Sold by: Palo Alto Networks
Free Trial
Vendor Insights
Quick Launch
Fully managed, cloud-native firewall service with threat prevention, app control and advanced URL filtering that integrates with AWS Firewall Manager, CloudWatch and more.
Sold by: Palo Alto Networks
Overview
Product Overview
Cloud Next-Generation Firewall (CNGFW) for AWS delivers best-in-class network security powered by artificial intelligence and machine learning, stopping zero-day exploits faster than traditional platforms. This fully managed turnkey cloud-native firewall service with 99.99% availability removes the complexity of managing firewall infrastructure in AWS. It lets you immediately turn on the next-generation firewall features and scale your security, ensuring seamless protection for your applications in the AWS environment.
Cloud NGFW extends your threat prevention capabilities across AWS environments and seamlessly integrates with key AWS services like AWS Firewall Manager, CloudWatch, Kinesis Firehose, and more. It provides real-time insights, automated security workflows, and granular traffic control for robust network protection. Recent enhancements include Strata Cloud Manager integration for centralized visibility and firewall-as-code enhancements.
Benefits
-
Effortless Deployment and Zero-Operational Burden: Palo Alto Networks Cloud NGFW takes care of the complex operational tasks, allowing for seamless firewall deployment and management in AWS. It streamlines processes such as certificate management, software upgrades, patch management and multi-dimensional scaling to ensure 99.99% availability. By eliminating the challenges of managing and scaling firewalls yourself, you can deploy robust cloud protection in just a few clicks, without worrying about infrastructure management.
-
Advanced Threat Prevention. Secure your AWS VPC traffic from zero-day attacks and unknown command-and-control traffic using Cloud-Delivered Security Services (CDSS) powered by Precision AI as well as Unit 42 Threat Research, enabling detection and mitigation 180x faster than traditional platforms.
-
Real-Time Threat Detection. Protect your applications with advanced AI and ML-powered threat prevention, leveraging intelligence derived from 70,000+ global customers to stop zero-day exploits, DNS threats, and web-based threats before they impact your network. This extensive threat intelligence network continuously learns and adapts, providing unparalleled protection that evolves with the latest attack vectors.
-
Granular Traffic Control. Gain visibility and precise control over your network traffic based on workloads, users, and applications with patented Layer 7 classification. Reduce attack surfaces and safeguard your AWS environment from malicious traffic.
-
Centralized Visibility. Simplify security operations with centralized management using Strata Cloud Manager or Panorama. Gain comprehensive visibility into applications, users, and threats for more efficient security management, faster threat resolution, and optimized policy creation.
-
Improved Metrics & Monitoring. Leverage AWS CloudWatch to monitor NGFW health, performance, and usage patterns in real-time, ensuring your security operations run at peak efficiency.
-
Firewall-as-Code Enhancements. Automate your firewall deployment, policy enforcement and account management workflows with the support of APls, CloudFormation and Terraform. Eliminate manual interventions and streamline your security operations.
-
Cloud NGFW is the Firewall-as-a-Service. Choose either AWS Firewall Manager or Palo Alto Networks Panorama for consistent policy management across multiple AWS accounts, enabling flexible control and seamless security across your cloud environments.
Activate your 30-Day free trial and create up to two next-generation firewall resources on your existing AWS VPCs, securing up to 100GB of traffic. After the free trial, you'll transition to a pay-as-you-go model, and you can check your subscription status on the Subscription Management page.
Highlights
- Deploy your next-generation firewall with one-click, automated provisioning that auto-scales to match your network traffic. Leverage Palo Alto Networks Panorama or Strata Cloud Manager for unified security management, ensuring you maintain control and visibility across your cloud infrastructure without the complexity of managing infrastructure.
- Integrate seamlessly with AWS-native services like CloudWatch, Kinesis Firehose, and AWS Firewall Manager, providing real-time insights, granular traffic control, and enhanced security capabilities. Backed by Palo Alto Networks Unit 42 Threat Research, the service delivers cutting-edge threat prevention and faster mitigation of zero-day exploits.
- Cloud NGFW supports automated onboarding of AWS environments and workflow automation through APIs, CloudFormation, and Terraform, enabling quick deployment and consistent operations. Gain comprehensive visibility and management across multiple AWS accounts with centralized security operations using Strata Cloud Manager or Panorama.
Details
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
SOC2
AWS Security Specialization
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Quick Launch
Leverage AWS CloudFormation templates to reduce the time and resources required to configure, deploy, and launch your software.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Dimension | Cost/unit |
|---|---|
Base NGFW - incl. 3 AZs (1unit=1 usage hour), addt'l AZ 0.33 unit/hr | $1.50 |
Traffic Secured - First 15 TB / month (1 unit = 1 GB) | $0.065 |
Traffic Secured - Next 15 TB / month (1 unit = 1 GB) | $0.045 |
Traffic Secured - Above 30 TB / month (1 unit = 1 GB) | $0.03 |
Add-Ons (1 unit = 1 Cloud NGFW Credit) (refer to page bit.ly/cngfwaws) | $0.012 |
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
"Premium support is now included with the product: https://www.paloaltonetworks.com/resources/datasheets/premium-support . To help you get started with your deployment such as how-to videos, deployment guides and reference architectures, please visit: https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW . For post-sales support, you can use the following options: 1) Open a case by following the steps here: https://www.paloaltonetworks.com/services/support/customer-support-plan . 2) Call us at 1 (866) 898-9087"
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
AI generated sentiment from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Threat Prevention
Advanced AI and machine learning-powered threat detection leveraging intelligence from global customer network to stop zero-day exploits and unknown command-and-control traffic
Network Traffic Classification
Patented Layer 7 classification for granular traffic control based on workloads, users, and applications with precise network traffic visibility
Cloud Service Integration
Native integration with AWS services including Firewall Manager, CloudWatch, Kinesis Firehose for comprehensive security management and monitoring
Infrastructure Automation
Support for infrastructure-as-code deployment using APIs, CloudFormation, and Terraform for automated firewall provisioning and policy enforcement
Security Intelligence
Cloud-delivered security services powered by Precision AI and Unit 42 Threat Research for real-time threat detection and mitigation
Network Security Capabilities
Next-generation firewall with intrusion prevention, application control, content filtering powered by AI-driven FortiGuard Labs technology
Cloud Integration
Seamless integration with AWS services including AWS Gateway Load Balancer and AWS Firewall Manager
Scalability Architecture
Single instance capable of protecting up to 1000 subnets across multiple VPCs, subnets, and availability zones in an AWS region
Security Policy Management
Comprehensive console with purpose-built wizards for associating AWS accounts, creating firewall instances, defining protected objects, and managing security policies
Multi-Platform Policy Synchronization
Supports policy definition and synchronization across AWS Firewall Manager and FortiManager platforms
Cloud Infrastructure Monitoring
Continually monitor public cloud infrastructure across AWS, Azure, and GCP environments to provide comprehensive visibility of resources and potential threats
Vulnerability Detection
Identify infrastructure vulnerabilities impacting security and compliance best practice standards with risk profiling and contextual alerts
Multi-Cloud Asset Management
Achieve a complete picture of cloud assets across multi-cloud environments, monitoring configurations, deployments, and access anomalies
Security Configuration Analysis
Detect insecure configurations, over-privileged IAM roles, and compliance failures from development through live service stages
API Integration Capabilities
Provide programmatic access to security features via REST API for seamless integration with third-party SIEM and DevOps tools
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
Bharath V.
Palo Alto NGFW
Reviewed on Mar 07, 2025
Review provided by G2
What do you like best about the product?
PA next gen cloud firewalls deep threat detection integration gives a great security backbone for any network infrastructure. Their AI threat detection is a game changer
What do you dislike about the product?
Palo alto being a huge company, it comes with alot of visibility in the market and constant vulnerabilities. Regular patching and sometimes more intrusive patching which could put production networks at risk
What problems is the product solving and how is that benefiting you?
As the world is moving towards as a service platforms cloud firewall as a service be Ill really important and needed for the current hybrid environments
Leave a comment0 comments
Retail
Quite happy with the solution
Reviewed on Mar 07, 2025
Review provided by G2
What do you like best about the product?
It really helped my on my day to day work to make my threat hunting streameless. Real time visibility is a great asset! We were quite happy with Palo Alto compared with our previous solution.
What do you dislike about the product?
Getting used to the GUI might take some time and the documentation doesn't help much but once you get used to that, everything works quite fine. So that's not a big deal
What problems is the product solving and how is that benefiting you?
It helped us to detect and successfully stop lateral movement attacks and data exfiltration attempts.It saved a lot of time with the automated corelation of events.
Education Management
Dependable Cloud Security with Ease
Reviewed on Mar 02, 2025
Review provided by G2
What do you like best about the product?
It's easy to set up with AWS, and it provides strong security with deep threat protection and packet filtering. The firewall is also user-friendly and can grow with our needs. Overall, it gives us peace of mind and makes managing cloud security much simpler.
What do you dislike about the product?
Setting up and configuring the firewall can be complex and requires a good amount of time and effort to get it running smoothly. While the security features are strong, the cost and complexity of setup could be a downside.
What problems is the product solving and how is that benefiting you?
It protects my cloud apps from malware, ensuring my data is safe. The firewall integrates smoothly with AWS. It also inspects network traffic to block potential threats quickly, giving me peace of mind about my cloud environment's security.
Computer & Network Security
Top Leader in the NGFW market
Reviewed on Feb 20, 2025
Review provided by G2
What do you like best about the product?
Administration, troubleshooting and GUI and CLI
What do you dislike about the product?
No dislike from my side as i loved the product lot
What problems is the product solving and how is that benefiting you?
Firewall administrations and inter office connectivity over IPsec and Routing
Siddhesh J.
Great experience overall
Reviewed on Feb 19, 2025
Review provided by G2
What do you like best about the product?
Threat protection and policy management features.
What do you dislike about the product?
Nothing in particular that I dislike about
What problems is the product solving and how is that benefiting you?
No more worries about network security