Are you challenged by the need to enforce security policy in an agile application development process? Do you need a rapid and automated way to secure public cloud applications without adding delay? You can combine the flexibility of dynamic address groups and the VM monitoring capabilities on the firewall and Panorama to dynamically apply security policy as VM workloads spin up or down, and IP addresses change frequently.
The VM Monitoring capability allows the firewall to be automatically updated with IP addresses of a source or destination address object referenced in a security policy rule. Dynamic address groups use the metadata about the cloud infrastructure, mainly IP address-to-tag mappings for your VMs. Using this metadata, i.e. tags, instead of static IP addresses, in Security policy makes them dynamic. So, as you add, change, or delete tags on your VMs, security policy is always enforced consistently.
Depending on your scale and the cloud environments you want to monitor, you can choose to enable VM Monitoring for either the firewall or Panorama to poll the evolving VM landscape. The all new Panorama plugin now allows you to monitor up to 100 VM sources on AWS and Azure, allowing your development team to more freely add and remove workloads to AWS VPCs or Azure Subscriptions. This new plugin complements the existing PAN-OS functionality that enables you to monitor up to 10 VM sources.
Plug in and be agile with one or both options!
As always, you can find our content on our Technical Documentation site.
Happy reading!
Your friendly Technical Documentation team
Have questions? Contact us at documentation@paloaltonetworks.com.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.