New Features - Cloud NGFW for AWS - March 2025

Cloud NGFW for AWS now supports up to 300 endpoints per resource to address the scaling limitations that prevented organizations from protecting large, distributed AWS environments with a unified security policy. Organizations operating hundreds of VPCs or subnets previously faced constraints with lower endpoint limits, forcing them to create multiple Cloud NGFW resources with separate policies and increasing management complexity. With the expanded limit of 300 endpoints per Cloud NGFW resource, you can now protect significantly larger AWS footprints while maintaining centralized policy management and reducing operational overhead.

This increased capacity allows you to deploy Cloud NGFW endpoints across extensive multi-VPC architectures, hub-spoke topologies with numerous spokes, or highly distributed microservices environments without fragmenting your security infrastructure. You can maintain consistent security policies across all protected subnets while simplifying troubleshooting and compliance reporting through unified visibility. The higher endpoint limit reduces the number of Cloud NGFW resources you need to manage, lowering operational complexity and ensuring security policies remain synchronized across your entire AWS infrastructure.

For more information, see Cloud NGFW for AWS Limits and Quotas.

Cloud NGFW for AWS now supports policy management through Strata Cloud Manager to eliminate the complexity of maintaining security policies across heterogeneous firewall deployments. Organizations operating Cloud NGFW alongside AIOps for NGFW, Prisma Access, or other Palo Alto Networks security infrastructure previously managed policies through separate interfaces, creating inconsistencies and increasing the risk of policy drift. With Strata Cloud Manager integration, you can register your Cloud NGFW resources with an existing Strata Cloud Manager that you previously activated based on your AIOps for NGFW, Prisma Access, or Strata Cloud Manager Pro licenses, enabling unified policy management across your entire security infrastructure.

This centralized approach allows you to define security policies once and deploy them consistently across Cloud NGFW resources in AWS, physical NGFWs in data centers, VM-Series instances across clouds, and Prisma Access environments from a single control plane. You gain complete visibility into policy enforcement across all environments while maintaining granular control when specific resources require custom configurations. The unified management reduces operational complexity, minimizes configuration errors, and ensures that security policies remain current and effective as your infrastructure evolves.

For more information, see Strata Cloud Manager policy management.