Call a Specialist Today! 844-294-0778


Palo Alto Networks VM-200
Virtualized Next-Generation Firewall

Palo Alto Networks VM-Series Virtual Firewall

Compare Products

Sorry, this product is no longer available. Please Contact Us for more information.


Overview:

The VM-Series supports the exact same next-generation firewall and advanced threat prevention features available in our physical form factor appliances, allowing you to safely enable applications flowing into, and across your private, public and hybrid cloud computing environments.

Automation features such as VM monitoring, dynamic address groups and a REST-based API allow you to proactively monitor VM changes dynamically feeding that context into security policies, thereby eliminating the policy lag that may occur when your VMs change.

The VM-Series supports the following hypervisors:

  • VMWare ESXi and NSX
  • Citrix SDX,
  • KVM (Centos/RHEL)
  • Ubuntu
  • Amazon Web Services 

Virtualized Firewalls

As your organization embraces virtualization and cloud initiatives, your networking, security and virtualization teams have two alternatives when it comes to protecting the resident mission-critical applications and data from modern cyber threats. The first alternative is to ignore security all together, not because it is unnecessary, but because security policy deployment cannot keep pace with the rate of virtualization changes, oftentimes lagging weeks behind.

The second alternative is to implement traditional security technologies that are port-bound, which means they lack the ability to identify and control applications, and they are ineffective at blocking today's modern attacks. Neither of these alternatives address the critical requirements you need to protect your virtualized environments. Key requirements for virtualized security include:

  • Support the same next-generation firewall features across both physical and virtual form factors
  • Automate the deployment of next-generation firewalls and policies across a range of virtualization environments
  • Isolate and segment mission critical applications and data following Zero Trust principles
  • Stop cyber threats from moving laterally in an east-west manner
  • Deliver centralized visibility and policy management for both physical and virtual form factors

The Palo Alto Networks VM-Series combines next-generation firewall security and advanced threat prevention to protect your virtualized environments from advanced cyber threats. Native automation tools such as Virtual Machine monitoring (VM) and Dynamic Address Groups monitor VM additions, removals and attribute changes to help eliminate any security policy lag as your VMs change.

Applying next-generation security to virtualized environments

The VM-Series virtualized firewall is based upon the same full-stack traffic classification engine that can be found in our physical form-factor firewalls. The VM-Series natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user. The application, content, and user — the elements that run your business — are then used as the basis of your virtualized security policies, resulting in an improved security posture and a reduction in incident response time.

Isolate mission critical applications and data using Zero Trust principles

Security best-practices dictate that your mission-critical applications and data should be isolated in secure segments using Zero Trust (i.e. never trust; always verify) principles at each segmentation point. The VM-Series can be deployed throughout your virtualized environment, residing as a gateway within your virtual network and controlling VM-to-VM communications based on application and user identity. This allows you to control the applications traversing your virtualized environment, while blocking potentially rogue or misconfigured applications and controlling access based on user identity.

Block lateral movement of cyber threats

Today’s cyber threats will commonly compromise an individual workstation or user, and then they will move across the network, looking for a target. Within your virtual network, cyber threats will move laterally from VM-to-VM, in an east-west manner, placing your mission critical applications and data at risk. Exerting application-level control using Zero Trust principles in between VMs will reduce the threat footprint while applying policies to block both known and unknown threats.

Automated, transparent deployment and provisioning

A rich set of automation features and APIs allow customers to streamline their security policy deployment so that security keeps pace with the buildup and teardown of their virtualized mission-critical applications.

  • Virtual Machine monitoring: Security policies must be able to monitor and keep up with changes in the virtualization environment, including VM attributes and the addition or removal of VMs. Virtual Machine monitoring (i.e. VM monitoring) automatically polls your virtualization environments for virtual machine inventory and changes, collecting this data in the form of tags that can then be used in dynamic address groups to keep policies up to date.
  • Dynamic address groups: As your virtual machines change functions or move from server to server, building security policies based on static data, such as IP address, delivers limited value. dynamic address groups allow you to create policies using tags [from VM monitoring] as an identifier for virtual machines instead of a static object definition. Multiple tags representing virtual machine attributes such as operating system can be resolved within a dynamic address group, allowing you to easily apply policies to virtual machines as they are created or travel across the network.
  • RESTful APIs: A flexible, REST-based API allows you to integrate with 3rd party cloud orchestration solutions such as OpenStack and CloudStack. This enables the VM-Series to be deployed and configured in lockstep with virtualized workloads.
  • Centralized management: Panorama™ allows you to manage your VM-Series deployments along with your physical security appliances, thereby ensuring policy consistency and cohesiveness. Rich, centralized logging and reporting capabilities provide visibility into virtualized applications, users and content.