Cut Complexity – Get Rapid, Automated Firewall Deployment in Azure

Jan 22, 2021
5 minutes
... views

Building and operating your firewall deployments in Azure is now significantly more simple with the availability of Panorama Orchestrated VM-Series Firewall Deployments in Azure. This time-saving workflow feature eliminates the need to manage complex templates for firewall deployments in Azure, which allows you to rapidly deploy, manage, scale, and monitor VM-Series virtual firewalls in your Azure environment with just a few clicks in Panorama.

We’re excited about this development because, until now, you had to use multiple templates to deploy an Azure load balancer to scale and load balance traffic across the stack of firewalls in your hub VNET. In addition to slowing deployment times, these template-based solutions are prone to user error because they are complex to operate and involve multiple components and moving parts.

Speed and Ease Are Critical for Effective Cloud Network Security

Our Azure customers rely on Palo Alto Networks VM-Series virtual firewalls to augment native public cloud network security controls with next-generation threat protection capabilities. Speed of deployment and ease of use is critical, because VM-Series firewalls prevent exploits, malware, and previously unknown threats from compromising applications. These virtualized NGFWs prevent threats from moving laterally between workloads and stop data in your Azure networks from being exfiltrated. Plus, Palo Alto Networks Panorama network security management enables you to centrally manage and maintain consistent policies across VM-Series firewalls.

A Single Workflow Speeds Deployment and Operation

The Panorama Orchestrated VM-Series deployment feature offers a simpler alternative to template-based deployment and integration. It consolidates all configuration tasks into a single workflow and removes the complex aspects of deploying, scaling, and provisioning VM-Series in your Azure environment.

Panorama Orchestrated VM-Series Deployments in action

Significantly Reduce Time-Consuming VM-Series Deployment and Scaling in Azure

The benefits can be significant, because Panorama Orchestrated VM-Series Deployments is designed to help:

  • Reduce user error with automated deployment and configurations: You no longer need to operate complex templates, or require a deeper understanding of Azure networking constructs to deploy firewall stacks and integrate them with your Azure environment. Instead, you use the workflow that Panorama’s Azure plugin offers to deploy scalable VM-Series virtual firewalls in your Azure VNets. The Panorama plugin deploys the necessary Azure resources, such as Azure Standard load balancers (ILB), subnets, NAT gateways, Virtual Machine Scale Sets (VMSS), and Public IP address objects. Panorama’s plugin automatically configures all Azure resources it deploys and enables the necessary Panorama and VM-Series configurations for traffic inspection.
  • Boost cloud security cost-effectiveness with more deployment flexibility: To meet your governance model, regional presence, and application requirements, you can use the workflow to create multiple firewall deployments in one or more regions in your Azure environment. Each deployment includes one or two firewall stacks in your VNet. You can also configure each of these stacks to be static or to autoscale by specifying the minimum and the maximum number of firewalls. To meet increased demands and minimize costs whenever possible, the firewall stacks scale in and out along with your application traffic.
  • Keep security consistent and effective through simplified operations: You can now use your familiar Panorama as the tool to orchestrate VM-Series firewall deployments in your Azure networks – and then centrally manage the security policies of the firewalls. The Panorama plugin also links to your Azure ARM and Azure Monitor portal and helps you gain visibility into VM-Series deployment status, usage, and performance. Additionally, the Panorama plugin auto-populates the required Azure and firewall configurations as you onboard new applications. You just need to configure the VNet route tables to redirect traffic to the deployment’s private IP address or addresses.

Deployment Options Meet the Need for Flexibility

Two deployment options are available for the Panorama Orchestrated VM-Series Deployments workflow:

  • Common hub model – In this option, you use the workflow to create a deployment with a hub stack, which leverages the internal standard load balancer to scale and load balance across a set of firewalls. You can then expose the Azure Standard Load balancer’s private IP address for traffic inspection and threat prevention. The hub stack allows you to protect the inbound, outbound, and east-west traffic of your applications.
  • Dedicated inbound model – Here, you use the workflow to create a deployment with two firewall stacks. As with the common hub model, the hub stack is used to protect outbound and east-west traffic. But now, you use a dedicated inbound stack of firewalls that can scale independently to add visibility and security to all your internet-facing HTTP and non-HTTP applications.

See the Workflow Experience in Action

To find out which option works best for you - and to understand how the workflow will benefit your organization, take a look at this concise demo video.

You can also attach your deployment to the Azure vWan hub as discussed here. We also encourage you to read more about this feature on our TechDocs portal. You can also find more information on how VM-Series adds a critical layer of protection to Azure environments on the Live Community Azure resource page.

And to get a personalized demo tailored to your specific needs, sign up here to discover how to secure your Azure investments.


Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.