The VM-Series next-generation firewall allows developers and cloud security architects to embed inline threat and data loss prevention into their application development workflows. Native AWS services combined with VM-Series automation features enable you to create "touchless" deployments and allows your developers to operate at the speed of the cloud. VM-Series protects your applications and data using whitelisting and segmentation policies that are dynamically updated based on AWS tags, allowing you to reduce the attack surface area and achieve compliance. Additionally, threat prevention policies can stop both known and unknown attacks.

Bundle 2 includes Threat Prevention (IDS/IPS), URL Filtering, WildFire, GlobalProtect, and DNS Security subscriptions and Premium Support. Panorama (available separately in Marketplace) allows the VM-Series to be managed centrally alongside our firewall appliances to maintain security policy that is consistent with on-premises environments. VM-Series now supports DPDK on the C5, C5n, M5, and M5n instances, running on the AWS Nitro System, to efficiently process traffic and offer increased performance. The AWS Instance type to VM-Series Models mapping is available at https://docs.paloaltonetworks.com/vm-series-on-aws-instances.
With PanOS 10.0.2 version, you can leverage the AWS Gateway Load Balancer (GWLB) to scale and load-balance traffic across the stack of VM-Series firewalls. You can then expose the GWLB with the stack of firewalls as a VPC endpoint service for traffic inspection and threat prevention.