VM-Series on

Oracle Cloud
Palo Alto Networks VM-Series Virtual Next-Generation
VM-Series on Oracle Cloud ­Firewalls protect your workloads with security features that
• Complements native Oracle Cloud allow you to confidently, quickly migrate your business-
security with deep visibility,
critical applications to the cloud. Templates and third-party
granular control, and segmentation
of applications. tools allow you to embed the VM-Series in your application
• Prevents threats and data loss development lifecycle to prevent data loss and business
within allowed application flows. disruption.
• Enables policies to be updated at
the speed of the cloud.
• Ensures consistent policy
enforcement with centralized
management.

Strata by Palo Alto Networks | VM-Series on Oracle Cloud | Datasheet 1

Oracle Cloud® enables you to rapidly move your database and any port, rendering traditional prevention mechanisms
high-performance computing applications to global cloud ­ineffective. Threat Prevention and DNS Security, along with
infrastructure. However, risks of data loss and business dis- Palo Alto Networks WildFire® malware prevention service,
ruption potentially slow these initiatives. The VM-Series on will serve as segmentation policy elements to protect you
Oracle Cloud enables you to: against exploits, malware, and previously unknown threats
• Protect workloads deployed on Oracle Cloud through un- from both inbound and lateral movement perspectives.
matched visibility and precise control of applications. • Multiple defenses block data exfiltration and unauthorized
• Prevent threats from moving laterally between workloads file transfers. A combination of application enablement
and stop data exfiltration. and Threat Prevention features can prevent data exfiltra-
tion. File transfers can be controlled by looking inside files,
• Eliminate security-induced development bottlenecks with
not only at file extensions, to determine whether transfer
automation and centralized management.
actions should be allowed. Command and control, asso-
ciated data theft, and executable files found in drive-by
Native Oracle Cloud Security vs. downloads or secondary payloads can also be blocked. Data
filtering features can detect and control the flow of confi-
VM-Series dential data patterns, such as credit card and Social Security
numbers, in addition to custom patterns.
Public cloud security posture best practices dictate that you
should understand your threat exposure through application
visibility, use policies to reduce your attack surface area, and Centralized Management for
­Policy Consistency
prevent threats and data exfiltration within allowed traffic.
Native Oracle Cloud security lets you establish baseline pro-
tection and control, but today’s attackers are adept at hid- Panorama™ network security management provides a sin-
ing in plain sight, bypassing these controls. The VM-Series gle pane of glass for your VM-Series firewalls across multi-
complements this native security by reducing your attack ple cloud deployments alongside your physical appliances,
surface through enabling applications, blocking threats, and ensuring consistent and cohesive policy. Rich, centralized
stopping data exfiltration. logging and reporting capabilities provide deep visibility
into virtualized applications, users, and content.

VM-Series on Oracle Cloud

The VM-Series allows you to embrace a prevention-based ap-
Automation to Support Developer
proach to protecting your applications and data on Oracle Cloud: Workflows
• Complete visibility improves security decisions. Under- The VM-Series on Oracle Cloud includes management and
standing the applications in use on your network, includ- automation features that enable you to embed security in
ing those that may be encrypted, helps you make informed your application development workflows:
security policy decisions.
• Bootstrapping allows you to create a working VM-Series
• Segmentation and application whitelisting aid data secu- configuration, complete with licenses and subscriptions,
rity and compliance. Enforcing a positive security mod- that can be deployed in an automated, scalable manner.
el through application whitelisting reduces your attack
surface. Whitelisting policies also let you segment appli- • A fully documented API, Dynamic Address Groups, and
cations that communicate across subnets and between External Dynamic Lists allow you to automate VM-Series
virtual cloud networks (VCNs) to stop lateral threat move- configuration changes and consume external data to dy-
ment and meet compliance requirements. namically drive security policy updates.

• User-based policies improve security posture. Integra- • Action-Oriented Log Forwarding lets you drive actions
tion with on-premises user repositories, such as Micro- based on observed incidents in the logs.
soft Exchange, Active Directory®, and LDAP, lets you grant
access to applications and data based on user credentials Automating Deployments with
and needs. For example, your developer group can have
full access to the developer VCN while only IT administra- Terraform and Ansible
tors have RDP/SSH access to the production VCN. In con-
If your organization uses multiple public and private cloud
junction with Palo Alto Networks GlobalProtect™ network
platforms, or you want to embed VM-Series deployments in
security for endpoints, the VM-Series on Oracle Cloud can
your application development processes, you can deploy and
extend your corporate security policies to mobile devices
configure the VM-Series using third-party toolsets, such as
and users wherever they are.
Terraform® and Ansible®. The combination of these tools and
• Applications and data are protected from known and VM-Series automation features enables you to deploy and con-
­unknown threats. Attacks, like many applications, can use figure heterogeneous environments at scale with great agility.

Strata by Palo Alto Networks | VM-Series on Oracle Cloud | Datasheet 2

 Oracle cloud infrastructure (region)

Hybrid: Extend application

development onto Oracle Cloud
Developer resources
VM-
Series

Internet: Protect developer

DRG environment from threats

Oracle cloud infrastructure (region)

Corporate data center Segmentation: Separate applications

VM- and data for security and compliance
Series

DRG

Figure 1: VM-Series on Oracle Cloud use cases

VM-Series on Oracle Cloud Use Prevention policies to block their movement. If traffic is

Cases
­flowing between VCNs in different regions across the inter-
net, you can enable encryption for added protection.
The VM-Series can be deployed on Oracle Cloud to address
several different use cases. Licensing and Deployment
Hybrid Cloud: Securely Enable App Dev and Test The VM-Series on Oracle Cloud supports a bring-your-own-
Securely migrate application development and testing to license (BYOL) model via Oracle Cloud Marketplace. We also
­Oracle Cloud through a hybrid deployment that integrates offer a VM-Series enterprise license agreement (ELA).
your existing development environment with Oracle Cloud via
BYOL
a secure connection. This allows your development and test-
ing teams to get started while maintaining a strong security You can purchase your VM-Series license Basic, Bundle 1, or
posture. Deployed on Oracle Cloud, the VM-Series can act as Bundle 2 through normal Palo Alto Networks channels, and
an IPsec virtual private network (VPN) termination point to then deploy the VM-Series via your Oracle Cloud Management
enable secure communications to and from Oracle Cloud. Console using the license authorization code you received.

Internet Gateway: Protect Production Workloads VM-Series ELA

As your Oracle Cloud deployment expands to include For large-scale and/or multi-cloud deployments or across
­public-facing workloads, you can use the VM-Series as an multiple virtualization environments, the VM-Series ELA al-
internet gateway to protect web-facing applications from lows you to forecast, and purchase upfront, VM-Series firewalls
known and unknown threats. Additionally, you can enable di- to be deployed over a one- or three-year period. The VM-Series
rect access to web-based developer resources, tools, and soft- ELA gives you a single license authorization code to use for the
ware updates, thereby minimizing the traffic that flows back life of the term, providing predictable security spend and sim-
to corporate and out to the web. plifying the licensing process with a single start and end date
for all VM-Series licenses and subscriptions. Each VM-Series
Segmentation Gateway: Separation for Security ELA includes a VM-Series firewall, subscriptions for Threat
and Compliance Prevention, DNS Security, WildFire, and GlobalProtect Gate-
High-profile breaches have shown that cybercriminals are way, plus unlimited Panorama virtual machine licenses and
adept at hiding in plain sight, bypassing perimeter controls, Premium Support (written and spoken English only).
and moving at will across physical or virtualized networks. An
Oracle Cloud VCN provides an isolation and security bound- Performance and Capacities
ary for your workloads. The VM-Series can augment that
separation through application-level segmentation policies For a complete listing of all VM-Series features and capacities,
to control traffic between VCNs and across subnets. With please visit [Link]/comparefirewalls.
­application-level policies, you have greater control over ap- Please refer to the latest information on VM-Series perfor-
plication traffic moving laterally, and you can apply Threat mance on Oracle instances here.

3000 Tannery Way © 2020 Palo Alto Networks, Inc. Palo Alto Networks is a registered
Santa Clara, CA 95054 ­trademark of Palo Alto Networks. A list of our trademarks can be found at
[Link] All other
Main: +1.408.753.4000 marks mentioned herein may be trademarks of their respective companies.
Sales: +1.866.320.4788 vm-series-on-oracle-cloud-ds-051420
Support: +1.866.898.9087

[Link]