See our response to COVID-19
Get unprecedented container traffic control
Get the eBook
Keep cloud native applications nimble and secure with the industry’s first ML-powered, next-generation firewall built specifically for Kubernetes environments. Immediately gain deep layer 7 visibility into container traffic and enforce threat prevention policies to protect allowed traffic across Kubernetes namespace boundaries. Palo Alto Networks CN-Series container firewalls make the most of native Kubernetes orchestration by integrating firewall deployment directly into your DevOps workflow--a single command is all it takes for simultaneous deployment on all nodes in a Kubernetes cluster.
Get the eBook
Make Kubernetes network security constant and consistent
CN-Series container firewalls help network security teams safeguard developers by enabling threat prevention in Kubernetes environments.

See infographic
Gain visibility and control CN-Series provides full layer 7 traffic visibility, including container source IP of outbound traffic--and detects and prevents threats sneaking into allowed traffic traveling between namespace boundaries.
Streamline DevOps security CN-Series firewalls offer frictionless deployment directly intoDevOps workflows. YAML file configuration seamlessly establishes deployment as part of the overall Kubernetes orchestration process.
Boost overall security posture CN-Series firewalls enforce enterprise-level network security and threat protection in container traffic--and elevate the overall security posture by sharing Kubernetes contextual information with other Palo Alto Networks firewalls.
Reduce time and effort CN-Series use Panorama as a single console to manage all network security components and firewalls, whether physical, virtual or container form factors.
Request a personalized demo

Skip the line and get a demo tailored to you. A Palo Alto Networks representative will contact you shortly to schedule a personalized demo.
Request demo
Go deep into container traffic for advanced cloud-native network security
Prevent threats in traffic crossing namespace boundaries CN-Series firewalls mitigate lateral movement attacks by detecting and preventing threats moving between applications in different trust zones and namespaces. This oversight and control includes securing traffic between containers within the same cluster, and between containers and other workload types, such as virtual machines and bare-metal servers.
Discover the flexibility of a tag-based policy model CN-Series firewall policies can be defined by application, user, content, and native Kubernetes namespaces and labels, along with other metadata to deliver flexible policies aligned to business needs. This context can be shared and used by all Palo Alto Network firewalls, including physical and virtual form factors, ensuring a consistent policy model across your entire hybrid cloud environment.
See the entire picture with centralized policy management CN-Series firewall policies are managed from the same interface as all Palo Alto Networks next-generation firewall form factors, providing network security teams with a single console to manage network security for physical, virtual, container, and public cloud workloads. To further reduce the attack surface, CN-Series and Prisma Cloud together provide microsegmentation and advanced security services.
Protect outbound traffic and stop data exfiltration CN-Series’ URL filtering capability is particularly valuable for preventing developers from inadvertently accessing suspect websites, such as code repositories that can harbor potentially devastating malware. The container firewalls block data exfiltration from Kubernetes environments by inspecting traffic content, including encrypted traffic such as DNS traffic.
Thwart inbound threats with advanced inspection and detection CN-Series firewalls defend against malware delivery through custom-built signatures based on content – not hash – to protect against known malware, including variants yet to be seen in the wild. Protections against newly discovered malware are delivered daily by WildFire, keeping the latest threats from breaching your network.

Recommended resources

Quick links
Request a personalized demo
Request a personalized demo
Contact sales
Contact sales
Visit the Resource Center
Visit the Resource Center
Visit the Corporate blog
Visit the Corporate blog
Visit the Unit 42 blog
Visit the Unit 42 blog
Subscription Reward

Popular Resources

Legal Notices

Account

  • Facebook
  • Linkedin
  • Twitter
  • Youtube

© 2020 Palo Alto Networks, Inc. All rights reserved.