NEXT-GEN SECURITY FOR CISCO ACI

Integrated protection for ACI environments

Protect your applications and data on Cisco® Application Centric Infrastructure environments by leveraging virtual and physical next-generation firewalls to secure your ACI™-enabled data center.

Agile, efficient security for ACI environments

To take full advantage of the automation and operational efficiencies of Cisco ACI, you need to ensure that your security policies are enforced consistently and without compromise. VM-Series firewalls on ACI bring next-generation security to Cisco’s Software Defined Network, or SDN, framework.

 

Automated Service Insertion

Automate security service insertion within ACI and centralize management

You can now integrate physical and virtual Palo Alto Networks® firewalls into your Cisco ACI environments and centralize management. With a device package developed and supported by Palo Alto Networks, provisioning and insertion of firewalls can be done on demand. This means, any time a new application workload is provisioned, next-generation security can be deployed simultaneously.

 

Dynamic Policy Updates

Use ACI attributes in your security policies

Build dynamic security policies by leveraging ACI attributes, such as End Point Groups (EPGs). Security policy stays synchronized with EPG changes, and firewalls enforce consistent policy.

 

Secure Multi-Tenant Deployments

Secure and safely enable applications for multiple tenants within the SDDC

Deploy multiple instances of VM-Series firewalls or leverage virtual systems on Palo Alto Networks physical appliances for each new application workload or tenant. You can also achieve complete isolation between individual applications or tenants and add more security capacity on demand.

 

Flexible Deployment Models

Deploy security that works with your networking architecture choices

With the support of Layer 2, vWire and dynamic routing, Palo Alto Networks firewalls can be inserted transparently into the applications or in route peering mode with OSPF dynamic routing protocol support.