Sold by: Palo Alto Networks
Deployed on AWS
Free Trial
The VM-Series next-generation firewall allows developers and cloud security architects to embed inline threat and data theft prevention into their application development workflows. Native AWS services combined with VM-Series automation features allow you to create "touchless" deployments.
Overview
IMPORTANT: This listing will be restricted starting from 05/11. Please consider using https://aws.amazon.com/marketplace/pp/B083M7JPKB instead.
The VM-Series next-generation firewall allows developers and cloud security architects to embed inline threat and data loss prevention into their application development workflows. Your applications and data are protected with whitelisting and segmentation policies that are dynamically updated based on AWS tags, allowing you to reduce the attack surface area and achieve compliance. Additionally, threat prevention policies can stop both known and unknown attacks.
Bundle 1 includes Threat Prevention (IDS/IPS) subscription, Advanced Threat Prevention Subscription and Premium Support. Panorama (available separately in Marketplace) allows the VM-Series to be managed centrally alongside our firewall appliances to maintain security policy that is consistent with on-premises environments.
Note: With PAN-OS 9.0.3.xfr and 9.1.0, VM-Series now supports DPDK on the C5 and M5 instances to efficiently process traffic and offer increased performance. If you are switching your VM-Series to C5/M5, we recommend you to migrate the configuration from the old instance to the new C5/M5 instance.
Highlights
- An AWS Network Competency and Security Competency approved solution that complements native AWS security with real-time threat and data theft prevention
- Dynamic and large scale deployments can be protected using AWS Auto Scaling/ELB integration and Transit VPC with AWS Transit Gateway
- Amazon GuardDuty and AWS Security Hub integration enables the VM-Series to automatically block potentially malicious activity.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux PAN-OS 8.1.25-h1
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 15 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
m5.xlarge Recommended | $0.87 |
m4.xlarge | $0.87 |
c5n.9xlarge | $0.87 |
m5.12xlarge | $0.87 |
m3.xlarge | $0.87 |
m5.24xlarge | $0.87 |
m5n.xlarge | $0.87 |
m3.2xlarge | $0.87 |
m5n.2xlarge | $0.87 |
m4.2xlarge | $0.87 |
Vendor refund policy
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
See documentation for detailed steps to set admin password before using the web interface of VM-Series. Once the instance is running, connect to it using a SSH client with the private key file used to launch the instance. For example: ssh -i <privatekey.pem> admin@<EIP or private IP of eth0> Then use the PAN-OS CLI commands "configure", "set mgt-config users admin password" and "commit" commands to set the password.
Support
Vendor support
Premium support is available as part of this offering once the VM-Series firewall has been deployed and configured. To help you get started, how-to videos, deployment guides, reference architectures and discussion forums are available on our VM-Series on AWS resource page. The resource page will also allow you to register your firewall and contact support 24/7 in the event that you encounter critical or complex issues once the deployment has completed. http://live.paloaltonetworks.com/aws
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Palo Alto Networks
By Forcepoint
By Check Point Software Technologies
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Network Traffic Inspection
Advanced intrusion detection and prevention system with inline threat prevention capabilities
Cloud Security Automation
Dynamic policy updates based on AWS tags for automated security segmentation
Threat Prevention Technology
Capability to stop both known and unknown attacks using advanced prevention mechanisms
Performance Optimization
DPDK support on C5 and M5 instances for efficient traffic processing and increased performance
Security Integration
Native integration with Amazon GuardDuty and AWS Security Hub for automated threat blocking
Network Virtualization
Secure virtual private network (VPN) gateway for connecting remote sites and branch offices
Advanced Threat Protection
Dynamic security controls with application layer exfiltration security and advanced evasion techniques (AETs) identification
Intrusion Prevention
Integrated advanced Intrusion Prevention System (IPS) with capability to stop Advanced Evasion Techniques
Security Policy Management
Centralized policy configuration with global update capabilities across network infrastructure
Malware Detection
Sandboxing technology for identifying zero-day attacks and advanced malware
Network Traffic Inspection
Inspects traffic entering and exiting private subnets in VPC ("North-South") and between VPCs ("East-West")
Advanced Threat Prevention
Provides multi-layered security capabilities including firewall, IPS, threat emulation, and threat extraction with advanced catch rates
Cloud Infrastructure Integration
Supports infrastructure-as-code tools like Terraform and Ansible, dynamically adapts security policies based on cloud metadata
Security Protocol Coverage
Comprehensive security features including Data Loss Prevention, application control, IPsec VPN, URL filtering, antivirus, and anti-Bot protection
Cloud Service Compatibility
Integrates with AWS services including Gateway Load Balancer, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, and AWS Transit Gateway
Standard contract
No
No
No
Customer reviews
4.4
13 ratings
13 AWS reviews
|
174 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
MuhammadNadeem
Has supported urgent deployments and enabled inline threat protection but pricing and features could be more flexible
Reviewed on Nov 06, 2025
Review provided by PeerSpot
What is our primary use case?
I am not working on a NAC solution. I am working on Palo Alto Networks VM-Series firewall, and I am mainly working with firewalls.
I am totally working with Palo Alto Networks VM-Series products. I am working with VMs, including 400 series, 1400 series, and 3400 series firewalls, which are next-generation firewalls and fourth-generation firewalls of Palo Alto Networks VM-Series.
I am also working with VMs for Palo Alto Networks VM-Series, and for POCs sometimes. Mostly, I provide solutions for some of our customers who need urgent solutions with Palo Alto Networks VM-Series. I provide them VMs and activate the licenses from Palo Alto as a partner. We are working as innovator partners with Palo Alto. Sometimes for POCs and for urgent solutions, if the customer or some organization needs it, we provide them Palo Alto Networks VM-Series and it works fine.
We are working with Dynamic Address Groups in Palo Alto Networks VM-Series. Mostly, we use them for securing our network and for blocking malicious traffic from specific sources around the globe. We block them through Dynamic Address Groups as a source and create another policy for that. We block any dynamic addresses coming with malicious traffic using specific policies. We use Dynamic Address Groups and after tagging those malicious IPs, when they come to our firewall from outside or from inside, including some of our local computers, if we detect something concerning such as bots or similar traffic, we block them using Dynamic Address Groups.
Advanced Threat Protection is working in Palo Alto Networks VM-Series. In Advanced Threat Protection, we use inline protection features, including anti-malware solutions and vulnerability protection. We mostly use Advanced Threat Protection because Palo Alto provides the core subscription and core security bundle, which is cheaper than the other bundle. We propose the same bundle to customers because it is cheaper and includes DNS security, SD-WAN, vulnerability protection, URL filtering, anti-spyware, and antivirus subscriptions bundled in the same core bundle. If I buy only threat protection separately, it is more expensive than this bundle. We create security profiles for spyware and antivirus and provide inline protection to customers.
What is most valuable?
App-IDs in Palo Alto Networks VM-Series are very important and working fine. We mostly use App-IDs due to which we are securing customers who are vulnerable and who need security solutions.
There are Dynamic Address Groups, EDLs, and integration with other solutions such as Forescout for Palo Alto Networks VM-Series, which we did two years ago. There are API integrations as well. We mostly automate the security structure for the organization using SIEM solutions, integration with SIEM solutions, and XDR solutions. This is very interesting.
What needs improvement?
I am not using Palo Alto Networks VM-Series mostly, but based on my experience, there are some deficiencies in Palo Alto Networks VM-Series. Having those features missing, we are not proposing Palo Alto Networks VM-Series to all customers. However, for urgency and for some solutions that customers need for some of their other sites and subdivisions, we are providing the same.
For how long have I used the solution?
I have been working with Palo Alto Networks VM-Series since 2020, which is approximately six to seven years back.
What do I think about the stability of the solution?
Palo Alto Networks VM-Series is very stable.
What do I think about the scalability of the solution?
Scalability for Palo Alto Networks VM-Series is eight out of ten.
How are customer service and support?
Technical support for Palo Alto Networks VM-Series is provided through premium partner support. We are working with StarLink, and they are providing the best solution and best support. We have advanced partnership and advanced support for some of our customers. They are good with technical solutions.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Palo Alto Networks VM-Series is better than Fortinet, mainly in its SP3 structure, flexibility, and reliability, and based on feedback from customers. Most of our customers have shifted from Fortinet to Palo Alto Networks VM-Series. Their feedback indicated concerns about slowness, subscription renewals, and other aspects they were not happy with.
Which other solutions did I evaluate?
Fortinet is the main competitor for Palo Alto Networks VM-Series on the market.
What other advice do I have?
Prices of Palo Alto Networks VM-Series are higher than other firewalls and other solutions. However, we are using its security features and proposing them, mostly winning tenders with this product. Palo Alto Networks VM-Series is a very best solution if you have subscription and extra support, and I would rate this solution seven to eight out of ten. I would give this review an overall rating of eight.
Cristian C.
Strong firewall with good visibility but setup can be complex
Reviewed on Aug 25, 2025
Review provided by G2
What do you like best about the product?
The most valuable feature is the level of visibility into network traffic. It makes it much easier to identify threats and manage applications compared to traditional firewalls. The policy management is flexible, and the reporting tools give our team useful insights into potential risks. Integration with cloud environments is also a big advantage, since it allows us to apply consistent security policies across on-premises and cloud workloads.
What do you dislike about the product?
The initial deployment process was more challenging than expected, and the learning curve for new administrators is steep. While the product is powerful, configuring policies correctly can take time and sometimes requires additional training. Support is generally good but can be slow during peak hours. Pricing is also on the higher side, which may be a concern for smaller organizations.
What problems is the product solving and how is that benefiting you?
Palo Alto Networks NGFW helps us centralize network security and reduce gaps between different tools. Before using it, managing firewalls and intrusion detection separately created extra work and slowed down compliance checks. Now, we can enforce consistent security policies across on-premises and cloud environments, respond faster to threats, and get better visibility into network traffic. It has reduced manual tasks and improved overall confidence in our security posture. At the same time, configuring complex policies can take time, and pricing can be challenging for growing organizations, so there’s room for improvement.
Uday R.
Reliable, Secure, and Intelligent Firewall Solution
Reviewed on Aug 19, 2025
Review provided by G2
What do you like best about the product?
The best part about Palo Alto Networks Next-Generation Firewalls is their ability to provide deep visibility and control over network traffic without compromising performance. The user interface is intuitive, and the integration with threat intelligence ensures that the firewall can detect and prevent both known and emerging threats in real time.
What do you dislike about the product?
The initial setup and configuration can be complex, especially for administrators who are new to the platform. The learning curve is somewhat steep, and fine-tuning security policies requires time and expertise. Licensing can also feel a bit confusing, as different features often require separate subscriptions.
What problems is the product solving and how is that benefiting you?
Palo Alto Networks Next-Generation Firewalls are helping us prevent advanced threats, control applications, and secure remote access for users across different locations. They provide deep visibility into traffic, which makes it easier to detect and stop malicious activity before it impacts operations. The granular policies reduce risks, improve compliance, and save time for the IT team by simplifying management through centralized monitoring. Overall, it has strengthened our security posture while keeping network performance stable.
Devansh S.
Palo Alto Networks Next-Generation Firewalls
Reviewed on Aug 18, 2025
Review provided by G2
What do you like best about the product?
Palo Alto Networks Next-Generation Firewalls are excellent for their advanced threat prevention, providing superior visibility and control over applications, users, and content. Their unique App-ID, User-ID, and Content-ID technologies enable highly granular and effective security policies. This comprehensive approach, combined with features like WildFire for zero-day threat analysis, significantly enhances an organization's overall security posture.
What do you dislike about the product?
While Palo Alto Networks' Next-Generation Firewalls offer strong security, their primary drawbacks are often cited as high cost and complexity. The extensive features and advanced capabilities come with a steep learning curve and expensive licensing, which can be prohibitive for smaller organizations. Additionally, some users have reported issues with performance degradation when enabling all advanced security features and have noted that customer support can be inconsistent.
What problems is the product solving and how is that benefiting you?
Palo Alto Networks Next-Generation Firewalls are designed to address the challenges of modern, application-driven networks and sophisticated cyber threats. They solve the problem of limited visibility and control that traditional firewalls have by identifying and controlling traffic based on the application, user, and content, not just IP addresses and ports. This allows for the creation of precise security policies, which directly benefits me by reducing the attack surface, simplifying network management, and providing robust protection against a wide range of threats, including zero-day attacks and malware hidden in encrypted traffic.
Sources
Sources
Parth K.
PCNSE-certified with experience deploying, configuring, and managing Palo Alto NGFWs.
Reviewed on Aug 15, 2025
Review provided by G2
What do you like best about the product?
Palo Alto NGFWs provide exceptional visibility and control over network traffic, seamless integration with security tools, advanced threat prevention, and user-friendly management via Panorama. The App-ID and Content-ID features are incredibly effective at identifying and blocking threats in real time, enhancing overall security posture.
What do you dislike about the product?
While Palo Alto NGFWs deliver top-tier security, initial setup and policy configuration can be complex for beginners. Licensing costs and subscription renewals can also be expensive, and frequent updates may require planned downtime in high-availability environments. Additionally, some advanced features have a steep learning curve.
What problems is the product solving and how is that benefiting you?
Palo Alto NGFWs help prevent advanced threats, stop malware, and control applications with precision. Their App-ID, User-ID, and Threat Prevention features improve network visibility, reduce attack surface, and ensure compliance. This has strengthened our security posture, minimized downtime, and allowed faster, more confident incident response.