Dynamic Address Groups and VM Monitoring in PAN-OS 6.0

In principle, data center security requirements seem pretty straightforward: secure access to data center applications for users, protect against threats, and segment critical data center infrastructure. With the Palo Alto Networks solution, you can identify the applications in your data center regardless of ports or protocols, and allow differentiated access for employees and restrict access to management applications like RDP and Telnet, all while protecting against advanced threats and APTs. And we do all this without impacting the performance of the data center.

In recent years, virtualization and cloud architectures have introduced new security challenges, including the need for visibility into East-West traffic, and the need to keep pace with the dynamic nature of virtualized application changes. Last year, we responded to your needs with the Palo Alto Networks VM-Series and the dynamic address objects feature. Dynamic address objects allow you to abstract security policies from virtual machine context. You can define a tag or identifier representing a virtual machine, and its network address is updated at run time.

Now we’ve gone another step further. In the PAN-OS 6.0 release, we’ve enhanced dynamic address objects with dynamic address groups. Now, you can create multiple tags and identifiers representing different virtual machine attributes. The IP address and associated tags can be dynamically registered via our VM monitoring agent, another new feature that monitors VMware vCenter servers or ESXi servers for information on virtual machines changes. This means you now have a very flexible way to create security policies that automatically adapt to virtualized application changes as they are provisioned, de-provisioned or moved. Note that these features can be deployed on our physical, or virtualized form factors.

For more information on dynamic address groups and the VM monitoring agent, check out our server virtualization site here. If you’re interested in learning more about Palo Alto Networks in the data center, check out this webinar or attend one of our Ultimate Test Drive (Data Center) technical workshops.