Quickstart Service for Software NGFW - CN-Series

How It Works

We execute our QuickStart Services with consistency to deliver your desired outcomes, including day-one protection and capability adoption. These services are designed to be delivered remotely, but on-site engagements are available. All services include project management from Palo Alto Networks to free up your team during all steps involved in the service execution.

Planning and Discovery

Working in conjunction with your team, our expert consultant will conduct a planning and discovery meeting to establish requirements and provide a Technical Requirements Document (TRD) for your review and approval. The TRD will cover your Kubernetes environment, including:

• System and integration requirements of CN-Series NGFWs in your Kubernetes environment
• Access requirements as needed for implementation
• Preparation of a technical detail-gathering sheet for implementation
• Documentation and review of technical details

Configuration, Deployment, and Integration

Our consultant will perform an initial remote CN-Series Software Firewall configuration, including the deployment in up to two (2) existing Kubernetes clusters in any supported environment , such as Amazon EKS.

The CN-Series Firewalls will be deployed with choice of:

• Direct manifest deployment with kubectl
• Helm
• Terraform

The CN-Series Firewalls can be deployed in various operational modes based on the requirement defined during the discovery phase:

• Kubernetes Service
• Kubernetes DaemonSet
• Kubernetes CNF (Container Network Function)

The CN-Series Firewalls will be integrated into your existing Panorama™ network security management system. We will configure AWS-specific integrations for CN-Series, including publishing CloudWatch custom metrics to support Horizontal Pod Autoscaling. We will configure security policies using Dyanmic Address Groups based on predefined or user-defined Kubernetes attributes (namespace, labels, etc.).

See the detailed Service Description  for all parameters that are included as part of this service.

Validation

Once all integration activities are complete, we will work with you to perform validation of the deployed solution. This includes:

• Policy review of the migrated/implemented rules to confirm they match the requirements set during the engagement.
• Adoption of best practices for Threat Prevention profiles.
• Validation of traffic steering/redirection to the Software NGFWs.

As-Built Documentation Delivery and Knowledge Transfer

After deployment, our consultant will provide up to six hours of knowledge transfer with your team to ensure sustained operations beyond the end of the engagement. Additionally, the consultant will share as-built documentation with your team that describes the configuration changes made during the engagement.