* [Blog](https://www2.paloaltonetworks.com/blog)
* [Network Security](https://www2.paloaltonetworks.com/blog/network-security/)
* [Hybrid Cloud Data Center](https://www2.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/)
* CN-Series Container NGFWs...

# CN-Series Container NGFWs Now on Red Hat OpenShift Platform OperatorHub

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fcn-series-red-hat-openshift-security%2F)  
[](https://twitter.com/share?text=CN-Series+Container+NGFWs+Now+on+Red+Hat+OpenShift+Platform+OperatorHub&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fcn-series-red-hat-openshift-security%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fcn-series-red-hat-openshift-security%2F&title=CN-Series+Container+NGFWs+Now+on+Red+Hat+OpenShift+Platform+OperatorHub&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/network-security/cn-series-red-hat-openshift-security/&ts=markdown)  
\[\](mailto:?subject=CN-Series Container NGFWs Now on Red Hat OpenShift Platform OperatorHub)  
Link copied  
By [Chintan Udeshi](https://www.paloaltonetworks.com/blog/author/chintan-udeshi/?ts=markdown "Posts by Chintan Udeshi") and [Tom Prenderville](https://www.paloaltonetworks.com/blog/author/tom-prenderville/?ts=markdown "Posts by Tom Prenderville")  
Aug 02, 2022  
4 minutes  
[Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown)  
[Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown)  
[Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)  
[Cloud Architects](https://www.paloaltonetworks.com/blog/tag/cloud-architects/?ts=markdown)  
[CN-Series](https://www.paloaltonetworks.com/blog/tag/cn-series/?ts=markdown)  
[enabling enterprise agility](https://www.paloaltonetworks.com/blog/tag/enabling-enterprise-agility/?ts=markdown)  
[network](https://www.paloaltonetworks.com/blog/tag/network/?ts=markdown)  
[network architects](https://www.paloaltonetworks.com/blog/tag/network-architects/?ts=markdown)  
[openshift security](https://www.paloaltonetworks.com/blog/tag/openshift-security/?ts=markdown)  
[red hat](https://www.paloaltonetworks.com/blog/tag/red-hat/?ts=markdown)

We're pleased to announce another way to accelerate container security with the availability of the CN-series container firewall on [Red Hat Openshift Platform OperatorHub](https://catalog.redhat.com/software/containers/paloalto/not-applicable/61c4d6a3d467cd4ec03ef3f1?container-tabs=gti&gti-tabs=red-hat-login). Customers can now rapidly deploy, configure and operate the [CN-Series container firewall](https://www.paloaltonetworks.com/network-security/cn-series) for Kubernetes environments directly from this Red Hat web service. It's a development designed to save customers time and effort by removing the complexity of manual application administration.

### **Hybrid Cloud Agility Needs Hybrid Cloud Security**

[Red Hat OpenShift Container Platform](https://www.redhat.com/en/technologies/cloud-computing/openshift) is, as its name suggests, a leading, enterprise-ready Kubernetes container platform. It is frequently used as a consistent foundation for building, deploying and running applications across hybrid cloud, multi-cloud and edge environments.

Red Hat has a significant market share across a range of industries where developers push new applications quickly to production environments. While using OpenShift is meant to increase agility, adopting the right security tools for a consistent security posture is critical so containerized applications are not left vulnerable to attacks.

### **CN-Series Speeds Container Security on OperatorHub**

But now, the CN-Series container firewall is easily available through Red Hat OpenShift OperatorHub, designed to make Kubernetes applications easy to deploy.

It's important to understand that Kubernetes simplifies the management of [stateless applications](https://www.redhat.com/en/topics/cloud-native-apps/stateful-vs-stateless), such as web apps, mobile backends and API services without requiring users to possess additional knowledge about how applications work. However, stateful applications -- such as databases and monitoring systems -- require domain-specific knowledge to scale, upgrade and reconfigure.

This is where Kubernetes operators come into the picture: they streamline the process of domain encoding into easy-to-use Kubernetes extensions. This helps further reduce complexity, because operators simplify the management and [automation of an application's lifecycle](https://www.redhat.com/en/topics/automation/whats-it-automation)**.**

[OperatorHub](https://docs.openshift.com/container-platform/4.6/operators/understanding/olm-understanding-operatorhub.html) is the OpenShift web interface that cluster administrators use to discover and install operators to automate deployment and maintenance of platform services and workloads. With a single click, an operator can be pulled from its off-cluster source, installed and subscribed on the cluster, and made ready for engineering teams.

Extend this concept to security, and protecting container applications becomes easier to accomplish. With CN-Series certified as an operator -- and now available on OperatorHub -- organizations can access and deploy containerized security on a Red Hat OpenShift cluster. This is meant to provide customers with the ability to:

* Scale CPU and memory usage for applications
* Specify the optimal deployment type (Daemonset mode or Kubernetes Service Mode)
* Easily configure CN-Series deployment to protect containerized applications on OpenShift

### **Meet Container Security Challenges and Network Security Challenges**

These capabilities are critical, because container security is also a pressing network security problem. Containerized applications are subject to [ever-growing attacks](https://www.paloaltonetworks.com/resources/whitepapers/your-containerized-applications-are-still-vulnerable) and threat surface issues due to inconsistent security posture caused by fragmented point security products. While agent-based deploy-time (shift-left) security products help to identify and patch known vulnerabilities at scale, applications can be rendered helpless against unknown and unpatched vulnerabilities.

What's more, network security teams often do not have the visibility and control over container traffic needed for a strong security posture. This can result in slowing down important development efforts, and frustrate cross-functional teams.
![Read how the CN-series container firewall on Red Hat Openshift Platform OperatorHub can save time and effort while providing more Kubernetes security.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/08/word-image-2.png)
CN-Series provides application-level visibility inside Kubernetes clusters.

Containers may seem like a secure option for running applications but in reality, network-based threats still apply. Network security teams often lack container expertise and do not have the necessary tools to secure containerized apps. This results in a fragmented security posture that leaves modern apps vulnerable to attacks.

### **CN-Series Meets and Exceeds The Challenge**

The Palo Alto Networks CN-Series container firewall is the first next-generation firewall [purpose-built to secure Kubernetes orchestration environments](https://www.paloaltonetworks.com/resources/ebooks/cn-series-container-firewalls-for-kubernetes) from network-based attacks. The CN-Series firewall enables network security teams to gain layer-7 visibility into Kubernetes environments, provide inline threat protection for containerized applications deployed anywhere and dynamically scale security [without compromising DevOps agility](https://www.paloaltonetworks.com/resources/datasheets/cn-series-container-firewall).

What's more, CN-Series ensures frictionless continuous integration/continuous development (CI/CD) pipeline deployment while delivering unparalleled runtime network protection through unified management across multiple firewalls.

### **Get Started Today with These Resources**

And now, the CN-Series firewall is now even more accessible, thanks to [availability](https://catalog.redhat.com/software/containers/paloalto/not-applicable/61c4d6a3d467cd4ec03ef3f1?container-tabs=gti&gti-tabs=red-hat-login) on OperatorHub. You can also learn more about how Red Hat operators make the application management processes scalable, repeatable and consistent across different platforms in this [Red Hat Operators 101 blog](https://www.redhat.com/en/blog/operators-101-your-auto-pilot-kubernetes-workloads). Or just contact us -- we'd be delighted to provide you with a [personalized demo](https://www.paloaltonetworks.com/company/request-demo).

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Virtual Firewall ROI --- US Signal and Guest from Forrester Explain](https://www2.paloaltonetworks.com/blog/2022/07/virtual-firewall-roi/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### CN-Series Container Firewall Now Supported on Oracle Kubernetes Engine](https://www2.paloaltonetworks.com/blog/network-security/container-firewall-oracle-kubernetes-security/)

### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### From Log4j and Beyond: 3 Ways CN-Series Protects Containers](https://www2.paloaltonetworks.com/blog/network-security/log4j-cn-series-container-firewalls/)

### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Calculate Your Organization's Big Virtual Firewall ROI Potential](https://www2.paloaltonetworks.com/blog/network-security/calculate-virtual-firewalls-roi-potential/)

### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### Secure Amazon EKS on Outposts with CN-Series](https://www2.paloaltonetworks.com/blog/network-security/amazon-eks-with-cn-series-container-firewalls/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Interactive Pricing Estimator Makes Cloud NGFW for AWS Even Easier](https://www2.paloaltonetworks.com/blog/network-security/interactive-pricing-cloud-ngfw-for-aws/)

### Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language