Solution Briefs

Aviatrix - Palo Alto Networks VM-Series Solution Brief

Information on multi-cloud networking, cloud network platform, cloud networking, cloud network security, cloud network operations

Issue link:

Contents of this Issue


Page 0 of 1

1 Aviatrix | Palo Alto Networks Solution Brief SOLUTION BRIEF AVIATRIX FIRENET FOR PALO ALTO NETWORKS VM-SERIES Challenges Deployment Complexity Cloud service providers differ with each other with respect to the way their native constructs work, their capabilities, design, and the configurations. Due to these differences deploying a NextGen Firewall such as a VM- Series is a challenge for end users as every cloud needs a particular step which is unlikely needed for another CSP. In addition, route table configurations and route propagations to steer traffic towards the firewall instances are manual, and it could take hours or even days just to get the deployment right. Performance Compromises VM-Series throughput is drastically reduced by Cloud Native constructs. Active-Standby VM- Series deployment is easier but limited in performance as only one firewall is active. On the other hand, Active-Active with Cloud Native Constructs requires BGP and IPsec tunneling which limits the throughput of the firewall to less than 1 Gbps. Visibility and Security Compromises SNAT solves traffic symmetry, but it compromises traffic visibility and may decrease NextGen Firewall and IPS efficiency. Solution Aviatrix FireNet (Firewall Network) for Palo Alto VM-Series simplifies planning, design, implementation, and life-cycle management of VM-Series into single or multiple clouds while providing automation, control and visibility required by the enterprises. Seamless and Policy-based VM-Series Firewall Insertion with Aviatrix Aviatrix FireNet simplifies implementation and on-going management of VM-Series. Aviatrix Controller instantiates the VM-Series, orchestrates the cloud native networking components, and provides health monitoring and automatic failover, without the need for IPsec tunneling or other complex overlay protocols such as VXLAN and Geneve. The solution maximizes availability and security where Aviatrix handles the cloud networking components and VM-Series secures the applications with consistent policy management across multi-cloud. Maximum Performance with Highly Available Active/Active Solution Aviatrix Controller automates route propagation by leveraging the Cloud Native API, eliminating the need for BGP and IPsec tunnels. This allows the VM-Series to maximize performance at full potential scaling up to 70 Gbps throughput with up to 10 VM-Series firewalls running per availability zone. Maintain Source Address Visibility Aviatrix FireNet gateways load balance traffic to the firewall and maintain the session affinity and symmetry to each of the VM-Series without requiring any SNAT. This allows source IP to remain intact with the session details that can help with many customer application use cases. Centralized Management and Integration with Panorama The Aviatrix solution integrates with Panorama to provide centralized network security management and orchestration of VM-Series firewalls across multi-cloud. SOLUTION BRIEF "With the use of Aviatrix in partnership with the Palo Alto Firewalls, we were able to eliminate the need for security groups and instead leverage traditional firewalls which took minutes. With Aviatrix if there was any troubleshooting to be done, it didn't take very long." RAUL ORTEGA MANAGER AND PRINCIPAL SECURITY ARCHITECT MEDIDATA Medidata - Joint Customer Case Study: networking-customers/real-world-cloud- networking-medidata

Articles in this issue

Links on this page

view archives of Solution Briefs - Aviatrix - Palo Alto Networks VM-Series Solution Brief