Microsoft Azure and Palo Alto Networks - Azure Marketplace offer for setting up an Azure Kubernetes Service (AKS) and securing it with the Cloud NGFW. This offer makes the provisioning of an AKS cluster straightforward while leveraging the advanced network security in Azure powered by Palo Alto Networks.
What does it include?
The solution follows the AKS landing zone accelerator reference architecture to build a scalable Azure Kubernetes Service (AKS) cluster while following the Cloud Adoption Framework.
The deployment follows the AKS Secure Baseline architecture, including Azure networking, security, identity, management, and monitoring services. It deploys an AKS cluster, an Application Gateway for Ingress, a Container Registry with Private Endpoints, and more. The cluster is then connected to a Hub Virtual Network where the Cloud NGFW is deployed to inspect and secure the traffic.
Cloud NGFW is an Azure-native ISV Firewall-as-a-Service solution jointly developed and launched by Microsoft and Palo Alto Networks. It combines the advanced security technologies offered by Palo Alto Networks NGFW platform while keeping the simplicity and convenience of an Azure-native service. More detailed information about Cloud NGFW can be found here.
Who is it for?
Customers migrating their workloads to Azure and leveraging Azure Landing Zone methodology and architecture will benefit from a turn-key deployment that stands up AKS Secure Baseline architecture covering the recommended Azure services and configurations.
While preparing the environment to migrate and run the applications the security is often left until after the migration is well underway. Network Security teams will find this offer helpful as it includes the best-in-class firewall enabling advanced security and policy configurations right in Azure with the Cloud NGFW and its Rulestack resource. As it’s natively integrated into the Azure Resource Manager framework, the security rules and objects can be created right in the Azure Portal or via the Infrastructure-as-Code mechanisms of choice such as ARM templates, Terraform, Powershell, or Azure CLI.
The rules leverage Palo Alto Network’s App-ID, Advanced Threat Prevention, Advanced URL Filtering, and DNS Security to enhance the security of your AKS Landing Zone deployment.
Cloud NGFW offers robust FWaaS capabilities eliminating the need to manage the firewall infrastructure. Operational tasks such as software upgrades, high availability, scaling, and resiliency are all offered as part of the service. It comes with a 99.99 SLA so you can rest easy knowing that Palo Alto Networks has got your back delivering the best security outcomes for your Azure Landing Zone deployments.
What are the benefits of this solution?
- Automated deployment of the AKS Landing Zone Accelerator best practices without the need to specify dozens of individual input parameters
- Cloud NGFW for Azure provisioning into a Hub Virtual Network offering advanced security capabilities and top-of-the-line threat efficacy using Palo Alto Networks NGFW technology
- Reduced time and margin for error deploying services manually one by one
- Ease operational overhead by leveraging the SaaS firewall with no infrastructure to manage
How to get it?
The offer is available in the Azure Marketplace and can be deployed via the Azure Portal or any Azure-supported API mechanism. Cloud NGFW for Azure comes with a 30-day free trial.
Co-Author: Anton Budilovskiy
Updated Jan 29, 2025
Version 1.0aayodeji
Microsoft
Joined August 31, 2022
Microsoft Developer Community Blog
Follow this blog board to get notified when there's new activity