CN-Series
Container-native firewall for Kubernetes
CN-Series is the first container-native NGFW providing advanced Layer 7 protection for Kubernetes and cloud-native environments. Deployed as a DaemonSet, CN-Series inspects pod-to-pod (east-west) traffic as well as egress/ingress with full App-ID and threat prevention. Integration with service mesh (Istio, Linkerd) and CNI plugins provides security without modifying applications.
Enterprise-grade protection compliant with regulatory requirements and security standards
Fast deployment with minimal resource overhead
Dedicated support from a certified partner
Easy integration with your existing infrastructure
Key features
- Instant Kubernetes deployment as a DaemonSet with automatic node discovery
- L7 visibility and App-ID for pod-to-pod traffic (east-west traffic)
- Pod-level security policies with Kubernetes labels and namespaces integration
- Service mesh support for Istio and Linkerd with sidecar-less architecture
- CNI plugin integration with Calico, Cilium, AWS VPC CNI, and Azure CNI
Business benefits
- Container security with full NGFW capabilities and no additional sidecar overhead
- Visibility into east-west traffic in K8s, typically invisible to network firewalls
- Native deployment aligned with GitOps workflows and CI/CD pipelines
- Consistent policies across VM-Series in the cloud and CN-Series in Kubernetes
- 95% reduction in lateral movement within the cluster through micro-segmentation
Why Palo Alto Networks?
A global leader in cybersecurity offering a comprehensive platform covering next-generation firewall, SASE, cloud security, SOC operations, and threat intelligence. Palo Alto Networks is a pioneer of the platform-based approach to security, integrating all functions into a cohesive ecosystem.
Need CN-Series in your organization?
As a certified Palo Alto Networks partner, we'll help you deploy and configure the solution.