VMware and Palo Alto are getting closer with a press release today that outlines how PAN will be able to transparently inject firewall services into software defined data centres.
This isn’t about “firewalls”, it’s about Palo Alto’s Panorama software manager which:
Panorama enables you to centrally manage the process of configuring devices, deploying security policies, performing forensic analysis, and generating reports across your entire network of our next-generation firewalls. Available as either a virtual appliance or a dedicated management platform, Panorama and the individual device management interfaces share the same web-based look and feel, ensuring workflow consistency while minimizing any learning curve or delay in executing the task at hand.
From the press release (I haven’t had time to for a briefing so I am cadging from the notes and reading between the lines here), the basic pitch is that Palo Alto Panorama is integrated with NSX Manager to provide firewall inspection for VMs that are moving around the network infrastructure.
This is actually quite a breakthrough because segregation of VMs & enforcing firewall policy in the East-West is a difficult problem to solve. Today, the only solution has been to use vNIC type firewall from Cisco and Juniper and these solutions haven’t yet been translated into a NSX capable model.
Some people tell me that the answer is run “firewalls in a VM” and keep everything the same with VLANs and MPLS VRFs but I know that doesn’t scale. Works ok for a small DMZ maybe or just a few zones but it really doesn’t scale much beyond that.
You can find some more at VMware website.