Posted On: Mar 30, 2022

AWS Firewall Manager now enables you to centrally deploy and monitor Palo Alto Networks Cloud Next Generation Firewalls (NGFWs) across all AWS virtual private clouds (VPCs) in your AWS organization. With this release, customers will now have a single firewall management solution to deploy and manage both AWS native firewalls and Palo Alto Networks Cloud NGFWs.

You can use Firewall Manager to orchestrate the deployment of Palo Alto Networks Cloud NGFWs and get centralized visibility into non-compliant configurations across accounts in your organization. You can use Firewall Manager to handle the end-to-end set up of Palo Alto Networks Cloud NGFWs across accounts and VPCs. Firewall Manager ensures that Palo Alto Networks Cloud NGFWs are automatically and consistently added to new accounts and VPCs with no manual intervention, reducing any operational heavy-lifting required to monitor new accounts and add firewall protections. You can deploy Palo Alto Networks Cloud NGFWs in either a centralized or a distributed deployment model. Under a centralized deployment model, Firewall Manager will apply the Palo Alto Networks global rulestack configuration on firewall endpoints in an inspection VPC for centralized traffic inspection. Under a distributed deployment model, Firewall Manager will deploy firewall endpoints in all in-scope VPCs for local inspection.  

To start using this feature, you need to onboard to Firewall Manager and assign a security administrator account to centrally manage firewall deployment. Then subscribe to the Palo Alto Networks Cloud NGFW offering in the AWS Marketplace. Using the Firewall Manager console or API, you can configure a Firewall Manager security policy to specify the Palo Alto Networks Cloud NGFW rulestack, the AWS account(s), and the VPC(s) in which to provision your firewalls. Once configured, Firewall Manager will automatically provision Palo Alto Networks Cloud NGFWs and alert you of any changes to the firewall that are inconsistent with your intended security posture.

AWS Firewall Manager is a security management service that acts as a central place for you to configure and deploy firewall rules across accounts and resources in your organization. With Firewall Manager, you can deploy and monitor rules for AWS WAF, AWS Shield Advanced, VPC security groups, AWS Network Firewall, Amazon Route 53 Resolver DNS Firewall, and Palo Alto NGFW across your entire organization. Firewall Manager ensures that all firewall rules are consistently enforced, even as new accounts and resources are created.

To get started, see the AWS Firewall Manager documentation for more details and the AWS Region Table for the list of regions where AWS Firewall Manager is currently available. To learn more about AWS Firewall Manager, its features, and its pricing, visit the AWS Firewall Manager website.