Cloud NGFW for AWS
What's New
Table of Contents
Expand All
|
Collapse All
Cloud NGFW for AWS Docs
What's New
Learn about the latest changes to Cloud NGFW for AWS.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Here’s what’s new in Cloud NGFW for AWS:
- What's New in October
- What's New in August 2024
- What's New in July 2024
- What's New in June 2024
- What's New in May 2024
- What's New in April 2024
- What's New in March 2024
- What's New in December 2023
- What's New in November 2023
- What's New in October 2023
- What's New in September 2023
- What's New in August 2023
- What’s New in July 2023
- What’s New in June 2023
- What’s New in May 2023
- What’s New in April 2023
- What’s New in March 2023
- What’s New in February 2023
- What’s New in January 2023
- What’s New in December 2022
- What’s New in November 2022
- What’s New in October 2022
- What’s New in September 2022
- What’s New in August 2022
- What’s New in July 2022
- What’s New in June 2022
- What’s New in May 2022
- What’s New in April 2022
- What’s New in March 2022
What's New in October 2024
Zone-based Policies |
Cloud NGFW for AWS allows you to classify your VPC traffic using
Private and Public zones to simplify policy enforcement. You can
also attach a Zone Protection profile to these private and
public zones. Additionally, you create zone mappings to
associate the security zones in your Panorama with Cloud NGFW’s
Private (internal) or Public (external) zone. For more
information, see Zone-based policies.Zone-based
policies.
|
Egress NAT |
Cloud NGFW for AWS adds support for Egress NAT (Network Address
Translation). Egress NAT enables Cloud NGFW to perform source
NAT on the traffic egressing out of the Cloud NGFW resource.
This eliminates the need for a separate NAT gateway in your VPC
for egressing traffic. For more information, see Egress
NAT.
|
What's New in August 2024
Credit Distribution and Management |
You can now use the Cloud NGFW credits to fund both Cloud NGFW
resources in AWS and Azure and all related CDSS services you
would like to use with it. Use the credits for Panorama, Strata
Cloud Manager or the Strata Logging Service. For more
information, see Cloud NGFW Credit
Distribution and Management.
|
What's New in July 2024
Cloud NGFW for AWS blogs, articles, etc. | Simplifying Network Security in the Public Cloud |
Cloud NGFW for AWS Videos | Advanced Threat Prevention with Cloud NGFW for AWS |
What's New in June 2024
Customer Support Portal Onboarding | Cloud NGFW for AWS now offers an integrated and intuitive experience to register your Cloud NGFW tenant with the Palo Alto Networks Customer Support Portal. For more information, see Register Your Cloud NGFW Tenant with a Palo Alto Networks Support Account. |
Automated Account Onboarding | Cloud NGFW for AWS allows you to onboard multiple application accounts using a Terraform module. With this functionality, you no longer need to onboard individual accounts manually. For more information, see Configure Automated Account Onboarding. |
Cloud NGFW for AWS Videos | Cloud NGFW for AWS: Integration With Strata Cloud Manager (SCM) |
What's New in May 2024
Cloud NGFW Policy Management using Strata Cloud Manager |
You can now register your Cloud NGFW resource with
Strata Cloud Manager (SCM) for policy management. With this
feature, you can now use a single Strata Cloud Manager (SaaS
instance) to manage a shared set of security rules centrally on
Cloud NGFW resources alongside your physical and virtual
firewall appliances. You can manage all aspects of shared policy
configuration, push these shared policies, and generate reports
on traffic patterns or security incidents of your Cloud NGFW
resources - all from a single console. For more information, see
Strata Cloud
Manager Policy Management.
|
CloudWatch Metrics | Cloud NGFW now publishes additional metrics in AWS CloudWatch to help you monitor your Cloud NGFW's health, performance and usage patterns. For more information, see CloudWatch metrics. |
Display Zone ID | Cloud NGFW for AWS enhances multi-VPC functionality by allowing you to specify availability zone names when creating the firewall resources. AWS maps the physical Availability Zone IDs randomly to the Availability Zone Names for each AWS account. Prior to this, you had to manually determine the Availability Zone Name to a particular Availability Zone ID in your AWS account(s) and then use that information when creating Cloud NGFW resources. With this enhancement, Cloud NGFW allows you to specify the Availability Zone ID when you create a new firewall resource. For more information, see Create a NGFW Resource on AWS. |
Subscription Improvements | Cloud NGFW for AWS improves the information displayed on the Subscription page by displaying the status of your credit subscription. This page now indicates if your subscription is expired, active, or inactive. |
Additional AWS Region Support |
Cloud NGFW for AWS is now available in the following AWS
region:
See Supported Regions and
Zones for the complete list of supported regions.
|
Cloud NGFW for AWS blogs, articles, etc. | The Developer’s guide to Cloud NGFW for AWS Part 3 (CLI) |
Cloud NGFW for AWS Videos | Multi Panorama Support for Cloud NGFW for AWS |
What's New in April 2024
Cloud NGFW for AWS blogs, articles, etc. | The Developer’s guide to Cloud NGFW for AWS Part 2 (CloudFormation) |
Cloud NGFW for AWS Videos | Advanced Threat Prevention with Cloud NGFW for AWS |
What's New in March 2024
Advanced Threat Prevention | Cloud NGFW for AWS now uses Advanced Threat Prevention to block unknown command and control traffic and zero-day injection attacks. For more information, see Advanced Threat Prevention. |
Single-Sign-On (SSO) and Multi-Factor Authentication (MFA) Improvements | Cloud NGFW console access is integrated with Single-Sign-On (SSO) and Multi-Factor-Authentication (MFA) to offer convenience with security. You can also now use the same email address to register with multiple Cloud NGFW tenants. Cloud NGFW login page now allows you to select one of many Cloud NGFW accounts/tenants you use. For more information, see Subscribe to Cloud NGFW for AWS and Invite Users to Cloud NGFW for AWS. |
AWS Marketplace SaaS Quick Launch Support | Cloud NGFW is now integrated with AWS Marketplace SaaS Quick Launch to make the AWS Marketplace subscription easy, fast, and secure by offering step-by-step instructions using a preconfigured AWS CloudFormation template. For more information, see Subscribe to Cloud NGFW for AWS. |
AWS CloudFormation Registry Improvements | Cloud NGFW Cloud Formation Registry is now updated with the latest features in firewall and rulestack resources, and built-in retrieval of programmatic access tokens. For more information, see Provision Cloud NGFW Resources to your AWS CFT. |
Enterprise Data Loss Prevention |
Enterprise Data Loss Prevention (E-DLP) allows you to protect
sensitive information against unauthorized access, misuse,
extraction, or sharing. You can now integrate E-DLP with Cloud
NGFW for AWS and use the Panorama interface to add data
filtering profiles to your Security Policy rules. For more
information, see E-DLP
Integration with CNGFW for AWS.
|
Tag based policies Improvements |
You can now populate IP tags from two different regions to your
cloud device groups. Harvest your tags from one AWS region, and
then enforce security policies on your firewall in the other
region. For more information, see Tag Based
Policies.
|
Cloud NGFW Rule Usage Metrics |
You can now use the Panorama console to track and monitor rule
usage for operations and troubleshooting tasks, including the
Rule Hit count, and Applications seen on the Cloud NGFW
resources. For more information, see Cloud NGFW for AWS Rule
Usage.
To use this
feature, you must upgrade to AWS Plugin version
5.2.0. |
Cloud NGFW Integration with AWS Cloud WAN |
Using AWS Cloud WAN, you can now build a unified
network that interconnects cloud and on-premises environments
and allows you to route traffic between:
For more information, see Cloud NGFW
Integration with AWS Cloud WAN.
|
Cloud NGFW for AWS Videos | Cloud NGFW Integration with AWS Cloud WAN |
What's New in December 2023
Cloud NGFW for AWS Blogs, Articles, etc. | Cloud NGFW for AWS Pricing Estimator Guidelines |
What's New in November 2023
What's New in October 2023
Cloud NGFW for AWS Blogs, Articles, etc. | Cloud NGFW for AWS Deployment Architectures |
What's New in September 2023
Cloud NGFW for AWS Blogs, Articles, etc. | Cloud NGFW for AWS Integrates with Panorama |
What's New in August 2023
Multiple Panoramas for Cloud NGFW tenant | You can now link multiple Panorama appliances along with their Strata Logging Service instance to your Cloud NGFW tenant. You can then associate a tenant's NGFW resource with one of these links for policy and log management. For more information, see Use Multiple Panoramas with your Cloud NGFW Tenant. |
Premium Support added to Cloud NGFW for AWS | Premium support is now included with Cloud NGFW for AWS at no additional charge. Palo Alto Networks Premium Support enhances in-house resources with technical experts available to support your Palo Alto Networks security infrastructure. This support level provides access to Security Assurance to assist when security incidents require access to security experts. For more information, see Premium Support. |
Dynamic Strata Logging Service Sizing for Cloud NGFW for AWS | You can now use Strata Logging Service to perform Explore/Log Viewer queries to view logs generated by a specific Cloud NGFW for AWS resource. Strata Logging Service also displays key metrics for your Cloud NGFWs in a dedicated Cloud NGFW for Strata Logging Service Inventory Page to better monitor ingestion rate, storage usage, and connection status. When used with Cloud NGFW for AWS, Strata Logging Service now automatically scales along with the Cloud NGFW for AWS resources. As traffic throughput increases on these Cloud NGFW resources, so does your available Strata Logging Service storage so that you don't need to worry about making manual adjustments to storage to save your log data. |
Usage Explorer (Preview) | This release introduces the Usage Explorer in the Cloud NGFW for AWS console. The Usage Explorer dashboard allows you to view Cloud NGFW consumption and how it correlates with credits associated with the tenant. For more information, see Cloud NGFW for AWS Usage Explorer. |
Pricing and Billing Changes | Cloud NGFW for AWS changes the pricing model to provide more flexibility for aggregate Cloud NGFW tenant usage based on the deployment hours of all NGFWs, how much traffic they secured, and how many security features they use every hour. See the Pricing page for more information. |
What’s New in July 2023
Filter Cloud NGFW Logs and Activity in Panorama | In the Panorama Monitor tab you can now filter to view the log of an individual Cloud Device Group, or display logs and activity for all Cloud Device Groups. See View Cloud NGFW Logs and Activity for more detailed information. |
Tag Based Policies | As you deploy or terminate AWS assets (such as EC2 instances) in the AWS public cloud, you can automatically update security policy on your Palo Alto Networks Cloud NGFW resources so that you can secure traffic to these AWS assets. See tag based policies for more information. |
WildFire |
Cloud NGFW can now protect your VPC traffic against
file based threats by detecting and forwarding
files, executables, and malicious scripts (such as
JScript and PowerShell) in your VPC traffic to the WildFire™
(WF) cloud service for malware analysis.
|
What’s New in June 2023
Unlinking support for Panorama integration | You can now unlink the Panorama appliance from a Cloud NGFW resource automatically without opening a support ticket. See Unlink the Cloud NGFW from Palo Alto Networks Management for more information. |
Cloud NGFW for AWS video | How to Delete a Cloud NGFW resource |
What’s New in May 2023
Panorama Support | You can now integrate a Cloud NGFW for AWS tenant with Palo Alto
Networks appliance to manage a shared set of security rules
centrally on Cloud NGFW resources alongside your physical and
virtual firewall appliances. See Panorama
Integration for more information. |
Cloud NGFW for AWS video | Cloud NGFW for AWS Integration with Panorama |
What’s New in April 2023
Additional AWS Region Support |
Cloud NGFW for AWS is now available in the following AWS
regions.
See Supported Regions and
Zones for the complete list of supported regions.
|
What’s New in March 2023
Tenant Reader Role
|
As a Cloud NGFW TenantAdministrator you can now invite other
users in the TenantReader role. A user with this role can view
and describe all aspects of the Cloud NGFW tenant such as
|
Cloud NGFW for AWS video |
What’s New in February 2023
Additional AWS Region Support
|
Cloud NGFW for AWS is now available in the following AWS
regions.
See Supported Regions and
Zones for the complete list of supported regions.
|
Cloud NGFW for AWS video
|
What’s New in January 2023
Additional AWS Region Support
|
Cloud NGFW for AWS is now available in the following AWS
regions.
See Supported Regions and
Zones for the complete list of supported regions.
|
What’s New in December 2022
Multi-VPC Cloud NGFW Resource
| You can share the same Cloud NGFW
resource across multiple virtual private clouds (VPCs) in the
onboarded AWS accounts of your tenants. You can create endpoints
for an NGFW resource in different VPCs and route traffic to the
NGFW resource for inspection. Please visit the documentation page and a
detailed blog to learn more about
this feature. |
Cloud NGFW for AWS Blogs, Articles, etc.
| |
Cloud NGFW for AWS video
|
What’s New in November 2022
Multiple AWS Accounts in Cloud NGFW Tenant
|
You can onboard multiple AWS accounts onto the same Cloud NGFW
tenant and create Cloud NGFW resources in these accounts. See
Add Multiple AWS
Accounts for more information.
|
Cloud NGFW for AWS Blogs, Articles, etc.
|
Cloud NGFW for AWS -
FAQ (Updated)
|
Cloud NGFW for AWS video
|
What’s New in October 2022
Cloud NGFW for AWS Blogs, Articles, etc.
| |
Cloud NGFW for AWS video
|
What’s New in September 2022
Cloud NGFW for AWS Videos
|
What’s New in August 2022
Simplified Cloud NGFW subscription and account onboarding
|
You can subscribe to Cloud NGFW for AWS and onboard your AWS
accounts in a few clicks with minimal context switches between
the AWS Marketplace & Cloud NGFW console.
Please visit the documentation page and
AWS videos to learn
more about this feature.
|
Cloud NGFW for AWS Blogs, Articles, etc
| |
Cloud NGFW for AWS video
|
What’s New in July 2022
Cloud NGFW for AWS Credits
|
You can now move to a one-year, two-years or three-years contract
by subscribing to the Palo Alto Networks Cloud NGFW for AWS
Credits SaaS contracts listing for a specified number of
credits. This subscription associates Cloud NGFW for
AWS credits with your existing Cloud NGFW Tenant.
Cloud NGFW for AWS credits allow you to consume Cloud NGFW
resources in your tenant at a lower cost up to a specific
capacity until your contract expires while retaining the ability
to expand your Cloud NGFW consumption anytime.
|
Inbound Decryption
|
You can now use Cloud NGFW for AWS to decrypt, inspect, and
protect inbound SSL/TLS sessions of your VPC Ingress
traffic.
See Setup Ingress
Decryption for more information.
|
Additional AWS Region Support
|
Cloud NGFW for AWS is now available in the following AWS
regions.
See Supported Regions and
Zones for the complete list of supported regions.
|
What’s New in June 2022
Audit Logs in Cloud NGFW
|
You can now view Cloud NGFW audit logs in your Cloudwatch
account. Please visit the documentation to learn
more about this feature.
|
XFF Support in Cloud NGFW Policy |
You can now enable Cloud NGFW resources to use the Source IP
address in X-Forwarded-For (XFF) HTTP header field to enforce
the policy. See the documentation to learn
more.
|
Additional AWS Region Support
|
Cloud NGFW for AWS is now available in the following AWS
regions.
See Supported Regions and
Zones for the complete list of supported regions.
|
Cloud NGFW for AWS Blogs, Articles, etc. | What’s Next with Cloud NGFW - Live Q&A |
Cloud NGFW for AWS video
|
What’s New in May 2022
Terraform Support for Cloud NGFW for AWS
|
With the new cloudngfwaws provider,
you can automate the process of building your security
infrastructure and maintaining the network security posture of
your AWS VPCs using Cloud NGFW rulestacks.
See Terraform Support
for Cloud NGFW for AWS and the detailed blog to learn more
about the Terraform provider.
|
Additional AWS Region Support
|
Cloud NGFW for AWS is now available in the following AWS
regions.
See Supported Regions and
Zones for the complete list of supported regions.
|
CloudFormation Support for Cloud NGFW for AWS
|
We have published CloudFormation resource types as public
extension in the AWS CloudFormation
registry.
You can now add these Cloud NGFW resources directly to your Cloud
Formation templates in the same manner you use AWS-provided
resources. These resource types enable you to deploy and manage
Cloud NGFW components using Infrastructure as Code (IaC)
workflows.
See Cloud Formation
Registry to learn more about the AWS CloudFormation
support for Cloud NGFW.
|
Cloud NGFW for AWS Blogs, Articles, etc.
|
|
What’s New in April 2022
Introducing Cloud NGFW for AWS Free Trial
|
You can now try and buy Cloud NGFW for AWS directly from the AWS
Marketplace. The Free Trial allows you to use two NGFW resources
with full features to secure 100 GB of traffic for seven days at
no cost.
Get started today! To get hands-on experience with the Cloud
NGFW, subscribe via the AWS Marketplace. To
learn more about the Cloud NGFW free trial, see Cloud NGFW for AWS free
trial.
|
Additional AWS Region Support
|
Cloud NGFW for AWS is now available in the us-west-2 (Oregon) AWS
region.
See Supported Regions and
Zones for the complete list of supported regions.
|
Cloud NGFW for AWS Programmatic Access
|
You can now programmatically create and manage Cloud NGFW
resources using the REST APIs. You can use the IAM role in your
AWS account to access the Cloud NGFW APIs, then configure which
IAM resources can assume this role.
To learn more about the Cloud NGFW for AWS Programmatic Access,
see Enable Programmatic Access
and the Cloud NGFW for AWS REST API
Guide.
|
Cloud NGFW for AWS Blogs, Articles, etc.
| |
Cloud NGFW for AWS videos
| Cloud NGFW for AWS Launch Event (On-Demand) |
What’s New in March 2022
Introducing Cloud NGFW for AWS
|
Cloud NGFW for AWS is a fully managed service on the AWS
platform, powered by Palo Alto Networks software firewalls. With
Cloud NGFW for AWS, you now have an NGFW deployment experience
that handles the delivery of the Palo Alto Next-Generation
Firewall capabilities and infrastructure in one motion.
Cloud NGFW for AWS is a regional service. Currently, it is
available in US East (N. Virginia) and US West (California)
regions.
See the Cloud NGFW for the AWS announcement on the
Palo Alto Networks blog and the technical blog on the
Live community page for more information.
Please subscribe via the AWS Marketplace page to get hands-on
experience with this service. To learn more about Cloud NGFW,
its features, and its pricing, visit the technical
documentation, video playlist, and
FAQ pages.
|
AWS Firewall Manager Supports the Cloud NGFW |
You can use AWS Firewall Manager to orchestrate the deployment of
Palo Alto Networks Cloud NGFWs and get centralized visibility.
AWS Firewall Manager automatically and consistently adds Palo
Alto Networks Cloud NGFWs to new accounts and VPCs with no
manual intervention. This integration reduces any operational
heavy-lifting required to monitor new accounts, adds firewall
protections, and offers visibility into non-compliant
configurations across accounts in your organization.
See the AWS Firewall Manager
announcement, the AWS Firewall Manager
documentation page, and Jeff Barr’s blog on
integration.
|
Cloud NGFW for AWS Videos
|
|