In today’s rapidly evolving data centers, seamlessly integrating advanced network security measures into existing infrastructure is critical for maintaining robust protection and efficiency. One such powerful integration is using Palo Alto Networks Next-Generation Firewalls (NGFWs) to protect application flows in the data center.
Starting with the Nutanix Cloud Infrastructure (NCI) Release 7.3, the Nutanix Flow Network Security (FNS) solution now provides a seamless, advanced integration with Palo Alto Networks VM-Series firewalls using service insertion to allow NCI customers to leverage the advanced functionality provided by Palo Alto Networks NGFWs.
Nutanix Flow Network Security integration with Palo Alto Networks enables organizations to obtain the level of security they need without complication and operational challenges.
Flow Network Security
Flow Network Security is an application-centric microsegmentation solution natively built into the Nutanix AHV hypervisor. It protects east-west traffic within the Nutanix Cloud Infrastructure platform, covering both on-premises AHV and Nutanix Cloud Clusters deployments. Operating as a distributed, stateful virtual firewall, FNS empowers security teams to define granular, policy-driven controls that safeguard business-critical applications and VDI environments.
Integrated with the Nutanix Prism Central multicluster manager, FNS uses embedded software-defined networking components in each AHV host for enforcement. Its agentless, zero touch model supports dynamic tagging, avoids the need for physical reconfiguration, and enables scalable, zero-trust-aligned security.
Palo Alto Networks VM-Series Next-Generation Firewalls
Palo Alto Networks VM-Series firewalls consistently protect public and private clouds, virtualized data centers and branch environments by delivering inline network security and threat prevention. VM-Series firewalls enhance your security posture with the industry-leading threat prevention capabilities of the Palo Alto Networks Next-Generation Firewall in a VM form factor, making it ideal for deployment in environments where it’s difficult or impossible to install a hardware firewall.
Flow Service Insertion with Palo Alto Networks
A key challenge of deploying NGFWs in a virtual cloud environment is ensuring they effectively intercept and secure “critical” application traffic—traffic that requires inspection and control—without disrupting the application or increasing the administrative overhead of redesigning the network.
This is particularly challenging for east-west traffic flows. Service Insertion by Flow Network Security enables organizations to dynamically integrate advanced Palo Alto Networks Next-Generation Firewall services from Palo Alto Networks VM-Series, such as deep packet inspection, application identification and comprehensive threat prevention, into existing network traffic flows.
How the Integration Works
Built on a virtual firewall cluster design, Flow Service Insertion allows the NGFW to be deployed on any managed Nutanix cluster, decoupled from the hosts where protected application VMs reside. This architecture significantly simplifies the deployment and management of firewall instances, particularly in large-scale environments.
To identify the critical flows to be protected by the firewall, network security administrators can use familiar Flow Network Security policies to define the critical traffic. The Flow control plane then dynamically manages traffic steering, ensuring the appropriate flows are redirected to the Palo Alto Networks VM-Series firewall. This eliminates the need for routing decisions at the firewall itself and requires no change to network architecture. This dynamic approach reduces the need for manual configuration, provides excellent scalability, and helps simplify policy management.
Another one of the standout features of this integration is its built-in high availability. The system is engineered to avoid single points of failure, allowing continuous protection for mission-critical applications even in the event of component disruptions. This robust architecture provides organizations with peace of mind, knowing that their critical workloads remain secure and operational.
In summary, integrating Flow Network Security with Palo Alto Networks VM-Series via service insertion combines ease of use, advanced security controls and resilient architecture. Organizations benefit from simplified operations, automated traffic management, application-level visibility and advanced threat detection capabilities, all contributing to a comprehensive and dynamic security strategy tailored for modern data center environments.
Benefits of the Joint Solution at a Glance
Enterprises utilizing this solution will find a powerful suite of capabilities designed to deliver tangible security outcomes that align with enterprise risk reduction and compliance goals. The following benefits are strategic enablers tailored to meet the complex needs of modern, high-stakes operational environments:
- Streamlined: Simplified operational management through automation
- Granular: Application-aware policy enforcement
- Insightful: Comprehensive visibility into application flows and network behavior
- Proactive: Real-time threat detection and mitigation
- Adaptive: Automated scaling capabilities tailored to dynamic workload requirements
- Resilient: Built-in resilience and high availability, eliminating single points of failure
To learn more, check out the Nutanix Integration Guide.