Deploy Palo Alto VM-Series firewalls with OpenShift Virtualization

Learning path | 5 resources | 2 hrs and 10 mins | Published on August 25, 2025
Brandon Jozsa

Learn how to implement Palo Alto network firewalls to your virtual machines using Red Hat OpenShift Virtualization.

Install Palo Alto

  1. Overview: Deploy Palo Alto VM-Series firewalls with OpenShift Virtualization
  2. Architecture, design, and use case patterns Page | 10 mins
  3. Prepare your CLI tools and network Page | 40 mins
  4. Upload the PAN-OS VM-Series image Page | 20 mins
  5. Deploy Palo Alto firewalls to your environment Page | 1 hr

Overview: Deploy Palo Alto VM-Series firewalls with OpenShift Virtualization

Deploy Palo Alto learning path feature image

Welcome to our learning path on deploying Palo Alto Networks VM-Series firewalls with Red Hat OpenShift Virtualization! Palo Alto’s VM-Series firewalls are virtualized iterations of the Palo Alto PA-series security appliance and provide inline security measures which can be applied to workloads running on Red Hat OpenShift. A tool like this can enable organizations to detect known and unknown vulnerabilities, even within encrypted traffic, which allows for a more refined security implementation to your OpenShift virtual machines (VMs).

OpenShift enables organizations to virtualize their Palo Alto firewalls in ways previously unattainable on other platforms. This is made possible by several distinctive deployment scenarios that OpenShift supports for the following types of environments:

  • Palo Alto VM-Series firewalls can be used to secure virtual machines that are running on OpenShift Virtualization.
  • Palo Alto VM-Series firewalls can be used to secure bare metal infrastructure using either NetworkAttachmentDefinition (NAD) or SriovNetwork objects.
  • With OpenShift 4.18+, administrators can leverage User Defined Networks (UDN) that allow Palo Alto firewalls to sit within a containerized network namespace; this is a first for any containerized platform.
  • Any combination of the previously mentioned deployment models.

Prerequisites:

  • CSI Storage Volumes: Red Hat provides Red Hat OpenShift Data Foundation as part of OpenShift Platform Plus, but if you already have a storage provider that includes a CSI driver as part of their solution, in many cases, you can integrate your current storage environment with OpenShift.
  • Network Observability Operator: This optional observability enhancement allows network and firewall administrators to capture flows and packet captures for any interface connected within your OpenShift environment. Additionally, it comes with a user-friendly interface, allowing administrators to view traffic metrics for workloads over time.

In this learning path, you will:

  • Learn about different Palo Alto VM-series architectures, designs, and use case patterns when deployed on OpenShift Virtualization and discover what works best for your unique scenario.
  • Prepare your network, storage, and other necessary components to deploy Palo Alto VM-Series firewalls on OpenShift Virtualization.
  • Deploy the Palo Alto VM-Series firewall on OpenShift Virtualization.