Focus
Cloud NGFW for AWS

Cloud NGFW for AWS is Palo Alto Networks ML-powered Next-Generation Firewall (NGFW) capabilities delivered as a fully managed cloud-native service by Palo Alto Networks on the Amazon Web Services (AWS) platform. This deployment model combines the power of the Palo Alto NGFW with the ease of use. The Cloud NGFW service provides advanced application visibility and access control using Palo Alto Networks’ App-ID and URL filtering technologies. It provides threat prevention and detection through cloud-delivered security services and threat prevention signatures.

What's New

October 2024

Cloud NGFW for AWS allows you to classify your VPC traffic using Private and Public zones to simplify policy enforcement. You can also attach a Zone Protection profile to these private and public zones. Additionally, you create zone mappings to associate the security zones in your Panorama with Cloud NGFW’s Private (internal) or Public (external) zone. For more information, see Zone-based policies.

Cloud NGFW for AWS adds support for Egress NAT (Network Address Translation). Egress NAT enables Cloud NGFW to perform source NAT on the traffic egressing out of the Cloud NGFW resource. This eliminates the need for a separate NAT gateway in your VPC for egressing traffic. For more information, see Egress NAT.


August 2024 You can now use the Cloud NGFW credits to fund both Cloud NGFW resources in AWS and Azure and all related CDSS services you would like to use with it. Use the credits for Panorama, Strata Cloud Manager or the Strata Logging Service. For more information, see Cloud NGFW Credit Distribution and Management.

Introducing Cloud NGFW for AWS

Rethink network security for public cloud using Cloud NGFW for AWS.

Deploying Cloud NGFW

Part 1: Subscribing to Cloud NGFW

Deploying Cloud NGFW

Part 2: Define Security Policies