For networking consistency and ease of management of EC2 instances, Amazon offers the Virtual Private Cloud (VPC). A VPC is apportioned from the AWS public cloud, and is assigned a CIDR block from the private network space (RFC 1918). Within a VPC, you can carve public/private subnets for your needs and deploy the applications on EC2 instances within those subnets. To then enable access to the applications within the VPC, you can deploy the VM-Series firewall on an EC2 instance. The VM-Series firewall can then be configured to secure traffic to and from the EC2 instances within the VPC.
The VM-Series firewall is available in both the public AWS cloud and in AWS GovCloud. The VM-Series firewall in public AWS supports the Bring Your Own License (BYOL) model and the hourly Pay-As-You-Go (PAYG), the usage-based licensing model that you can avail from the AWS Marketplace. Because the AWS GovCloud does not have a Marketplace, the VM-Series firewall is available in the bring your own license (BYOL) option in AWS GovCloud; the usage-based (hourly or annual) options are not available in AWS GovCloud. For licensing details, see
VM-Series Firewall in Amazon Web Services (AWS) and Azure Licenses.