Overview
Product Overview
Cloud Next-Generation Firewall (CNGFW) for AWS delivers best-in-class network security powered by artificial intelligence and machine learning, stopping zero-day exploits faster than traditional platforms. This fully managed turnkey cloud-native firewall service with 99.99% availability removes the complexity of managing firewall infrastructure in AWS. It lets you immediately turn on the next-generation firewall features and scale your security, ensuring seamless protection for your applications in the AWS environment.
Cloud NGFW extends your threat prevention capabilities across AWS environments and seamlessly integrates with key AWS services like AWS Firewall Manager, CloudWatch, Kinesis Firehose, and more. It provides real-time insights, automated security workflows, and granular traffic control for robust network protection. Recent enhancements include Strata Cloud Manager integration for centralized visibility and firewall-as-code enhancements.
Benefits
-
Effortless Deployment and Zero-Operational Burden: Palo Alto Networks Cloud NGFW takes care of the complex operational tasks, allowing for seamless firewall deployment and management in AWS. It streamlines processes such as certificate management, software upgrades, patch management and multi-dimensional scaling to ensure 99.99% availability. By eliminating the challenges of managing and scaling firewalls yourself, you can deploy robust cloud protection in just a few clicks, without worrying about infrastructure management.
-
Advanced Threat Prevention. Secure your AWS VPC traffic from zero-day attacks and unknown command-and-control traffic using Cloud-Delivered Security Services (CDSS) powered by Precision AI as well as Unit 42 Threat Research, enabling detection and mitigation 180x faster than traditional platforms.
-
Real-Time Threat Detection. Protect your applications with advanced AI and ML-powered threat prevention, leveraging intelligence derived from 70,000+ global customers to stop zero-day exploits, DNS threats, and web-based threats before they impact your network. This extensive threat intelligence network continuously learns and adapts, providing unparalleled protection that evolves with the latest attack vectors.
-
Granular Traffic Control. Gain visibility and precise control over your network traffic based on workloads, users, and applications with patented Layer 7 classification. Reduce attack surfaces and safeguard your AWS environment from malicious traffic.
-
Centralized Visibility. Simplify security operations with centralized management using Strata Cloud Manager or Panorama. Gain comprehensive visibility into applications, users, and threats for more efficient security management, faster threat resolution, and optimized policy creation.
-
Improved Metrics & Monitoring. Leverage AWS CloudWatch to monitor NGFW health, performance, and usage patterns in real-time, ensuring your security operations run at peak efficiency.
-
Firewall-as-Code Enhancements. Automate your firewall deployment, policy enforcement and account management workflows with the support of APls, CloudFormation and Terraform. Eliminate manual interventions and streamline your security operations.
-
Cloud NGFW is the Firewall-as-a-Service. Choose either AWS Firewall Manager or Palo Alto Networks Panorama for consistent policy management across multiple AWS accounts, enabling flexible control and seamless security across your cloud environments.
Activate your 30-Day free trial and create up to two next-generation firewall resources on your existing AWS VPCs, securing up to 100GB of traffic. After the free trial, you'll transition to a pay-as-you-go model, and you can check your subscription status on the Subscription Management page.
Highlights
- Deploy your next-generation firewall with one-click, automated provisioning that auto-scales to match your network traffic. Leverage Palo Alto Networks Panorama or Strata Cloud Manager for unified security management, ensuring you maintain control and visibility across your cloud infrastructure without the complexity of managing infrastructure.
- Integrate seamlessly with AWS-native services like CloudWatch, Kinesis Firehose, and AWS Firewall Manager, providing real-time insights, granular traffic control, and enhanced security capabilities. Backed by Palo Alto Networks Unit 42 Threat Research, the service delivers cutting-edge threat prevention and faster mitigation of zero-day exploits.
- Cloud NGFW supports automated onboarding of AWS environments and workflow automation through APIs, CloudFormation, and Terraform, enabling quick deployment and consistent operations. Gain comprehensive visibility and management across multiple AWS accounts with centralized security operations using Strata Cloud Manager or Panorama.
Details
Features and programs
Security credentials achieved
(2)
Buyer guide
Financing for AWS Marketplace purchases
Quick Launch
Pricing
Free trial
Dimension | Cost/unit |
---|---|
Base NGFW - incl. 3 AZs (1unit=1 usage hour), addt'l AZ 0.33 unit/hr | $1.50 |
Traffic Secured - First 15 TB / month (1 unit = 1 GB) | $0.065 |
Traffic Secured - Next 15 TB / month (1 unit = 1 GB) | $0.045 |
Traffic Secured - Above 30 TB / month (1 unit = 1 GB) | $0.03 |
Add-Ons (1 unit = 1 Cloud NGFW Credit) (refer to page bit.ly/cngfwaws) | $0.012 |
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Custom pricing options
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
"Premium support is now included with the product: https://www.paloaltonetworks.com/resources/datasheets/premium-support . To help you get started with your deployment such as how-to videos, deployment guides and reference architectures, please visit: https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW . For post-sales support, you can use the following options: 1) Open a case by following the steps here: https://www.paloaltonetworks.com/services/support/customer-support-plan . 2) Call us at 1 (866) 898-9087"
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Reviews
Functionality
Ease of use
Customer service
Cost effectiveness
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
Standard contract
Customer reviews
Prisma SDWAN
Palo Alto My opinion
Professional Network Security Engineers
Reliable and Comprehensive Cloud Firewall Solution
Palo Alto's NGFWs can do anything but to understand it you have to forget everything you knew before
Defining ACLs with services as "application-default" is a unique and great feature.
Configuring functions by combining building blocks is a great designs, but the way these blocks have to be all pre-defined to be able to put together makes a newcomers job way harder than it should be.
It would be much easier if the choice of creating new blocks on the fly while implementing a function would benefit administartors greatly.