Listing Thumbnail

    VM-Series Next-Generation Firewall Bundle 1 [VM-300]

     Info
    Deployed on AWS
    Free Trial
    The VM-Series next-generation firewall allows developers and cloud security architects to embed inline threat and data theft prevention into their application development workflows. Native AWS services combined with VM-Series automation features allow you to create "touchless" deployments.

    Overview

    Play video

    IMPORTANT: This listing will be restricted starting from 05/11. Please consider using https://aws.amazon.com/marketplace/pp/B083M7JPKB  instead.

    The VM-Series next-generation firewall allows developers and cloud security architects to embed inline threat and data loss prevention into their application development workflows. Your applications and data are protected with whitelisting and segmentation policies that are dynamically updated based on AWS tags, allowing you to reduce the attack surface area and achieve compliance. Additionally, threat prevention policies can stop both known and unknown attacks.

    Bundle 1 includes Threat Prevention (IDS/IPS) subscription and Premium Support. Panorama (available separately in Marketplace) allows the VM-Series to be managed centrally alongside our firewall appliances to maintain security policy that is consistent with on-premises environments.

    Note: With PAN-OS 9.0.3.xfr and 9.1.0, VM-Series now supports DPDK on the C5 and M5 instances to efficiently process traffic and offer increased performance. If you are switching your VM-Series to C5/M5, we recommend you to migrate the configuration from the old instance to the new C5/M5 instance.

    Highlights

    • An AWS Network Competency and Security Competency approved solution that complements native AWS security with real-time threat and data theft prevention
    • Dynamic and large scale deployments can be protected using AWS Auto Scaling/ELB integration and Transit VPC with AWS Transit Gateway
    • Amazon GuardDuty and AWS Security Hub integration enables the VM-Series to automatically block potentially malicious activity.

    Details

    Delivery method

    Delivery option
    64-bit (x86) Amazon Machine Image (AMI)

    Latest version

    Operating system
    OtherLinux PAN-OS 8.1.25-h1

    Deployed on AWS

    Unlock automation with AI agent solutions

    Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
    AI Agents

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Free trial

    Try this product free for 15 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.

    VM-Series Next-Generation Firewall Bundle 1 [VM-300]

     Info
    Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    Usage costs (29)

     Info
    Dimension
    Cost/hour
    m5.xlarge
    Recommended
    $0.87
    m4.xlarge
    $0.87
    c5n.9xlarge
    $0.87
    m5.12xlarge
    $0.87
    m3.xlarge
    $0.87
    m5.24xlarge
    $0.87
    m5n.xlarge
    $0.87
    m3.2xlarge
    $0.87
    m5n.2xlarge
    $0.87
    m4.2xlarge
    $0.87

    How can we make this page better?

    We'd like to hear your feedback and ideas on how to improve this page.
    We'd like to hear your feedback and ideas on how to improve this page.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    64-bit (x86) Amazon Machine Image (AMI)

    Amazon Machine Image (AMI)

    An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

    Additional details

    Usage instructions

    See documentation for detailed steps to set admin password before using the web interface of VM-Series. Once the instance is running, connect to it using a SSH client with the private key file used to launch the instance. For example: ssh -i <privatekey.pem> admin@<EIP or private IP of eth0> Then use the PAN-OS CLI commands "configure", "set mgt-config users admin password" and "commit" commands to set the password.

    Support

    Vendor support

    Premium support is available as part of this offering once the VM-Series firewall has been deployed and configured. To help you get started, how-to videos, deployment guides, reference architectures and discussion forums are available on our VM-Series on AWS resource page. The resource page will also allow you to register your firewall and contact support 24/7 in the event that you encounter critical or complex issues once the deployment has completed. http://live.paloaltonetworks.com/aws 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    25
    In Network Infrastructure
    Top
    10
    In Log Analysis, Network Infrastructure

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Network Traffic Inspection
    Advanced intrusion detection and prevention system with inline threat prevention capabilities
    Cloud Security Automation
    Dynamic policy updates based on AWS tags for adaptive security segmentation
    Performance Optimization
    DPDK support on C5 and M5 instances for efficient traffic processing and increased network performance
    Threat Prevention
    Capability to stop both known and unknown attacks through advanced security policies
    Cloud Platform Integration
    Native integration with AWS services including Auto Scaling, ELB, Transit VPC, Amazon GuardDuty, and AWS Security Hub
    Network Virtualization
    Secure virtual private network (VPN) gateway for connecting remote sites and branch offices
    Advanced Threat Protection
    Dynamic security controls with application layer exfiltration security and advanced evasion techniques (AETs) identification
    Intrusion Prevention
    Integrated advanced Intrusion Prevention System (IPS) with capability to stop Advanced Evasion Techniques
    Security Policy Management
    Centralized policy configuration with global update capabilities across network infrastructure
    Malware Detection
    Sandboxing technology for identifying zero-day attacks and advanced malware
    Network Traffic Inspection
    Inspects traffic entering and exiting private subnets in VPC ("North-South") and between VPCs ("East-West")
    Advanced Threat Prevention
    Provides multi-layered security capabilities including firewall, IPS, threat emulation, and threat extraction with advanced catch rates
    Cloud Infrastructure Integration
    Supports infrastructure-as-code tools like Terraform and Ansible, dynamically adapts security policies based on cloud metadata
    Security Protocol Coverage
    Comprehensive security features including Data Loss Prevention, application control, IPsec VPN, URL filtering, antivirus, and anti-Bot protection
    Cloud Service Compatibility
    Integrates with AWS services including Gateway Load Balancer, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, and AWS Transit Gateway

    Contract

     Info
    Standard contract
    No
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    4.4
    4 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    25%
    75%
    0%
    0%
    0%
    4 AWS reviews
    |
    175 external reviews
    Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
    Electrical/Electronic Manufacturing

    Reliable and feature-rich firewall solution for enterprise security needs.

    Reviewed on Jul 01, 2025
    Review provided by G2
    What do you like best about the product?
    One thing I really like is how intuitive the user interface is. The dashboard makes it easy to monitor traffic and set up policies without needing to dig through complex menus. The threat prevention and application control features are also top-notch, especially the App-ID feature that gives more granular control over traffic. The performance has been rock solid even during peak loads. Their integration with cloud-based threat intelligence helps a lot with zero-day attacks and emerging threats.
    What do you dislike about the product?
    The main downside is the learning curve in the beginning. If you’re new to Palo Alto, the terminology and rule management style are a bit different compared to other firewalls like Cisco or Fortinet. Also, licensing costs can add up quickly if you want all the advanced features like WildFire or Threat Prevention. Another small gripe is that some firmware upgrades have caused brief outages, so you need to plan maintenance windows carefully.
    What problems is the product solving and how is that benefiting you?
    Multiple security challenges - access, traffic monitoring, preventing malicious activity/programs. Also the provision of details when it comes to the specific user and apps and access records makes it easier to manage
    Oscar F.

    It has been defenitely great

    Reviewed on Jun 24, 2025
    Review provided by G2
    What do you like best about the product?
    The way that it can be used also how easy is to understand everything, truly a powerful tool to use in the CiberSecurity area, helps a lot when matter most
    What do you dislike about the product?
    I would not say that is dislike, however interface could be more user friendly, however it is still great for what it does and what it helps, keep it up
    What problems is the product solving and how is that benefiting you?
    One again I would not say that there is a problem at all, everything works as expected how is expected, so no problems, things that could improve however it’s great
    Computer Software

    Rock-solid perimeter security with unmatched application visibility

    Reviewed on Jun 04, 2025
    Review provided by G2
    What do you like best about the product?
    Palo Alto’s App-ID and Threat Prevention engines give us granular control over traffic we never had with our previous stateful firewall. We can write policies around business apps instead of IP/port combos, then verify exactly what was allowed/blocked in the detailed logs. WildFire zero-day analysis has already caught two pieces of unknown malware in the last quarter, and the cloud signatures hit our gateways within minutes. Centralized management in Panorama is another highlight one commit pushes our rules to three sites, so audit time dropped from hours to minutes.
    What do you dislike about the product?
    Licensing is pricey and can be confusing (Threat Prevention, WildFire, DNS Security, etc.). The web UI occasionally lags when committing large rule-set changes, and the learning curve for first-time admins is steep expect to spend time in the docs or take the EDU-210 course. Support is generally solid, but faster response requires the higher-tier contract.
    What problems is the product solving and how is that benefiting you?
    Before we moved to Palo Alto, we juggled a traditional port-based firewall, a separate IPS, and far too many manual rules. That setup left gaps: users could tunnel apps over random ports, malware sometimes slipped past signature updates, and every audit felt like a scavenger hunt through spreadsheets.

    The PA NGFWs solved three big headaches at once:

    1. App-based policy instead of IP/port juggling. With App-ID we now write 15 clean rules around business apps rather than dozens of port rules. Audits take minutes, not hours.

    2. Built-in threat and zero-day protection. WildFire and DNS Security catch phishing callbacks and unknown executables before they land on endpoints. Since go-live we’ve seen a \~70 % drop in malware tickets and zero ransomware scares.

    3. Unified visibility and management. Panorama pushes configs to HQ and branches in one commit, and the detailed logs make troubleshooting a two-minute task instead of a war-room event.

    Bottom line: fewer security incidents, cleaner audits, and a lot more time for the team to focus on strategic projects instead of constant rule-tweaking.
    Akber S.

    A Comprehensive and Reliable NGFW Solution We Trust

    Reviewed on May 22, 2025
    Review provided by G2
    What do you like best about the product?
    What I appreciate most about Palo Alto Networks Next-Generation Firewalls is their robust and granular control over network traffic. The ability to identify applications, users, and content (App-ID, User-ID, Content-ID) is unparalleled, allowing us to create highly specific security policies that go far beyond simple port and protocol blocking. The threat prevention capabilities, including WildFire for zero-day threat analysis, are top-notch and have significantly improved our security posture. I also find the centralized management interface (PAN-OS itself, and Panorama for larger deployments) relatively intuitive for such a powerful device, making administration and monitoring efficient. The visibility it provides into network activity is crucial for troubleshooting and incident response.
    What do you dislike about the product?
    The primary downside, for us and many others, is the cost. Palo Alto Networks firewalls are a premium product, and the initial investment plus ongoing subscription and support costs can be substantial, especially for smaller organizations. While powerful, the sheer number of features and configuration options can also present a steep learning curve for new administrators who aren't familiar with the PAN-OS ecosystem. We've also found that some advanced feature licensing can be a bit complex to navigate, and sometimes troubleshooting very specific or niche issues can require deep dives into documentation or support tickets, which, while generally helpful, can take time.
    What problems is the product solving and how is that benefiting you?
    Palo Alto Networks NGFWs are solving several critical security challenges for our organization. Firstly, they provide robust protection against a wide array of cyber threats, from common malware to sophisticated zero-day attacks, thanks to features like Threat Prevention subscriptions and WildFire. This significantly reduces our risk of breaches and data loss. Secondly, the App-ID feature gives us unparalleled visibility and control over the applications running on our network, allowing us to block unsanctioned or risky apps and enforce granular policies. This has helped us curb shadow IT and improve overall network performance. Thirdly, User-ID integration allows us to tie security policies to actual users and groups rather than just IP addresses, which is essential in our dynamic environment. This has simplified policy management and improved our security posture by ensuring appropriate access levels. The overall benefit is a much stronger, more intelligent security framework that adapts to evolving threats and business needs.
    Banking

    Palo alto Networks NGFW is the best firewall in performance.

    Reviewed on May 21, 2025
    Review provided by G2
    What do you like best about the product?
    What I love about PAN NGFW, it is resilent in performance and It enhances performance by processing traffic efficiently. Also It detect and blocks zero-day threat in real-time without affecting the firewall performance.
    What do you dislike about the product?
    Our customers complain about, It's very expensive and some of our customers mention that support is inconsistent, even for premium plans. Desipite those there is nothing to complain about.
    What problems is the product solving and how is that benefiting you?
    PAN NGFW is solving our customers in giving advanced security features like AI-driven threat prevention, deep visibility into encrypted traffic and automated security updates without affecting the performance of the firewall it self and the normal traffic flow.
    View all reviews