Sign in
Sign in
or
Create a new account
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help
Skip to main content

AWS Marketplace

Next generation firewalls solutions in AWS Marketplace

Enhance network security through stateful, application aware, deep-packet inspection and intrusion prevention and detection using third-party software.

Purpose-built solutions

Quickly procure and deploy purpose-built solutions

A layered defense is crucial when implementing a network security strategy. A next generation firewall (NGFW) allows you to add a layer of network-centric capabilities to enhance the security of your cloud environment. NGFWs offer multiple security tools in a single solution that is easy to manage and deploy, adding simplicity, visibility, and operational efficiency to your network security architecture.

A NGFW isn’t just a “revamped” firewall. It’s optimized for the scale and scope of cloud operations that your enterprise needs. Although all NGFW offerings serve the same broader purpose, there isn’t a one-size-fits-all solution. We'll explore some crucial questions that your team can use to clearly define your security priorities, accelerate your search, and streamline your NGFW deployment.

What is a Next Generation Firewall (and why does it matter)?

In this on-demand webinar, security experts break down the myths and realities of NGFWs.

Watch now

NGFW solutions

Need assistance choosing the right NGFW solution for your organization's unique cloud security needs and use cases? Our experts are here to help.
Get in touch

Discover the benefits of implementing a more sophisticated approach to security

Elevate Your Network Defense with Advanced Threat Protection and Intelligent Traffic Management

Many organizations are required to comply with various regulations and standards (such as ISO/IEC 27001 or PCI-DSS). An NGFW can be an integral component of your overall security approach, helping to satisfy compliance requirements by providing features such as historical event tracking, logging, and monitoring.
An NGFW often comes equipped with intrusion detection systems (IDS) and intrusion prevention systems (IPS), application awareness, and sandboxing capabilities that can assist in handling advanced threats, including malware, phishing, and zero-day exploits.
Not only does an NGFW observe “typical” ports and protocols, it also provides more intensive protocol examination, application awareness, and deep packet inspection.
Most NGFW solutions come equipped with centralized management capabilities, which means you can deploy multiple firewalls but manage and configure them from a single location. This helps stretched teams maintain a robust network security presence. Security teams can focus on priority tasks with simplified management.
An NGFW in the cloud provides all the above capabilities, with the added benefit of being implemented within your cloud stack. It isn’t just cloud-deployed—it’s also cloud visible. Whether you’re running serverless functions or a complex network of storage and virtual machines, an NGFW can quickly be implemented in critical observation locations, providing robust network security with less downtime.

Traditional vs. Next Generation Firewall: What’s the difference?

Feature
Next generation firewall
Traditional firewall
Recognizes network protocols
Filters traffic based on IP address and port
Supports routing protocols
Incorporates signature- and behavior-based analytics to identify malicious traffic

   
Offers protection at various stack levels and with multiple capabilities

   
Is application-aware

   
Provides improved visibility

   
Helps streamline regulatory compliance

    
Potentially reduces security expenses

   
Enhances business continuity

    

Considerations when choosing a NGFW

A direct path to NGFW implementation requires knowing where your business currently stands and where it wants to go, then applying those parameters to the current range of available solutions—to find the best fit for your organization’s infrastructure and security goals. Review these considerations to get started:

Technical capabilities are a great gatekeeper for deciding on the right firewall for your organization, as these requirements will directly inform your selection of a firewall vendor.

Start by answering a few key technical questions to establish a foundation for your NGFW requirements:

  • Can our existing architecture accommodate an NGFW?
  • Do we have compliance requirements?
  • Do our applications have special requirements?
  • Do we need our firewall to be application-aware?
  • Do we want our firewall to manage a site-to-site virtual private network (VPN)?

This decision will refine your list of potential vendors and provide key information to your vendor.

Which of the following best describes your team?

The best placement for your NGFW in your cloud environment depends on many factors, including traffic patterns, bandwidth requirements and availability, and the cloud services you have chosen to use. The NGFW should be placed in a location that provides maximum coverage and protection with little to no impact on performance.

NGFW placement is largely dependent on your cloud network topology and security requirements. Rather than there being a single, correct placement, it’s more about asking “What works for my team?”

At your perimeter for Ingress and Egress

Firewalls in AWS

This is a traditional home of a firewall. Utilizing a common Ingress and Egress point allows you to fully inspect and control traffic both in and out of your network. This is also a popular architecture when your firewall is managed by a partner even if they aren’t in AWS. A partner firewall can be fully managed by the partner and control the traffic destined to your workloads in different accounts. Egress inspection is useful for detecting and preventing malicious traffic, being part of your Data Loss Prevention program, or simply providing control,visibility, and monitoring to the internet from your network.

Firewalls in AWS
Firewalls in AWS

In front of workloads and other gateways

Firewalls in AWS

Strategically positioning firewalls in your network in AWS is a common practice. These firewalls can add extra layers of protection by inspecting traffic as it enters your VPC but before it reaches your workload. This can be especially useful for meeting compliance requirements such as PCI and HIPAA, whether it’s for a group of virtual servers, a dedicated application, or a load-balancer. The firewall placed in front of it can terminate TLS, inspect traffic for malicious behavior,apply Intrusion Prevention, and forward it on to your workload helping you fulfill both security and compliance requirements.

In your network for east-west inspection

Firewalls in AWS

Take control of east-west traffic in your internal network including in AWS Transit Gateway. By placing firewalls in a dedicated Inspection VPC attached to your Transit Gateway, you can inspect some or all of the traffic between VPCs that are also attached to the Transit Gateway. Inter-VPC communications can now be enforced by your security team through your firewall policy. Traffic can be inspected for malicious behavior or logged for forensic analysis. A firewall that supports TLS termination can be leveraged to get deeper layer-7 visibility.

Firewalls in AWS

If you’re unsure of the ideal placement of your NGFW, this will be an important discussion to have with your potential vendor.

Budget considerations are complex and can require long evaluations to ensure you’ve covered every aspect of the project. They might also influence whether you reconsider a firewall option that includes all the technical requirements on your initial wish list. 

In addition to licensing costs, consider the following:

  • Do we have any blind spots in our cost estimate for implementing the solution?
  • Will we need to pay for staff training?
  • How much input will we need from a consultant, and at what cost?
  • Will there be data-processing costs involved for the traffic we’ll need to inspect?
  • Will other cloud services be required for your implementation, and will they have associated data-processing costs?
Geoff Sweet
Senior Security Solutions Architect,AWS

Specific timeline considerations include:

  • Although it may be a relatively short turnaround to turn on new firewalls, can the same be said for the architectural work required to begin routing traffic through them?
  • Will there be a lot of testing and work needed to put our NGFW in line with our traffic?
  • If the changeover requires an outage, will we need to review and adhere to our downtime policies?
  • Will our staff need training to get the expertise to operate, maintain, and report on our NGFW?

Once you’ve estimated these time requirements, consider framing them against the earlier decision over your preferred deployment style. With a clearer idea of the timeline, you can look back to reassess whether this conflicts with what your internal teams can realistically manage. 

If your internal teams can fully execute and manage an NGFW implementation, how much bandwidth will that leave them to maintain regular business operations? Or, if your teams require additional training to manage deployment and maintenance, will that investment be more beneficial than passing those tasks along to a third party? These answers may shift your thinking about your preferred deployment style.

Developing a forecast of your expected time-spend ahead of deployment can help to clarify expectations, and save you that time—and more—in the long run.

SANS Digital Forensicsand Incident Response Instructor

Now that you know where you’re headed, choose the solution that will take you there

Popular NGFW solutions

Discover more NGFW solutions

AWS Network Firewall

Missing alt text value By AWS Learn more

CloudGuard Network Security

Missing alt text value By Check Point Software Technologies Learn more

Fortinet FortiGate Next-Generation Firewall

Missing alt text value By Fortinet Inc. Learn more

VM-Series Next-Gen Virtual Firewall w/ Advanced Security Subs

Missing alt text value By Palo Alto Networks Learn more

Key benefits of using third-party solutions available in AWS Marketplace

Tap the largest provider community

Extend the benefits of AWS by using capabilities from familiar solution providers you already trust. These providers have proven success securing different stage of cloud adoption, from initial migration through ongoing day to day management.

Reduce risk without losing speed

Quickly procure and deploy solutions that find and address vulnerabilities, detect intrusions, and enable faster response to incidents while minimizing business disruptions.

Integrate easily with AWS

Count on security tools that are designed for AWS interoperability to follow security best practices.