Sold by: Palo Alto NetworksÂ
Deployed on AWS
Free Trial
The VM-Series next-generation firewall allows developers and cloud security architects to embed inline threat and data theft prevention into their application development workflows. Native AWS services combined with VM-Series automation features allow you to create "touchless" deployments.
Overview
IMPORTANT: This listing will be restricted starting from 05/11. Please consider using https://aws.amazon.com/marketplace/pp/B083M7JPKBÂ instead.
The VM-Series next-generation firewall allows developers and cloud security architects to embed inline threat and data loss prevention into their application development workflows. Your applications and data are protected with whitelisting and segmentation policies that are dynamically updated based on AWS tags, allowing you to reduce the attack surface area and achieve compliance. Additionally, threat prevention policies can stop both known and unknown attacks.
Bundle 1 includes Threat Prevention (IDS/IPS) subscription and Premium Support. Panorama (available separately in Marketplace) allows the VM-Series to be managed centrally alongside our firewall appliances to maintain security policy that is consistent with on-premises environments.
Note: With PAN-OS 9.0.3.xfr and 9.1.0, VM-Series now supports DPDK on the C5 and M5 instances to efficiently process traffic and offer increased performance. If you are switching your VM-Series to C5/M5, we recommend you to migrate the configuration from the old instance to the new C5/M5 instance.
Highlights
- An AWS Network Competency and Security Competency approved solution that complements native AWS security with real-time threat and data theft prevention
- Dynamic and large scale deployments can be protected using AWS Auto Scaling/ELB integration and Transit VPC with AWS Transit Gateway
- Amazon GuardDuty and AWS Security Hub integration enables the VM-Series to automatically block potentially malicious activity.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux PAN-OS 8.1.25-h1
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 15 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
m5.xlarge Recommended | $0.87 |
m4.xlarge | $0.87 |
c5n.9xlarge | $0.87 |
m5.12xlarge | $0.87 |
m3.xlarge | $0.87 |
m5.24xlarge | $0.87 |
m5n.xlarge | $0.87 |
m3.2xlarge | $0.87 |
m5n.2xlarge | $0.87 |
m4.2xlarge | $0.87 |
Vendor refund policy
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
See documentation for detailed steps to set admin password before using the web interface of VM-Series. Once the instance is running, connect to it using a SSH client with the private key file used to launch the instance. For example: ssh -i <privatekey.pem> admin@<EIP or private IP of eth0> Then use the PAN-OS CLI commands "configure", "set mgt-config users admin password" and "commit" commands to set the password.
Support
Vendor support
Premium support is available as part of this offering once the VM-Series firewall has been deployed and configured. To help you get started, how-to videos, deployment guides, reference architectures and discussion forums are available on our VM-Series on AWS resource page. The resource page will also allow you to register your firewall and contact support 24/7 in the event that you encounter critical or complex issues once the deployment has completed. http://live.paloaltonetworks.com/awsÂ
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Palo Alto Networks
By Forcepoint
By Check Point Software Technologies
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Network Traffic Inspection
Advanced intrusion detection and prevention system with inline threat prevention capabilities
Cloud Security Automation
Dynamic policy updates based on AWS tags for adaptive security segmentation
Performance Optimization
DPDK support on C5 and M5 instances for efficient traffic processing and increased network performance
Threat Prevention
Capability to stop both known and unknown attacks through advanced security policies
Cloud Platform Integration
Native integration with AWS services including Auto Scaling, ELB, Transit VPC, Amazon GuardDuty, and AWS Security Hub
Network Virtualization
Secure virtual private network (VPN) gateway for connecting remote sites and branch offices
Advanced Threat Protection
Dynamic security controls with application layer exfiltration security and advanced evasion techniques (AETs) identification
Intrusion Prevention
Integrated advanced Intrusion Prevention System (IPS) with capability to stop Advanced Evasion Techniques
Security Policy Management
Centralized policy configuration with global update capabilities across network infrastructure
Malware Detection
Sandboxing technology for identifying zero-day attacks and advanced malware
Network Traffic Inspection
Inspects traffic entering and exiting private subnets in VPC ("North-South") and between VPCs ("East-West")
Advanced Threat Prevention
Provides multi-layered security capabilities including firewall, IPS, threat emulation, and threat extraction with advanced catch rates
Cloud Infrastructure Integration
Supports infrastructure-as-code tools like Terraform and Ansible, dynamically adapts security policies based on cloud metadata
Security Protocol Coverage
Comprehensive security features including Data Loss Prevention, application control, IPsec VPN, URL filtering, antivirus, and anti-Bot protection
Cloud Service Compatibility
Integrates with AWS services including Gateway Load Balancer, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, and AWS Transit Gateway
Standard contract
No
No
No
Customer reviews
4.4
4 ratings
4 AWS reviews
|
175 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Electrical/Electronic Manufacturing
Reliable and feature-rich firewall solution for enterprise security needs.
Reviewed on Jul 01, 2025
Review provided by G2
What do you like best about the product?
One thing I really like is how intuitive the user interface is. The dashboard makes it easy to monitor traffic and set up policies without needing to dig through complex menus. The threat prevention and application control features are also top-notch, especially the App-ID feature that gives more granular control over traffic. The performance has been rock solid even during peak loads. Their integration with cloud-based threat intelligence helps a lot with zero-day attacks and emerging threats.
What do you dislike about the product?
The main downside is the learning curve in the beginning. If you’re new to Palo Alto, the terminology and rule management style are a bit different compared to other firewalls like Cisco or Fortinet. Also, licensing costs can add up quickly if you want all the advanced features like WildFire or Threat Prevention. Another small gripe is that some firmware upgrades have caused brief outages, so you need to plan maintenance windows carefully.
What problems is the product solving and how is that benefiting you?
Multiple security challenges - access, traffic monitoring, preventing malicious activity/programs. Also the provision of details when it comes to the specific user and apps and access records makes it easier to manage
Oscar F.
It has been defenitely great
Reviewed on Jun 24, 2025
Review provided by G2
What do you like best about the product?
The way that it can be used also how easy is to understand everything, truly a powerful tool to use in the CiberSecurity area, helps a lot when matter most
What do you dislike about the product?
I would not say that is dislike, however interface could be more user friendly, however it is still great for what it does and what it helps, keep it up
What problems is the product solving and how is that benefiting you?
One again I would not say that there is a problem at all, everything works as expected how is expected, so no problems, things that could improve however it’s great
Computer Software
Rock-solid perimeter security with unmatched application visibility
Reviewed on Jun 04, 2025
Review provided by G2
What do you like best about the product?
Palo Alto’s App-ID and Threat Prevention engines give us granular control over traffic we never had with our previous stateful firewall. We can write policies around business apps instead of IP/port combos, then verify exactly what was allowed/blocked in the detailed logs. WildFire zero-day analysis has already caught two pieces of unknown malware in the last quarter, and the cloud signatures hit our gateways within minutes. Centralized management in Panorama is another highlight one commit pushes our rules to three sites, so audit time dropped from hours to minutes.
What do you dislike about the product?
Licensing is pricey and can be confusing (Threat Prevention, WildFire, DNS Security, etc.). The web UI occasionally lags when committing large rule-set changes, and the learning curve for first-time admins is steep expect to spend time in the docs or take the EDU-210 course. Support is generally solid, but faster response requires the higher-tier contract.
What problems is the product solving and how is that benefiting you?
Before we moved to Palo Alto, we juggled a traditional port-based firewall, a separate IPS, and far too many manual rules. That setup left gaps: users could tunnel apps over random ports, malware sometimes slipped past signature updates, and every audit felt like a scavenger hunt through spreadsheets.
The PA NGFWs solved three big headaches at once:
1. App-based policy instead of IP/port juggling. With App-ID we now write 15 clean rules around business apps rather than dozens of port rules. Audits take minutes, not hours.
2. Built-in threat and zero-day protection. WildFire and DNS Security catch phishing callbacks and unknown executables before they land on endpoints. Since go-live we’ve seen a \~70 % drop in malware tickets and zero ransomware scares.
3. Unified visibility and management. Panorama pushes configs to HQ and branches in one commit, and the detailed logs make troubleshooting a two-minute task instead of a war-room event.
Bottom line: fewer security incidents, cleaner audits, and a lot more time for the team to focus on strategic projects instead of constant rule-tweaking.
The PA NGFWs solved three big headaches at once:
1. App-based policy instead of IP/port juggling. With App-ID we now write 15 clean rules around business apps rather than dozens of port rules. Audits take minutes, not hours.
2. Built-in threat and zero-day protection. WildFire and DNS Security catch phishing callbacks and unknown executables before they land on endpoints. Since go-live we’ve seen a \~70 % drop in malware tickets and zero ransomware scares.
3. Unified visibility and management. Panorama pushes configs to HQ and branches in one commit, and the detailed logs make troubleshooting a two-minute task instead of a war-room event.
Bottom line: fewer security incidents, cleaner audits, and a lot more time for the team to focus on strategic projects instead of constant rule-tweaking.
Akber S.
A Comprehensive and Reliable NGFW Solution We Trust
Reviewed on May 22, 2025
Review provided by G2
What do you like best about the product?
What I appreciate most about Palo Alto Networks Next-Generation Firewalls is their robust and granular control over network traffic. The ability to identify applications, users, and content (App-ID, User-ID, Content-ID) is unparalleled, allowing us to create highly specific security policies that go far beyond simple port and protocol blocking. The threat prevention capabilities, including WildFire for zero-day threat analysis, are top-notch and have significantly improved our security posture. I also find the centralized management interface (PAN-OS itself, and Panorama for larger deployments) relatively intuitive for such a powerful device, making administration and monitoring efficient. The visibility it provides into network activity is crucial for troubleshooting and incident response.
What do you dislike about the product?
The primary downside, for us and many others, is the cost. Palo Alto Networks firewalls are a premium product, and the initial investment plus ongoing subscription and support costs can be substantial, especially for smaller organizations. While powerful, the sheer number of features and configuration options can also present a steep learning curve for new administrators who aren't familiar with the PAN-OS ecosystem. We've also found that some advanced feature licensing can be a bit complex to navigate, and sometimes troubleshooting very specific or niche issues can require deep dives into documentation or support tickets, which, while generally helpful, can take time.
What problems is the product solving and how is that benefiting you?
Palo Alto Networks NGFWs are solving several critical security challenges for our organization. Firstly, they provide robust protection against a wide array of cyber threats, from common malware to sophisticated zero-day attacks, thanks to features like Threat Prevention subscriptions and WildFire. This significantly reduces our risk of breaches and data loss. Secondly, the App-ID feature gives us unparalleled visibility and control over the applications running on our network, allowing us to block unsanctioned or risky apps and enforce granular policies. This has helped us curb shadow IT and improve overall network performance. Thirdly, User-ID integration allows us to tie security policies to actual users and groups rather than just IP addresses, which is essential in our dynamic environment. This has simplified policy management and improved our security posture by ensuring appropriate access levels. The overall benefit is a much stronger, more intelligent security framework that adapts to evolving threats and business needs.
Banking
Palo alto Networks NGFW is the best firewall in performance.
Reviewed on May 21, 2025
Review provided by G2
What do you like best about the product?
What I love about PAN NGFW, it is resilent in performance and It enhances performance by processing traffic efficiently. Also It detect and blocks zero-day threat in real-time without affecting the firewall performance.
What do you dislike about the product?
Our customers complain about, It's very expensive and some of our customers mention that support is inconsistent, even for premium plans. Desipite those there is nothing to complain about.
What problems is the product solving and how is that benefiting you?
PAN NGFW is solving our customers in giving advanced security features like AI-driven threat prevention, deep visibility into encrypted traffic and automated security updates without affecting the performance of the firewall it self and the normal traffic flow.