Listing Thumbnail

    Cloud Next-Generation Firewall as a Service (30-Day Free Trial to PAYG)

     Info
    Free Trial
    Vendor Insights
    Quick Launch
    Fully managed, cloud-native firewall service with threat prevention, app control and advanced URL filtering that integrates with AWS Firewall Manager, CloudWatch and more.
    Listing Thumbnail

    Cloud Next-Generation Firewall as a Service (30-Day Free Trial to PAYG)

     Info

    Overview

    Play video

    Product Overview

    Cloud Next-Generation Firewall (CNGFW) for AWS delivers best-in-class network security powered by artificial intelligence and machine learning, stopping zero-day exploits faster than traditional platforms. This fully managed turnkey cloud-native firewall service with 99.99% availability removes the complexity of managing firewall infrastructure in AWS. It lets you immediately turn on the next-generation firewall features and scale your security, ensuring seamless protection for your applications in the AWS environment.

    Cloud NGFW extends your threat prevention capabilities across AWS environments and seamlessly integrates with key AWS services like AWS Firewall Manager, CloudWatch, Kinesis Firehose, and more. It provides real-time insights, automated security workflows, and granular traffic control for robust network protection. Recent enhancements include Strata Cloud Manager integration for centralized visibility and firewall-as-code enhancements.

    Benefits

    • Effortless Deployment and Zero-Operational Burden: Palo Alto Networks Cloud NGFW takes care of the complex operational tasks, allowing for seamless firewall deployment and management in AWS. It streamlines processes such as certificate management, software upgrades, patch management and multi-dimensional scaling to ensure 99.99% availability. By eliminating the challenges of managing and scaling firewalls yourself, you can deploy robust cloud protection in just a few clicks, without worrying about infrastructure management.

    • Advanced Threat Prevention. Secure your AWS VPC traffic from zero-day attacks and unknown command-and-control traffic using Cloud-Delivered Security Services (CDSS) powered by Precision AI as well as Unit 42 Threat Research, enabling detection and mitigation 180x faster than traditional platforms.

    • Real-Time Threat Detection. Protect your applications with advanced AI and ML-powered threat prevention, leveraging intelligence derived from 70,000+ global customers to stop zero-day exploits, DNS threats, and web-based threats before they impact your network. This extensive threat intelligence network continuously learns and adapts, providing unparalleled protection that evolves with the latest attack vectors.

    • Granular Traffic Control. Gain visibility and precise control over your network traffic based on workloads, users, and applications with patented Layer 7 classification. Reduce attack surfaces and safeguard your AWS environment from malicious traffic.

    • Centralized Visibility. Simplify security operations with centralized management using Strata Cloud Manager or Panorama. Gain comprehensive visibility into applications, users, and threats for more efficient security management, faster threat resolution, and optimized policy creation.

    • Improved Metrics & Monitoring. Leverage AWS CloudWatch to monitor NGFW health, performance, and usage patterns in real-time, ensuring your security operations run at peak efficiency.

    • Firewall-as-Code Enhancements. Automate your firewall deployment, policy enforcement and account management workflows with the support of APls, CloudFormation and Terraform. Eliminate manual interventions and streamline your security operations.

    • Cloud NGFW is the Firewall-as-a-Service. Choose either AWS Firewall Manager or Palo Alto Networks Panorama for consistent policy management across multiple AWS accounts, enabling flexible control and seamless security across your cloud environments.

    Activate your 30-Day free trial and create up to two next-generation firewall resources on your existing AWS VPCs, securing up to 100GB of traffic. After the free trial, you'll transition to a pay-as-you-go model, and you can check your subscription status on the Subscription Management page.

    Highlights

    • Deploy your next-generation firewall with one-click, automated provisioning that auto-scales to match your network traffic. Leverage Palo Alto Networks Panorama or Strata Cloud Manager for unified security management, ensuring you maintain control and visibility across your cloud infrastructure without the complexity of managing infrastructure.
    • Integrate seamlessly with AWS-native services like CloudWatch, Kinesis Firehose, and AWS Firewall Manager, providing real-time insights, granular traffic control, and enhanced security capabilities. Backed by Palo Alto Networks Unit 42 Threat Research, the service delivers cutting-edge threat prevention and faster mitigation of zero-day exploits.
    • Cloud NGFW supports automated onboarding of AWS environments and workflow automation through APIs, CloudFormation, and Terraform, enabling quick deployment and consistent operations. Gain comprehensive visibility and management across multiple AWS accounts with centralized security operations using Strata Cloud Manager or Panorama.

    Details

    Delivery method

    Features and programs

    Vendor Insights

     Info
    Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
    Security credentials achieved
    (2)

    Buyer guide

    Gain valuable insights from real users who purchased this product, powered by PeerSpot.
    Buyer guide

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Quick Launch

    Leverage AWS CloudFormation templates to reduce the time and resources required to configure, deploy, and launch your software.

    Pricing

    Free trial

    Try this product free according to the free trial terms set by the vendor.

    Cloud Next-Generation Firewall as a Service (30-Day Free Trial to PAYG)

     Info
    Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.

    Usage costs (5)

     Info
    Dimension
    Cost/unit
    Base NGFW - incl. 3 AZs (1unit=1 usage hour), addt'l AZ 0.33 unit/hr
    $1.50
    Traffic Secured - First 15 TB / month (1 unit = 1 GB)
    $0.065
    Traffic Secured - Next 15 TB / month (1 unit = 1 GB)
    $0.045
    Traffic Secured - Above 30 TB / month (1 unit = 1 GB)
    $0.03
    Add-Ons (1 unit = 1 Cloud NGFW Credit) (refer to page bit.ly/cngfwaws)
    $0.012

    Vendor refund policy

    We do not currently support refunds, but you can cancel at any time.

    Custom pricing options

    Find a fit for enterprise or unique needs with a private offer.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Resources

    Vendor resources

    Support

    Vendor support

    "Premium support is now included with the product: https://www.paloaltonetworks.com/resources/datasheets/premium-support . To help you get started with your deployment such as how-to videos, deployment guides and reference architectures, please visit: https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW . For post-sales support, you can use the following options: 1) Open a case by following the steps here: https://www.paloaltonetworks.com/services/support/customer-support-plan . 2) Call us at 1 (866) 898-9087"

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    10
    In Network Infrastructure, Generative AI
    Top
    10
    In Network Infrastructure
    Top
    10
    In Data Governance

    Customer reviews

     Info
    AI generated sentiment from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Automated Provisioning and Scaling
    Automated, one-click provisioning of next-generation firewall resources that auto-scale to match network traffic
    Seamless Integration with AWS Services
    Seamless integration with AWS-native services like CloudWatch, Kinesis Firehose, and AWS Firewall Manager, providing real-time insights, granular traffic control, and enhanced security capabilities
    Threat Prevention and Zero-Day Exploit Mitigation
    Cutting-edge threat prevention and faster mitigation of zero-day exploits, backed by Palo Alto Networks Unit 42 Threat Research
    Workflow Automation and Centralized Management
    Automated onboarding of AWS environments and workflow automation through APIs, CloudFormation, and Terraform, enabling quick deployment and consistent operations with centralized security operations using Strata Cloud Manager or Panorama
    Comprehensive Visibility and Control
    Comprehensive visibility and management across multiple AWS accounts with centralized security operations using Strata Cloud Manager or Panorama
    Next-Generation Firewall Capabilities
    Provides next-generation firewall security capabilities such as intrusion prevention, application control, content filtering, and more, powered by FortiGuard Labs AI
    Simplified Security Management
    Provides a comprehensive toolset to manage network security in cloud infrastructure, including associating AWS accounts, creating CNF instances, defining protected objects, and management of policies
    Scalability
    Scales to meet customer needs, with each instance capable of protecting up to 1000 subnets from multiple subnets, VPCs, and availability zones across multiple AWS accounts in a given AWS region
    Security Policy Integration
    Allows AWS customers to utilize AWS Firewall Manager to provision FortiGate CNF instances and push security policies, and Fortinet customers to use FortiManager to define and push security policies for FortiGate CNF in their AWS environments
    Flexible Consumption
    Offers the flexibility to consume the service on-demand for transient and unpredictable workloads, or through annual contracts for cost control when workloads are more predictable
    Cloud Asset Monitoring
    Continually monitor public cloud infrastructure to provide visibility of resources and threats across your organization
    Vulnerability Identification
    Identify infrastructure in your AWS, Azure, and GCP environments subject to known vulnerabilities impacting security and compliance best practice standards
    Compliance Monitoring
    Monitor for compliance failures from development to the ongoing security of live services
    Anomaly Detection
    Detect access anomalies and over-privileged IAM roles
    Remediation Support
    Provide detailed remediation steps, and auto-remediation where appropriate, including AWS console deep links

    Security credentials

     Info
    Validated by AWS Marketplace
    FedRAMP
    GDPR
    HIPAA
    ISO/IEC 27001
    PCI DSS
    SOC 2 Type 2
    -
    -
    -
    -
    -
    No security profile
    No security profile

    Contract

     Info
    Standard contract
    No
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 AWS reviews
    |
    58 external reviews
    External reviews are sourced from G2  and are not included in the star rating for this product.
    Mohammed A.

    Prisma SDWAN

    Reviewed on Nov 17, 2024
    Review provided by G2
    What do you like best about the product?
    Easy to Use. Security policy enofrcment and app-ID
    What do you dislike about the product?
    We had one issue with detecting the public IPs of the Hub devices
    What problems is the product solving and how is that benefiting you?
    Brach to Branch connectivity. Removing legacy connections
    Manav J.

    Palo Alto My opinion

    Reviewed on Nov 17, 2024
    Review provided by G2
    What do you like best about the product?
    The best thing I like about Palo Alto Networks Cloud NGFW is deep packet inspection. The traditional packet filtering doesn't contain the feature of checking the body of packet for any malware whereas dpi chceks it with the header. There were cases where that helped us and save us from malware.
    What do you dislike about the product?
    Its expensive, with the document being not that user friendly for novice people. Customer support can be better, has complex configurtions for resources.
    What problems is the product solving and how is that benefiting you?
    The DPI has helped us significantly, earlier the attcaks on us bypassed our security and we weren't able to figure out the issue, but then we started using Palo Alto Networks Cloud NGFW DPI, it has caught several such malwares and helped hours of investigation.
    Zakareya F.

    Professional Network Security Engineers

    Reviewed on Nov 16, 2024
    Review provided by G2
    What do you like best about the product?
    PaloAlto Firewall has some if unique features that not existed in firewalls like fortigate and other vendors
    What do you dislike about the product?
    It's in the cloud so you have risk all ways, I prefer on premise Firewalls for financial business but for other businesses it would be great
    What problems is the product solving and how is that benefiting you?
    Actually there is some VPN applications only the Palo Alto firewall able to catch it in other hands the other vendors are not doing as Palo Alto
    Financial Services

    Reliable and Comprehensive Cloud Firewall Solution

    Reviewed on Nov 14, 2024
    Review provided by G2
    What do you like best about the product?
    I love how it integrates seamlessly with our cloud setup. There is no interruption during use. This always provides relief. Threat detection features are top notch. And the ability to filter traffic by application or URL gives us a lot of control. The management interface is easy to use. So we have to spend time looking for systems. I also greatly appreciate the logging. This makes identifying unusual problems or activity much easier. Overall, this is a reliable tool that helps keep the environment safe.
    What do you dislike about the product?
    Prices can be more flexible; It’s a bit more complicated, especially for smaller companies. Also, the initial process can be overwhelming for those who have never used Palo Alto products before. It took us a while to get used to the layout options. Certainly some new in-depth tutorials or walkthroughs would be useful for new users to get up to speed.
    What problems is the product solving and how is that benefiting you?
    Palo Alto Networks Cloud NGFW helps us solve some basic problems. Firstly, it provides robust protection against advanced threats such as malware, phishing attempts which is essential for the security of our cloud systems It simplifies traffic management by enabling us to deploy a complete application based security system , control users and content, reduce the risk of attacks, early detection of suspicious activity It also helps to respond to climbing This means less downtime and security issues there are few. And all of our security services This is a game changer in optimizing and improving our overall network performance.
    Financial Services

    Palo Alto's NGFWs can do anything but to understand it you have to forget everything you knew before

    Reviewed on Nov 13, 2024
    Review provided by G2
    What do you like best about the product?
    It can do anything, and even more.
    Defining ACLs with services as "application-default" is a unique and great feature.
    What do you dislike about the product?
    As someone who experienced Cisco's and Fortinet's NGFWs way before Palo Alto, i find it non-intuitive.
    Configuring functions by combining building blocks is a great designs, but the way these blocks have to be all pre-defined to be able to put together makes a newcomers job way harder than it should be.
    It would be much easier if the choice of creating new blocks on the fly while implementing a function would benefit administartors greatly.
    What problems is the product solving and how is that benefiting you?
    We need a secure device that is capable of terminating multiple IPSec S2S tunnels and several client ssl vpns, while providing next generation threat defense for the internal subnets.
    View all reviews