Securing Application Traffic with Nutanix Flow and Palo Alto Networks VM-Series
By Sam Ghardashem, Nutanix and Jasmine Punia, Palo Alto Networks
In today’s rapidly evolving datacenters, seamlessly integrating advanced network security measures into existing infrastructure is critical for maintaining robust protection and efficiency. One such powerful integration is using Next-Gen Firewalls to protect application flows in the datacenter.
Starting with Nutanix Cloud Infrastructure (NCI) Release 7.3, the Nutanix Flow Network Security (FNS) solution now offers seamless, advanced integration with Palo Alto Networks VM-Series firewalls, utilizing service insertion, to enable NCI customers to leverage the advanced security functionality provided by Palo Alto Networks Next-Generation Firewall.
Nutanix Flow Network Security integration with Palo Alto Networks enables organizations to obtain the level of security they need without complications and operational challenges.
Flow Network Security
Flow Network Security is an application-centric microsegmentation solution natively built into the Nutanix AHV hypervisor. It protects east–west traffic within the Nutanix Cloud Infrastructure platform, covering both on-premises AHV and Nutanix Cloud Clusters deployments. Operating as a distributed, stateful virtual firewall, FNS empowers security teams to define granular, policy-driven controls that safeguard business-critical applications and VDI environments.
Integrated with the Nutanix Prism Central multi-cluster manager, FNS uses embedded software-defined networking components in each AHV host for enforcement. Its agentless, zero-touch model supports dynamic tagging, avoids the need for physical reconfiguration, and enables scalable, zero-trust-aligned security.
Palo Alto Networks VM-Series Next-Generation Firewall
Palo Alto Networks VM-Series firewalls consistently protect public and private clouds, virtualized datacenters, and branch environments by delivering inline network security and threat prevention. VM-Series firewalls enhance your security posture with the industry leading threat prevention capabilities of the Palo Alto Networks Next-Generation Firewall in a VM form factor, making it ideal for deployment in environments where it’s difficult or impossible to install a hardware firewall.
Flow Service Insertion with Palo Alto Networks
A key challenge of deploying Next-Generation Firewalls (NGFWs) in a virtual cloud environment is ensuring they effectively intercept and secure “critical” application traffic—traffic that requires additional inspection and control—without disrupting the application or increasing the administrative overhead of redesigning the network.
This is particularly challenging for east-west traffic flows. Service Insertion by Flow Network Security enables organizations to dynamically integrate advanced Next-Gen Firewall services from Palo Alto Networks’ VM-Series, such as deep packet inspection, application identification, and comprehensive threat prevention, into existing network traffic flows.
How The Integration Works
Built on a virtual firewall cluster design, Flow Service Insertion allows the NGFW to be deployed on any managed Nutanix cluster, decoupled from the hosts where protected application VMs reside. This architecture considerably simplifies the deployment and management of firewall instances, particularly in large-scale environments.
To identify the critical flows to be protected by the Firewall, network security administrators can use familiar Flow Network Security policies to define the critical traffic. The Flow control plane then dynamically manages traffic steering, ensuring the appropriate flows are redirected to the Palo Alto Networks VM-Series firewall. This eliminates the need for routing decisions at the firewall itself and requires no change to network architecture. This dynamic approach reduces the need for manual configuration, provides excellent scalability, and helps simplify policy management.
Another standout feature of this integration is its built-in high availability. The system is engineered to avoid single points of failure, allowing continuous protection for mission-critical applications even in the event of component disruptions. This robust architecture provides organizations with peace of mind, knowing that their critical workloads remain secure and operational.
In summary, integrating Flow Network Security with Palo Alto Networks VM-Series via service insertion combines ease of use, advanced security controls, and resilient architecture. Organizations benefit from simplified operations, automated traffic management, application-level visibility, and threat detection capabilities, all contributing to a comprehensive and dynamic security strategy tailored for modern datacenter environments.
Benefits Of The Joint Solution At A Glance:
Enterprises utilizing this solution will find a powerful suite of capabilities designed to deliver tangible security outcomes that align with enterprise risk reduction and compliance goals. The following benefits are strategic enablers tailored to meet the complex needs of modern, high-stakes operational environments:
- Streamlined: Simplified operational management through automation
- Granular: Application-aware policy enforcement
- Insightful: Deep visibility into application flows and network behavior
- Proactive: Real-time threat detection and mitigation
- Adaptive: Automated scaling capabilities tailored to dynamic workload requirements
- Resilient: Built-in resilience and high availability, eliminating single points of failure
©2025 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries.