Sold by: Palo Alto NetworksÂ
Deployed on AWS
Free Trial
Quick Launch
Fully managed, cloud-native firewall service with threat prevention, app control and advanced URL filtering that integrates with AWS Firewall Manager, CloudWatch and more.
Overview
Product Overview
Cloud Next-Generation Firewall (CNGFW) for AWS delivers best-in-class network security powered by artificial intelligence and machine learning, stopping zero-day exploits faster than traditional platforms. This fully managed turnkey cloud-native firewall service with 99.99% availability removes the complexity of managing firewall infrastructure in AWS. It lets you immediately turn on the next-generation firewall features and scale your security, ensuring seamless protection for your applications in the AWS environment.
Cloud NGFW extends your threat prevention capabilities across AWS environments and seamlessly integrates with key AWS services like AWS Firewall Manager, CloudWatch, Kinesis Firehose, and more. It provides real-time insights, automated security workflows, and granular traffic control for robust network protection. Recent enhancements include Strata Cloud Manager integration for centralized visibility and firewall-as-code enhancements.
Benefits
-
Effortless Deployment and Zero-Operational Burden: Palo Alto Networks Cloud NGFW takes care of the complex operational tasks, allowing for seamless firewall deployment and management in AWS. It streamlines processes such as certificate management, software upgrades, patch management and multi-dimensional scaling to ensure 99.99% availability. By eliminating the challenges of managing and scaling firewalls yourself, you can deploy robust cloud protection in just a few clicks, without worrying about infrastructure management.
-
Advanced Threat Prevention. Secure your AWS VPC traffic from zero-day attacks and unknown command-and-control traffic using Cloud-Delivered Security Services (CDSS) powered by Precision AI as well as Unit 42 Threat Research, enabling detection and mitigation 180x faster than traditional platforms.
-
Real-Time Threat Detection. Protect your applications with advanced AI and ML-powered threat prevention, leveraging intelligence derived from 70,000+ global customers to stop zero-day exploits, DNS threats, and web-based threats before they impact your network. This extensive threat intelligence network continuously learns and adapts, providing unparalleled protection that evolves with the latest attack vectors.
-
Granular Traffic Control. Gain visibility and precise control over your network traffic based on workloads, users, and applications with patented Layer 7 classification. Reduce attack surfaces and safeguard your AWS environment from malicious traffic.
-
Centralized Visibility. Simplify security operations with centralized management using Strata Cloud Manager or Panorama. Gain comprehensive visibility into applications, users, and threats for more efficient security management, faster threat resolution, and optimized policy creation.
-
Improved Metrics & Monitoring. Leverage AWS CloudWatch to monitor NGFW health, performance, and usage patterns in real-time, ensuring your security operations run at peak efficiency.
-
Firewall-as-Code Enhancements. Automate your firewall deployment, policy enforcement and account management workflows with the support of APls, CloudFormation and Terraform. Eliminate manual interventions and streamline your security operations.
-
Cloud NGFW is the Firewall-as-a-Service. Choose either AWS Firewall Manager or Palo Alto Networks Panorama for consistent policy management across multiple AWS accounts, enabling flexible control and seamless security across your cloud environments.
Activate your 30-Day free trial and create up to two next-generation firewall resources on your existing AWS VPCs, securing up to 100GB of traffic. After the free trial, you'll transition to a pay-as-you-go model, and you can check your subscription status on the Subscription Management page.
Highlights
- Deploy your next-generation firewall with one-click, automated provisioning that auto-scales to match your network traffic. Leverage Palo Alto Networks Panorama or Strata Cloud Manager for unified security management, ensuring you maintain control and visibility across your cloud infrastructure without the complexity of managing infrastructure.
- Integrate seamlessly with AWS-native services like CloudWatch, Kinesis Firehose, and AWS Firewall Manager, providing real-time insights, granular traffic control, and enhanced security capabilities. Backed by Palo Alto Networks Unit 42 Threat Research, the service delivers cutting-edge threat prevention and faster mitigation of zero-day exploits.
- Cloud NGFW supports automated onboarding of AWS environments and workflow automation through APIs, CloudFormation, and Terraform, enabling quick deployment and consistent operations. Gain comprehensive visibility and management across multiple AWS accounts with centralized security operations using Strata Cloud Manager or Panorama.
Details
Sold by
Categories
Delivery method
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Quick Launch
Leverage AWS CloudFormation templates to reduce the time and resources required to configure, deploy, and launch your software.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
Base NGFW - incl. 3 AZs (1unit=1 usage hour), addt'l AZ 0.33 unit/hr | $1.50 |
Traffic Secured - First 15 TB / month (1 unit = 1 GB) | $0.065 |
Traffic Secured - Next 15 TB / month (1 unit = 1 GB) | $0.045 |
Traffic Secured - Above 30 TB / month (1 unit = 1 GB) | $0.03 |
Add-Ons (1 unit = 1 Cloud NGFW Credit) (refer to page bit.ly/cngfwaws) | $0.012 |
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
"Premium support is now included with the product: https://www.paloaltonetworks.com/resources/datasheets/premium-support . To help you get started with your deployment such as how-to videos, deployment guides and reference architectures, please visit: https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW . For post-sales support, you can use the following options: 1) Open a case by following the steps here: https://www.paloaltonetworks.com/services/support/customer-support-plan . 2) Call us at 1 (866) 898-9087"
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Palo Alto Networks
By Forcepoint
By Check Point Software Technologies
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Threat Prevention
Advanced AI and machine learning-powered threat detection leveraging intelligence from global customer network to stop zero-day exploits and unknown command-and-control traffic
Network Traffic Classification
Patented Layer 7 classification for granular traffic control based on workloads, users, and applications with precise network traffic visibility
Cloud Service Integration
Native integration with AWS services including Firewall Manager, CloudWatch, Kinesis Firehose for comprehensive security management and monitoring
Infrastructure Automation
Support for infrastructure-as-code deployment using APIs, CloudFormation, and Terraform for automated firewall provisioning and policy enforcement
Security Intelligence
Cloud-delivered security services powered by Precision AI and Unit 42 Threat Research for real-time threat detection and mitigation
Network Virtualization
Secure virtual private network (VPN) gateway for connecting remote sites and branch offices
Advanced Threat Protection
Dynamic security controls with application layer exfiltration security and advanced evasion techniques (AETs) identification
Intrusion Prevention
Integrated advanced Intrusion Prevention System (IPS) with capability to stop Advanced Evasion Techniques
Security Policy Management
Centralized policy configuration with global update capabilities across network infrastructure
Malware Detection
Sandboxing technology for identifying zero-day attacks and advanced malware
Network Traffic Inspection
Inspects traffic entering and exiting private subnets in VPC ("North-South") and between VPCs ("East-West")
Advanced Threat Prevention
Provides multi-layered security capabilities including firewall, IPS, threat emulation, and threat extraction with advanced catch rates
Cloud Infrastructure Integration
Supports infrastructure-as-code tools like Terraform and Ansible, dynamically adapts security policies based on cloud metadata
Security Protocol Coverage
Comprehensive security features including Data Loss Prevention, application control, IPsec VPN, URL filtering, antivirus, and anti-Bot protection
Cloud Service Compatibility
Integrates with AWS services including Gateway Load Balancer, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, and AWS Transit Gateway
Standard contract
No
No
No
Customer reviews
4.2
3 ratings
3 AWS reviews
|
32 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Sanket Bhostekar
Experience with integrated visibility and ongoing support fulfills requirements effectively
Reviewed on Jul 31, 2025
Review provided by PeerSpot
What is our primary use case?
We have a Firewall as well as a Synapse solution, and we have EDR, XDR as well. The Palo Alto Networks VM-Series Firewall is what we are using.
What is most valuable?
From a Synapse perspective, they have better visibility, better CV detection, better exposure detection, and it is in a single tool, so we are happy with it.
The integration of Palo Alto Networks VM-Series within my existing network infrastructure and security tools is good; they are resilient, and we can integrate with anything easily.
What needs improvement?
There is one thing regarding Palo Alto Networks VM-Series that they need to look into, which is ISPM, Identity Security Posture Management, and other than that, I could see there are multiple things which they have already been doing well.
Technical support is good for Palo Alto Networks VM-Series, but sometimes for new feature requests, we are facing challenges. We are the conglomerate, so individual business has different requirements, which we are expecting some new requests for. Whenever any custom requirement exists in an existing tool, they are taking much time with the engineering team, which is the only thing I'm expecting them to improve. Other than that, this product is very good.
I think overall security is something they need to make into a single pane of glass to help the customer who is using only the single Palo Alto Networks vendor, so they will get end-to-end visibility in a single console.
For how long have I used the solution?
I have been using them for around three years.
What do I think about the scalability of the solution?
My experience with the scalability of Palo Alto Networks VM-Series is good; whenever we are facing any issues, they are helping, and it is a scalable environment.
How are customer service and support?
Technical support is good for Palo Alto Networks VM-Series, but sometimes for new feature requests, we are facing challenges.
How would you rate customer service and support?
Positive
What other advice do I have?
We are generally satisfied with Palo Alto Networks VM-Series.
I would rate Palo Alto Networks VM-Series technical support an eight out of ten.
I would recommend Palo Alto Networks VM-Series to others.
I am a customer of Palo Alto Networks.
Actually, we are trying to migrate to Cortex Cloud; currently, we are using Prisma, so we are in the phase to migrate to Cortex Cloud, but have not yet migrated, so I am not experienced with it and cannot give feedback about it.
We haven't used Prisma Access Browser .
Overall rating: 10/10
Oyvind Mattland
Enhance security with robust DNS and threat prevention features
Reviewed on Apr 30, 2025
Review provided by PeerSpot
What is our primary use case?
The use case varies. I use it as a gateway, and others use it for microsegmentation in the cloud. Additionally, some deploy it on-premises to protect specific environments. Most of the use cases are in cloud environments.
What is most valuable?
The most valuable features are the DNS security and threat prevention capabilities. The DNS security significantly enhances security through visibility and detection, allowing control over crucial traffic like DNS, which is often exploited by ransomware. Additionally, threat prevention and URL security are crucial licenses I recommend to customers, raising the security level substantially.
What needs improvement?
There are continuous developments with many new features coming every year. Although I receive feature requests from customers, I don't have any particular areas for improvement in mind right now.
For how long have I used the solution?
I have been working with Palo Alto Networks VM-Series for more than ten years.
What was my experience with deployment of the solution?
Setting up the VM-Series is usually very easy. The firewall can be deployed and set up within half an hour, though it depends on the complexity of the configuration.
What do I think about the stability of the solution?
In terms of stability, I would rate it eight out of ten. Perfection is unlikely as the dynamic nature of traffic and constant changes can result in occasional bugs despite regular updates. Perfection in stability remains challenging for any vendor.
What do I think about the scalability of the solution?
I rate the scalability of Palo Alto Networks VM-Series ten out of ten. It is easy to use with an excellent graphical user interface and extensive documentation, which contributes to its high scalability.
How are customer service and support?
I conduct most of the support myself and rate the overall support a nine out of ten. However, sometimes cases take longer to resolve, and there's always room for improvement, especially in terms of response time from higher support levels.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is straightforward and easy. The process involves registering and configuring the software, and with flex mode, it is easy to scale by purchasing additional credits for more CPU and RAM without needing new hardware.
What's my experience with pricing, setup cost, and licensing?
The pricing is more on the expensive side, but it is justified due to its functionality, reliability, and throughput, even with all features enabled. In comparison to FortiGate , Check Point, and Cisco, the performance does not degrade significantly. Although I rate the cost six out of ten, the features justify the higher expense.
What other advice do I have?
Overall, I rate Palo Alto Networks VM-Series an eight out of ten. While no product is perfect, I am satisfied with its performance and value.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Aravind Vellingiri
Enhance cybersecurity for large enterprises using advanced threat management
Reviewed on Apr 25, 2025
Review provided by PeerSpot
What is our primary use case?
Our primary use case involves working with TVS Group of companies in India, a large automobile manufacturer. We take care of their entire cybersecurity system. We implement Palo Alto Networks VM-Series firewalls along with third-party vendors and support them remotely for their day-to-day issues. We use these solutions to enhance cybersecurity and provide protection against various security threats.
What is most valuable?
The VM-Series firewalls are described as useful for security posture, offering next-generation features such as Unified Threat Management, app-centric capabilities, and threat intelligence. The firewalls use sandboxing and behavioral analysis to allow or quarantine new traffic. They help in identifying legitimate domains and instruct admins if approval is needed. This set of features is very helpful in daily tasks.
What needs improvement?
An improvement could be the integration of security intelligence with Palo Alto cloud via APIs. This would allow IOCs, domains, and hash values to be automatically entered, reducing manual entry. Integration with CSIRT across all use levels would make it easier for administrators to stay updated on the blocked entities without manual intervention.
For how long have I used the solution?
I have been working with Palo Alto Networks VM-Series firewalls for about four to five years.
What do I think about the stability of the solution?
Generally, the VM-Series firewalls are stable. I would rate the stability as eight out of ten.
What do I think about the scalability of the solution?
The solution is scalable and can easily handle an increase in the number of users.
How are customer service and support?
I have worked with Palo Alto technical support for over two years. They are responsive and provide high-quality assistance. Previously, I have raised tickets, and they were efficiently handled by the technical team. My experience has been positive overall.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup of the VM-Series firewalls is quite easy compared to traditional firewalls. It is manageable with fewer administrators required. On a scale of one to ten, I would rate the setup as nine for its ease of implementation.
What about the implementation team?
I am directly involved in the implementation of these firewalls. It typically takes around two to three hours to deploy the firewalls in a single environment.
What other advice do I have?
The solution is user-friendly and easy to manage within an environment. As a VM, it requires no physical space and can be managed with one or two admins. It's also 99.9% secure, according to cloud security standards. Overall, I give Palo Alto Networks VM-Series a rating of nine out of ten.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
RonnieYazdani
User-friendly CLI and efficient dashboard streamline operations with robust security features
Reviewed on Apr 17, 2025
Review provided by PeerSpot
What is our primary use case?
We usually recommend Palo Alto Networks VM-Series for BFSI companies.
What is most valuable?
I find Palo Alto Networks VM-Series easy to deploy, and none of my customers have had significant complaints. My customers have high certifications provided by Palo Alto Networks. The friendly dashboard and the ability to easily command and use the CLI make Palo Alto Networks VM-Series a better product. It offers robust solutions, making it valuable to my customers.
What needs improvement?
It may be beneficial if the firewall can monitor all internal elements like VMs pulling from HP servers. Consolidating these insights into a single dashboard would be advantageous.
For how long have I used the solution?
I have been familiar with Palo Alto Networks for four or five years.
What do I think about the stability of the solution?
The performance of VM instances has some limitations in terms of threshold and throughput compared to appliances.
What do I think about the scalability of the solution?
I would rate scalability as eight out of ten.
How are customer service and support?
Palo Alto Networks offers better technical support, maintaining SLA efficiently, and resolving issues promptly.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
In some cases, I have migrated from Cisco to Palo Alto Networks VM-Series smoothly.
What's my experience with pricing, setup cost, and licensing?
Pricing for Palo Alto Networks is higher than other OEMs, but considering the robustness and features, it gains customer trust. Technical configuration is a focus area due to its high commercial profile.
Which other solutions did I evaluate?
I consider Check Point alongside Palo Alto Networks, as well as Cisco for wireless solutions.
What other advice do I have?
When evaluating, consider the customer’s environment and pain points since both Check Point and Palo Alto Networks have their advantages. Overall, I rate Palo Alto Networks VM-Series eight out of ten.
Frank Nguyen
Secures remote work with advanced threat protection and efficient traffic management
Reviewed on Apr 03, 2025
Review from a verified AWS customer
What is our primary use case?
I am using Palo Alto Networks VM-Series because almost all my application infrastructure is hosted on AWS . AWS supports deploying Palo Alto Networks VM-Series in their marketplace, and Palo Alto is a leader in security in the firewall market. I also use the GlobalProtect VPN from Palo Alto Networks.
What is most valuable?
Palo Alto Networks VM-Series is very strong in security features like antivirus, anti-spyware, and machine learning capabilities that help scan for antivirus and anti-spam. This ensures high security for internal and external traffic. They frequently update antivirus patterns and application threats, which provides reliable protection. I also value GlobalProtect VPN for supporting remote users as most of my employees work remotely. Additionally, Palo Alto Networks helps me visualize and manage network traffic effectively, blocking risky files and enhancing network security.
What needs improvement?
Currently, I do not have specific suggestions for Palo Alto Networks VM-Series improvements. I am happy with the rich features provided. As I have only used it for four months, I might need more time to explore and suggest enhancements.
For how long have I used the solution?
I have been using Palo Alto Networks VM-Series since December 2020, around four months.
What was my experience with deployment of the solution?
Deploying Palo Alto Networks VM-Series was a bit challenging. I rate it a six out of ten for ease, as it required going through extensive documentation to set it up. Deployment took nearly a week to complete.
What do I think about the stability of the solution?
I rate the stability of Palo Alto Networks VM-Series as seven out of ten. I have not experienced any major problems or downtime, but I haven't yet explored all its features.
What do I think about the scalability of the solution?
Currently, I do not have a clear answer about the scalability of Palo Alto Networks VM-Series as I have not scaled it yet.
How are customer service and support?
I have not directly used Palo Alto's technical support as I rely on vendor support. The vendor provides me with documentation when needed.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Before using Palo Alto Networks VM-Series, I used a physical box on-premises. The switch was due to moving all infrastructure to AWS, necessitating a virtual solution.
How was the initial setup?
The initial setup of Palo Alto Networks VM-Series was somewhat challenging, requiring extensive documentation review. I rate it a six out of ten for ease.
What about the implementation team?
I handled almost 100% of the deployment myself. However, for specific features, I consulted the vendor engineer, who provided online documentation for guidance.
What's my experience with pricing, setup cost, and licensing?
I rate the pricing of Palo Alto Networks VM-Series as six or seven out of ten. The cost involves purchasing through a vendor, which might mark up due to the supply chain. I've had no complaints about Palo Alto's pricing.
Which other solutions did I evaluate?
I did not evaluate other options before choosing Palo Alto Networks VM-Series, as it is a leader in the market.
What other advice do I have?
Overall, I rate Palo Alto Networks VM-Series an eight out of ten. I am happy with its performance and rich features.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)