>
    Getting Started from the AWS Marketplace
    Focus
    Download PDF
    Focus
    1. Home
    2. Cloud NGFW for AWS
    3. Getting Started from the AWS Marketplace
    Download PDF
    Cloud NGFW for AWS

    Getting Started from the AWS Marketplace

    Table of Contents

    Getting Started from the AWS Marketplace

    Getting started with Cloud NGFW from AWS Marketplace.
    Where Can I Use This?What Do I Need?
    • Cloud NGFW for AWS
    • Cloud NGFW subscription
    • Palo Alto Networks Customer Support Account (CSP)
    • AWS Marketplace account
    • User role (either tenant or administrator)
    You have a couple of ways to get started with Cloud NGFW from the AWS Marketplace. The critical decision criterion is whether or not you would like to use AWS Firewall Manager to work with Cloud NGFW.
    • Getting started from AWS members accounts—you can subscribe to the Palo Alto Networks Cloud NGFW for AWS Marketplace SaaS listing from your member AWS account. Each subscription results in the creation of a unique Cloud NGFW tenant.
      You can then add multiple other AWS accounts to the Cloud NGFW tenant, then create Cloud NGFW resources (also called NGFWs) and associate them with VPCs in their AWS accounts. Author security policy rules on these NGFWs and monitor the usage of the Cloud NGFW tenants to send metering records to the AWS Marketplace Metering Service. AWS uses this information to invoice the customer.
      Within your AWS account, you then add an NGFW endpoint (also referred to as a VPC endpoint) for this resource. You then add VPC route rules to route all traffic to the NGFW endpoint for inspection. AWS automatically redirects the traffic sent to the NGFW endpoint to the NGFW resource for inspection. Traffic sent to an NGFW endpoint is always returned to the same NGFW endpoint—the NGFW behaves as a “bump in the wire.”
      Once started with this method, you can't use the AWS Firewall Manager with this Cloud NGFW tenant.
    • Getting started from an AWS Firewall Manager administrator account—If you currently use the AWS Firewall Manager to manage security groups, or other network security features across your AWS organization, You can use the same AWS Firewall Manager to deploy NGFWs into multiple accounts and VPCs throughout an AWS organization.
      You initiate the AWS Marketplace subscription for the Cloud NGFW listing from the AWS organization's designated AWS Firewall Manager administrative account.
      You can then use the AWS Firewall Manager policy workflow to author a global rulestack and quickly deploy NGFWs across multiple AWS accounts in an AWS Organization. Under the hood, the Firewall Manager orchestrates all of the components. This includes invoking the Cloud NGFW APIs to create the NGFWs and invoking the AWS APIs to create the NGFW endpoints in the customer VPCs.
      Refer to the AWS Firewall Manager integration blog and video for more details on how AWS Firewall Manager integrates with Cloud NGFW for AWS.
      Once started with this method, you should always use an AWS Firewall Manager to add AWS accounts to the Cloud NGFW tenant.

    © 2024 Palo Alto Networks, Inc. All rights reserved.