Secure Amazon EKS on Outposts with CN-Series

Ensuring container security is critical for making the most of cloud-like capabilities across environments. That’s why we’re excited to announce support for Palo Alto Networks CN-Series container firewalls on Amazon Elastic Kubernetes Service (EKS) running within AWS Outposts for meaningful hybrid security.

By providing the flexibility to deploy, run and scale Kubernetes applications across environments, EKS adds new capabilities for the fully managed AWS Outposts service – which offers the same AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, co-location space, or on-premises. Our customers have already realized the power of running CN-Series NGFWs on EKS, and with this added support for Outposts, they can now achieve the same fine-grained container traffic inspection where it’s most needed: At the networking edge, or within their on-premises data centers.

This development adds a vital solution to our already extensive Outposts portfolio which includes VM-Series virtual firewalls and Prisma Cloud, the industry’s most comprehensive cloud native security platform (CNSP).

CN-Series within Outposts: Key Use Cases

  • Inbound protection: Identify and stop inbound attacks originating in the public-facing internet with full container context.
  • Outbound protection: Mitigate attempts at exfiltrating sensitive information by blocking connections to known bad destinations like command-and-control (C2) servers, and inspect the traffic for data patterns associated with sensitive data, such as credit card and Social Security numbers.
  • Lateral movement prevention: Often viewed as the biggest blind spot within a container environment, customers can now inspect traffic moving between pods and namespaces within their Outposts Environments.
Make hybrid cloud security real with CN-Series container firewalls on Amazon Elastic Kubernetes Service (EKS) running within AWS Outposts.
Figure 1: CN-Series Deployment

Maximize ROI with Flexible Licensing

CN-Series can be purchased with our flexible consumption licensing model. This credit-based licensing approach lets you simply scale and pay for only the firewall-as-a-platform components you actually use, such as VM-Series virtual firewalls, CN-Series container firewalls, all of our security services, and virtual Panorama for firewall management and log collection. With this approach, you can consume and deploy network security in minutes and maximize ROI in private and public clouds – as well as on-premises and in the branch, retail, and service provider environments, to name just a few of the opportunities for more agility.

To find technical details, see the Palo Alto Networks Containers Reference Architecture for AWS.