>
    Strata Copilot
    Deploy in Strata Cloud Manager console
    Focus
    Download PDF
    Focus
    1. Home
    2. Cloud NGFW for AWS
    3. Cloud NGFW for AWS Administration
    4. Deploy
    5. Deploy in Strata Cloud Manager console
    Download PDF
    Cloud NGFW for AWS

    Deploy in Strata Cloud Manager console

    Table of Contents

    Deploy in Strata Cloud Manager console

    Where Can I Use This?What Do I Need?
    • Cloud NGFW for AWS
    • Cloud NGFW subscription
    • Palo Alto Networks Customer Support Account (CSP)
    • AWS Marketplace account
    • User role (either tenant or administrator)
    You can use the Strata Cloud Manager console to deploy Cloud NGFW resources and configure policieswithout subscribing from the AWS marketplace or onboarding your accounts to establish cross-account IAM roles.

    Create a Cloud NGFW for AWS resource in SCM console

    You can create a Cloud NGFW for AWS resource in SCM console. For more information, see Step 2- Create a Cloud NGFW for AWS Resource.

    Direct Traffic to SCM deployed Cloud NGFW resource

    Following are the steps to direct your network traffic to SCM deployed Cloud NGFW resource:
    1. Allow List your AWS account(s) for endpoints. In SCM console go to the CNGFW Firewall page.
      1. Select Endpoint Management in the left navigation pane. Use this page to manage allowlist AWS accounts and add endpoints.
      2. Click Manage Allowlist AWS Accounts to allow your Cloud NGFW resource to use existing AWS accounts; accounts that are included in the allowlist are displayed.
      3. Use the Endpoints section of the page to view existing VPC endpoint service names. Click Add Endpoint to include another endpoint.
      Creating multiple endpoints on a single subnet is not supported. You need multiple subnets for a VPC to create multiple Cloud NGFW endpoints.
      You cannot delete endpoints using the service console when configured for customer managed mode. You will have to navigate to the Endpoints page in the AWS console to delete these endpoints.
    2. Create Cloud NGFW endpoints (also known as VPC endpoints) in AWS console.
      1. Log in to the AWS console.
      2. Select Services > Networking & Content Delivery > VPC.
      3. From the VPC Dashboard, select Endpoints > Create Endpoint.
      4. Select Find service by name that corresponds to the VPC Endpoint Service Name you noted above.
      5. Select the VPC you specified during firewall creation from the drop-down.
      6. Select the subnets where you want to create NGFW endpoints.
      7. Click Create endpoint.

    © 2025 Palo Alto Networks, Inc. All rights reserved.