, hardware, compute, networking, security, etc., a private cloud is often considered to be an extension of your existing data center.

    The VM-Series allows you to protect your private cloud infrastructure using application enablement policies while simultaneously preventing known and unknown threats. The VM-Series supports the following private cloud environments: VMware ESXi  and NSX, Citrix Netscaler SDX, KVM/OpenStack (Centos/RHEL, Ubuntu).

     

    Securing the Public Cloud

    Defined as a ready-made compute, networking, and storage environment, the public cloud brings ubiquitous access to users, rapid scalability to address workload “bursts,” and infrastructure consistency. In a public cloud, ensuring your applications and data are kept safe from attackers is your responsibility, and that is where the VM-Series can help.

    The VM-Series protects your public cloud infrastructure using application enablement policies while simultaneously preventing known and unknown threats. The VM-Series supports the following public cloud environments: VMware vCloud Air™ and Amazon Web Services (AWS)

    Next-Generation Security for the Public Cloud Regardless of where your applications and data are located, they are an attacker’s target, and protecting them in the cloud introduces the same security challenges you face in your on-premises data center. To that end, your public cloud security solution should be consistent with what is deployed in your data center so that, no matter where the applications and data reside, security is consistent and assured.

    The VM-Series analyzes all the traffic traversing your cloud deployment to immediately determine three critical elements that drive your security policy: the application identity, regardless of port; the content, malicious or otherwise; and the user identity. Determining the application, content and user simultaneously enables you to improve your security posture by directly mapping your security policies to key business initiatives. This also provides greater visibility along with more rapid incident response and improved forensics. A consistent security posture is ensured through centralized management that can control your physical and virtualized firewalls while additional management features enable policy automation and integration to fully support your cloud-first initiatives.

    The VM-Series enables you to deploy a hybrid architecture while maintaining the same security posture established on your physical network with Palo Alto Networks  appliance-based firewalls. The VM-Series can act as a perimeter gateway protecting against inbound threats, as a segmentation gateway that controls workload-to-workload communications, and as a mobile security solution. IP FABRICS can assist with any Policy customization required to get the utmost Private and Virtual instances.The VM-Series is supported in the following public cloud environments: Amazon® Web Services, Microsoft  Azure, and VMware vCloud Air.