The varied tasks it takes to keep complex IT environments secure have moved far beyond the scope of customized, siloed processes and manual tasks. SecOps, network and DevOps teams are straining to do more than ever with fewer team members. In today’s hyperautomation world, it makes sense to standardize and automate whatever you can to reduce workloads and remove bottlenecks. This is especially important when enforcing security policies across complex environments (on-prem, cloud, OT/IoT), pushing out config changes or new rules across hundreds of Next-Gen Firewalls (NGFW) or provisioning a new firewall.
With these challenges in mind, we’re proud to announce the new Palo Alto Networks Ansible Content Collection, a certified integrated solution for Palo Alto Networks ML-Powered Next-Gen Firewalls(NGFW), which works with the physical PA-Series, the virtual VM-Series, the container CN-Series, and also the Panorama central management platform. Built by Palo Alto Networks and certified by Red Hat, this collection helps teams leverage their Ansible expertise to configure, deploy and manage all aspects of enterprise network security.
While community collections have their strengths and have helped many Palo Alto Networks customers with Ansible integrations in the past, a certified collection is a step up that many have been seeking. As a certified collection, it has undergone rigorous testing by both Palo Alto Networks and Red Hat. Its software chain of custody is certified and signed with a Red Hat key. And should you need help with the integration, you can raise a ticket to benefit from our support team’s expertise instead of being on your own to solve the issue.
With the certified Palo Alto Networks NGFW Ansible Content Collection, network and security teams can join forces to work from one familiar automation platform, defining and managing NGFW-related components, configurations and policies while creating highly automated, predictable and repeatable processes. This collection works across all form factors, including physical, virtual, container and cloud.
With the Ansible Content Collection, network security policies and configurations become easy-to-use code modules that speed up work, enforce consistency and minimize human error. This unified framework helps create more efficient operations and stronger security across all environments.
A whole lot. You can standardize and automate the configuration of everything from security policies (a.k.a., firewall rules) and Network Address Translation (NAT) rules to decryption policies and all the objects used within those rules and policies. Additionally, you can standardize and automate the change control workflows that put these policies into place in the right NGFW groups.
The Content Collection can also help you automate security services (Advanced Threat Prevention, antivirus, WildFire, Advanced URL filtering/web filtering, etc.) and device administration, like admin users and certificate management. Additionally, operational tasks like firmware updates, signature updates, configuration backup/restore and more can all be automated and scheduled using Ansible operations.
The Content Collection also allows you to take actionable tasks from firewalls to update other infrastructure and enterprise applications.
Additional benefits of this partnership and the Content Collection include:
Let’s look at a few use cases for automating NGFW management:
The Palo Alto Networks Ansible Content Collection is available to Palo Alto Networks customers who are also Ansible subscribers. You can find the collection in the Red Hat Automation Hub and view how-tos and tutorials. If you are new to Ansible or not a subscriber, you can try it out with a 30-day free trial.
Additionally stay tuned for more information on our upcoming Event-Driven Ansible plugin for PAN-OS, elevating the security operations of Palo Alto Networks products.