Extend Firewalls to Kubernetes
Kubernetes and Security Zones
Kubernetes does not natively deploy well to that architecture due to the dynamic nature of each pod’s IP address and the firewall’s inability to create rules for pods. When Kubernetes applications are internet-facing, this can create big problems for your security team.
Manage Zones and Rules using a Firewall Manager
Firewall Managers, such as Palo Alto Networks Panorama, can connect to Calico Enterprise and treat it like any other firewall in the network.
Zones are defined and firewall rules are created the same way all other rules have been created. Calico Enterprise will then automatically translate those rules into Kubernetes Network Policy that segment the cluster into zones and apply the correct firewall rules.
Calico Enterprise then enforces the firewall rules in a higher-precedent policy tier, enabling guardrails for DevOps to deploy their workloads without overriding any of the zone architecture rules.
Traffic crossing zones can be sent to the security team’s SIEM, enabling them the same visibility they would have received using their firewall.
Extend a zone-based network security architecture to Kubernetes
Fine-grained network security policies within the cluster and external resources
Accurate flow logs with application identity
Enforce controls and gain visibility into Kubernetes. Produce accurate evidence reports
Ready to get started?
Seeing is believing! Get a free demo of Calico Enterprise.