New Features - Cloud NGFW for AWS - August 2023

Cloud NGFW is available as a pay-as-you-go (PAYG) subscription in the AWS Marketplace. With this model, you pay only for what you use each month, with all charges consolidated on the invoice you receive from AWS. You can also enjoy AWS Marketplace benefits such as consolidated billing Amazon Web Services Enterprise Discount Program (EDP).

You pay an hourly rate for each Cloud NGFW resource and for the amount of traffic, billed by the gigabyte, processed by the NGFW resource. Additionally, you pay both the hourly resource usage and traffic processing fees when you configure security services add-ons. The traffic rate also depends on the aggregate traffic processed by all NGFWs in the tenant during the month (referred to as tiered traffic pricing). Cloud NGFW for AWS changes the pricing model to provide more flexibility for aggregate Cloud NGFW tenant usage, charging according to the deployment hours of all NGFWs, the amount of traffic they secure, and the number of security features they use every hour.

At this release, Cloud NGFW for AWS changes the pricing model to provide more flexibility for aggregate Cloud NGFW tenant usage based on the deployment hours of all NGFWs, how much traffic they secured, and how many security features they use every hour. See the Pricing page for more information.

See the Pricing page for more information.

When you integrate Cloud NGFW with the Strata Logging Service, you forward logs created by your Cloud NGFW resources and view them in Strata Logging Service. In the Strata Logging Service web interface, you can view the Traffic, threat, and decryption logs generated by your Cloud NGFW Resources.

You can now use Strata Logging Service to perform Explore/Log Viewer queries to view logs generated by a specific Cloud NGFW for AWS resource. Strata Logging Service also displays key metrics for your Cloud NGFWs in a dedicated Cloud NGFW for Strata Logging Service Inventory Page to better monitor ingestion rate, storage usage, and connection status. When used with Cloud NGFW for AWS, Strata Logging Service now automatically scales along with the Cloud NGFW for AWS resources. As traffic throughput increases on these Cloud NGFW resources, so does your available Strata Logging Service storage so that you don't need to worry about making manual adjustments to Strata Logging Service storage to save your log data.

For more information, see the page View Traffic and Threat Logs in Strata Logging Service.

You can use a Panorama appliance to manage a shared set of security rules centrally on Cloud NGFW resources alongside your physical and virtual firewall appliances. You can also manage all aspects of shared objects and profiles configuration, push these rules, and generate reports on traffic patterns or security incidents of your Cloud NGFW resources, all from a single Panorama console.

Panorama provides a single location for centralized policy and firewall management across hardware firewalls, virtual firewalls, and cloud firewalls, which increases operational efficiency in managing and maintaining a hybrid network of firewalls.

You can configure and manage your Cloud NGFW resource from multiple Panorama virtual appliances under a single Cloud NGFW tenant.

When using multiple Panorama virtual appliances with your Cloud NGFW resource:

• Panoramas that you use to link to your Cloud NGFW resource must use the same Customer Support Portal (CSP) account.

• You must disassociate Cloud Device Groups before switching from one Panorama to another.

• Any Panorama you want to link to your NGFW resource must be successfully linked. See Link the Cloud NGFW to Palo Alto Networks Management.

• If you're using multiple Panorama virtual appliances with the same Cloud NGFW tenant, ensure that each Panorama is linked with individual Strata Logging Service instances.

  Before you can link multiple Panorama virtual appliances to a Cloud NGFW tenant, you must integrate your Cloud NGFW resource with the Panorama® virtual appliance. You first prepare your Panorama appliance for this integration by installing the plugins. Then you need to use the Cloud NGFW console to link it with your Panorama appliance. Once you have successfully linked Cloud NGFW, use Panorama to manage security objects and rules and monitor logs and analytics.

For more information, see Associate a Linked Panorama to the Cloud NGFW Resource.

Premium support is now included with your Cloud NGFW for AWS subscription at no additional charge. The Palo Alto Networks Premium Support offering provides access to technical experts to support your Cloud NGFW for AWS deployment. Premium Support offers the right level of support for those organizations that wish to work directly with Palo Alto Networks to address their support needs 24x7x 365, and want to keep up-to-date with the latest upgrades and updates. In addition, this support model enhances your in-house resources by providing access to a wealth of educational materials, such as datasheets, whitepapers, critical threat reports, informative cybersecurity topics, and top research analyst reports. For more information, see Premium Support, or, visit the Customer Support Portal.

p

Tracking Cloud NGFW consumption against credits can be difficult across various subscription models. The Usage Explorer dashboard, introduced in this release in the Cloud NGFW for AWS console, solves this challenge. It provides a fast and convenient way to view Cloud NGFW consumption and determine how it correlates with credits associated with the tenant.

The dashboard provides a daily consumption view that includes insights on your average consumption and how it correlates with Cloud NGFW credits. This information is available for both Pay-as-You-Go (PAYG) and credit-based subscriptions (purchased using a contract).

Note: The Usage Explorer feature is currently available as a preview.

The Usage Explorer includes options for displaying consumption over a period of time and allows you to download a CSV file to capture relevant data for future inspection. This is especially helpful when you need to determine the time frame for CNGFW consumption, how a billing dimension is used for billing purposes (a dimension refers to an add-on, for example, Threat Prevention), how the resource is consumed by the tenant during the billing period (relevant to PAYG), and the total amount of consumed credits.

The Usage Explorer provides daily consumption history in a table. When using this feature, consider the following:

• When exporting information from the table, you can only filter on supported dimensions. The Add filter option does not currently work at this preview release.
• The information in the Usage Explorer display differs depending on the Cloud NGFW tenant subscription model, either as PAYG or as a contract.