Create an NGFW Resource on AWS
Table of Contents
Expand all | Collapse all
-
- About Cloud NGFW for AWS
- Getting Started from the AWS Marketplace
- Cloud NGFW for AWS Pricing
- Link Your PAYG Account with Cloud NGFW Credits
- Cloud NGFW for AWS Free Trial
- Cloud NGFW for AWS Limits and Quotas
- Subscribe to Cloud NGFW for AWS
- Locate Your Cloud NGFW for AWS Serial Number
- Cross-Account Role CFT Permissions for Cloud NGFW
- Invite Users to Cloud NGFW for AWS
- Manage Cloud NGFW for AWS Users
- Deploy Cloud NGFW for AWS with the AWS Firewall Manager
- Enable Programmatic Access
- Terraform Support for Cloud NGFW AWS
- Provision Cloud NGFW Resources to your AWS CFT
- Usage Explorer
- Create a Support Case
-
-
- Prepare for Panorama Integration
- Link the Cloud NGFW to Palo Alto Networks Management
- Unlink the Cloud NGFW from Palo Alto Networks Management
- Associate a Linked Panorama to the Cloud NGFW Resource
- Use Panorama for Cloud NGFW Policy Management
- View Cloud NGFW Logs and Activity in Panorama
- View Cloud NGFW Logs in Cortex Data Lake
- Tag Based Policies
- Enterprise Data Loss Prevention (E-DLP) Integration with Cloud NGFW for AWS
-
Create an NGFW Resource on AWS
Now that you have created rulestacks and rules,
you can create an NGFW resource and associate a local rulestack
with that NGFW. During the configuration of your NGFW, you must
choose how NGFW endpoints are created—automatically or manually.
If you chose to manually create NGFW endpoints, you must create NGFW enpoints in
the availability zones you specify.
Complete the following
steps to create an NGFW.
- SelectNGFWs.
- ClickAdd Firewall.
- Enter a descriptiveName.
- (Optional) Enter aDescription.
- Select anAWS Accountfrom the drop-down to associate with this NGFW.
- Select aVPCfrom the drop-down.
- In thePolicy Managementsection, select aLocal Rulestackfrom the drop-down.
- Specify AWS availability zones or subnets. You must specify whether or not the Cloud NGFW tenant will (service-managed mode) or will not (customer-managed mode) deploy NGFW endpoints.
- Yes(service-managed)—in service-managed mode, the Cloud NGFW tenant automatically creates NGFW endpoints in the VPC subnets you specify. Perform the endpoint management for service-managed mode through Cloud NGFW console only. The endpoint management for service-managed mode can only be done by associating or disassociating a subnet. Associating a subnet creates the endpoint and disassociating a subnet removes the endpoint.
- No(customer-managed)—in customer-managed mode, you must manually create NGFW endpoints in each availability zone you specify.
In theEndpoint Managementsection, you can enable your Cloud NGFW for securing traffic in multiple AWS availability zones. You pay for each AWS availability zone that your NGFW is provisioned to secure traffic. You can manage how the endpoints are created for your NGFW in these availability zones. You pay AWS for each VPC (gateway load balancer) endpoint that you create for your NGFW. - ClickCreate.