Sold by: Palo Alto NetworksÂ
Deployed on AWS
Free Trial
Vendor Insights
Quick Launch
Fully managed, cloud-native firewall service with threat prevention, app control and advanced URL filtering that integrates with AWS Firewall Manager, CloudWatch and more.
Overview
Product Overview
Cloud Next-Generation Firewall (CNGFW) for AWS delivers best-in-class network security powered by artificial intelligence and machine learning, stopping zero-day exploits faster than traditional platforms. This fully managed turnkey cloud-native firewall service with 99.99% availability removes the complexity of managing firewall infrastructure in AWS. It lets you immediately turn on the next-generation firewall features and scale your security, ensuring seamless protection for your applications in the AWS environment.
Cloud NGFW extends your threat prevention capabilities across AWS environments and seamlessly integrates with key AWS services like AWS Firewall Manager, CloudWatch, Kinesis Firehose, and more. It provides real-time insights, automated security workflows, and granular traffic control for robust network protection. Recent enhancements include Strata Cloud Manager integration for centralized visibility and firewall-as-code enhancements.
Benefits
-
Effortless Deployment and Zero-Operational Burden: Palo Alto Networks Cloud NGFW takes care of the complex operational tasks, allowing for seamless firewall deployment and management in AWS. It streamlines processes such as certificate management, software upgrades, patch management and multi-dimensional scaling to ensure 99.99% availability. By eliminating the challenges of managing and scaling firewalls yourself, you can deploy robust cloud protection in just a few clicks, without worrying about infrastructure management.
-
Advanced Threat Prevention. Secure your AWS VPC traffic from zero-day attacks and unknown command-and-control traffic using Cloud-Delivered Security Services (CDSS) powered by Precision AI as well as Unit 42 Threat Research, enabling detection and mitigation 180x faster than traditional platforms.
-
Real-Time Threat Detection. Protect your applications with advanced AI and ML-powered threat prevention, leveraging intelligence derived from 70,000+ global customers to stop zero-day exploits, DNS threats, and web-based threats before they impact your network. This extensive threat intelligence network continuously learns and adapts, providing unparalleled protection that evolves with the latest attack vectors.
-
Granular Traffic Control. Gain visibility and precise control over your network traffic based on workloads, users, and applications with patented Layer 7 classification. Reduce attack surfaces and safeguard your AWS environment from malicious traffic.
-
Centralized Visibility. Simplify security operations with centralized management using Strata Cloud Manager or Panorama. Gain comprehensive visibility into applications, users, and threats for more efficient security management, faster threat resolution, and optimized policy creation.
-
Improved Metrics & Monitoring. Leverage AWS CloudWatch to monitor NGFW health, performance, and usage patterns in real-time, ensuring your security operations run at peak efficiency.
-
Firewall-as-Code Enhancements. Automate your firewall deployment, policy enforcement and account management workflows with the support of APls, CloudFormation and Terraform. Eliminate manual interventions and streamline your security operations.
-
Cloud NGFW is the Firewall-as-a-Service. Choose either AWS Firewall Manager or Palo Alto Networks Panorama for consistent policy management across multiple AWS accounts, enabling flexible control and seamless security across your cloud environments.
Activate your 30-Day free trial and create up to two next-generation firewall resources on your existing AWS VPCs, securing up to 100GB of traffic. After the free trial, you'll transition to a pay-as-you-go model, and you can check your subscription status on the Subscription Management page.
Highlights
- Deploy your next-generation firewall with one-click, automated provisioning that auto-scales to match your network traffic. Leverage Palo Alto Networks Panorama or Strata Cloud Manager for unified security management, ensuring you maintain control and visibility across your cloud infrastructure without the complexity of managing infrastructure.
- Integrate seamlessly with AWS-native services like CloudWatch, Kinesis Firehose, and AWS Firewall Manager, providing real-time insights, granular traffic control, and enhanced security capabilities. Backed by Palo Alto Networks Unit 42 Threat Research, the service delivers cutting-edge threat prevention and faster mitigation of zero-day exploits.
- Cloud NGFW supports automated onboarding of AWS environments and workflow automation through APIs, CloudFormation, and Terraform, enabling quick deployment and consistent operations. Gain comprehensive visibility and management across multiple AWS accounts with centralized security operations using Strata Cloud Manager or Panorama.
Details
Sold by
Categories
Delivery method
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
SOC2
AWS Security Specialization
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Quick Launch
Leverage AWS CloudFormation templates to reduce the time and resources required to configure, deploy, and launch your software.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
Base NGFW - incl. 3 AZs (1unit=1 usage hour), addt'l AZ 0.33 unit/hr | $1.50 |
Traffic Secured - First 15 TB / month (1 unit = 1 GB) | $0.065 |
Traffic Secured - Next 15 TB / month (1 unit = 1 GB) | $0.045 |
Traffic Secured - Above 30 TB / month (1 unit = 1 GB) | $0.03 |
Add-Ons (1 unit = 1 Cloud NGFW Credit) (refer to page bit.ly/cngfwaws) | $0.012 |
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
"Premium support is now included with the product: https://www.paloaltonetworks.com/resources/datasheets/premium-support . To help you get started with your deployment such as how-to videos, deployment guides and reference architectures, please visit: https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW . For post-sales support, you can use the following options: 1) Open a case by following the steps here: https://www.paloaltonetworks.com/services/support/customer-support-plan . 2) Call us at 1 (866) 898-9087"
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Palo Alto Networks
By Forcepoint
By Check Point Software Technologies
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Threat Prevention
Advanced AI and machine learning-powered threat detection leveraging intelligence from global customer network to stop zero-day exploits and unknown command-and-control traffic
Network Traffic Classification
Patented Layer 7 classification for granular traffic control based on workloads, users, and applications with precise network traffic visibility
Cloud Service Integration
Native integration with AWS services including Firewall Manager, CloudWatch, Kinesis Firehose for comprehensive security management and monitoring
Infrastructure Automation
Support for infrastructure-as-code deployment using APIs, CloudFormation, and Terraform for automated firewall provisioning and policy enforcement
Security Intelligence
Cloud-delivered security services powered by Precision AI and Unit 42 Threat Research for real-time threat detection and mitigation
Network Virtualization
Secure virtual private network (VPN) gateway for connecting remote sites and branch offices
Advanced Threat Protection
Dynamic security controls with application layer exfiltration security and advanced evasion techniques (AETs) identification
Intrusion Prevention
Integrated advanced Intrusion Prevention System (IPS) with capability to stop Advanced Evasion Techniques
Security Policy Management
Centralized policy configuration with global update capabilities across network infrastructure
Malware Detection
Sandboxing technology for identifying zero-day attacks and advanced malware
Network Traffic Inspection
Inspects traffic entering and exiting private subnets in VPC ("North-South") and between VPCs ("East-West")
Advanced Threat Prevention
Provides multi-layered security capabilities including firewall, IPS, threat emulation, and threat extraction with advanced catch rates
Cloud Infrastructure Integration
Supports infrastructure-as-code tools like Terraform and Ansible, dynamically adapts security policies based on cloud metadata
Security Protocol Coverage
Comprehensive security features including Data Loss Prevention, application control, IPsec VPN, URL filtering, antivirus, and anti-Bot protection
Cloud Service Compatibility
Integrates with AWS services including Gateway Load Balancer, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, and AWS Transit Gateway
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
4.2
3 ratings
3 AWS reviews
|
139 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Telecommunications
Mr
Reviewed on Aug 14, 2025
Review provided by G2
What do you like best about the product?
Cloud Next generation firewall offers us enterprise version of AI ML powered security without any manual invocation of deployments firewalls scaling and patching etc
It helps in automation of scaling up and down based on traffic
It helps in automation of scaling up and down based on traffic
What do you dislike about the product?
It is very expensive obviously compare to aws and azure firewalls
Limeted features with onprem
Complexity for small teams
Regoion availability as they dont have in some places
Limeted features with onprem
Complexity for small teams
Regoion availability as they dont have in some places
What problems is the product solving and how is that benefiting you?
It solves getting enterprised version which gives very interesting features to deploy and avoids any complexity in deployment of firewall rules and also helps in maintaining security compliances
Sanket Bhostekar
Experience with integrated visibility and ongoing support fulfills requirements effectively
Reviewed on Jul 31, 2025
Review provided by PeerSpot
What is our primary use case?
We have a Firewall as well as a Synapse solution, and we have EDR, XDR as well. The Palo Alto Networks VM-Series Firewall is what we are using.
What is most valuable?
From a Synapse perspective, they have better visibility, better CV detection, better exposure detection, and it is in a single tool, so we are happy with it.
The integration of Palo Alto Networks VM-Series within my existing network infrastructure and security tools is good; they are resilient, and we can integrate with anything easily.
What needs improvement?
There is one thing regarding Palo Alto Networks VM-Series that they need to look into, which is ISPM, Identity Security Posture Management, and other than that, I could see there are multiple things which they have already been doing well.
Technical support is good for Palo Alto Networks VM-Series, but sometimes for new feature requests, we are facing challenges. We are the conglomerate, so individual business has different requirements, which we are expecting some new requests for. Whenever any custom requirement exists in an existing tool, they are taking much time with the engineering team, which is the only thing I'm expecting them to improve. Other than that, this product is very good.
I think overall security is something they need to make into a single pane of glass to help the customer who is using only the single Palo Alto Networks vendor, so they will get end-to-end visibility in a single console.
For how long have I used the solution?
I have been using them for around three years.
What do I think about the scalability of the solution?
My experience with the scalability of Palo Alto Networks VM-Series is good; whenever we are facing any issues, they are helping, and it is a scalable environment.
How are customer service and support?
Technical support is good for Palo Alto Networks VM-Series, but sometimes for new feature requests, we are facing challenges.
How would you rate customer service and support?
Positive
What other advice do I have?
We are generally satisfied with Palo Alto Networks VM-Series.
I would rate Palo Alto Networks VM-Series technical support an eight out of ten.
I would recommend Palo Alto Networks VM-Series to others.
I am a customer of Palo Alto Networks.
Actually, we are trying to migrate to Cortex Cloud; currently, we are using Prisma, so we are in the phase to migrate to Cortex Cloud, but have not yet migrated, so I am not experienced with it and cannot give feedback about it.
We haven't used Prisma Access Browser .
Overall rating: 10/10
Andrei B.
Palo Alto Networks Cloud NGFW - best solution of security
Reviewed on Jul 29, 2025
Review provided by G2
What do you like best about the product?
The best about palo Alto networks Cloud NGFW is ease of implementation and mangement is very advance . Also the TAC support of Palo Alto are very helpfull in the case you have some probelm with inplimentation . They provide a great support and amazing troubleshooting .
What do you dislike about the product?
The Palo Alto Networks Cloud NGFW is a amazing solition but compare with differnt vendors is very expensive . Inplimentation is required a backgraund of tehnical people that is very hard to find it .
What problems is the product solving and how is that benefiting you?
Solving the problem of cloud security in our organization, Palo Alto Networks Cloud NGFW protects applications used by our users from threats like malware and intrusion attacks without requiring additional solutions also we are using Glob Protect for our company. That make our connection more security using Globbal Protect our traffic is forward to cloud and after to internet .
Alejandro M.
Palo Alto Plug and Play
Reviewed on Jul 09, 2025
Review provided by G2
What do you like best about the product?
Honestly, it’s super easy to set up. I expected a bunch of configs and headaches, but nope, just plug it in, follow the setup wizard, and you're good to go. The UI is clean, and I didn’t need to Google every step. Also, the security features are solid out of the box, which is great if you don’t wanna spend hours tweaking every little thing.
What do you dislike about the product?
It can get kinda pricey, especially if you start adding a bunch of extras. Also, the logs can be overwhelming, like, too much info sometimes and not super clear unless you already know what you’re looking at. Would be nice if they had better filtering or summaries.
What problems is the product solving and how is that benefiting you?
Mainly it helped us stop stressing about securing traffic between our cloud stuff. Before, we had a patchwork of tools and manual rules and it was just messy. With Palo Alto’s NGFW, it’s all in one place, easy to manage, and way faster to set up policies that actually work. It also helped us keep compliance in check without spending forever doing audits. Just makes things smoother and less painful overall.
Simone R.
Cloud Administrator
Reviewed on Jul 02, 2025
Review provided by G2
What do you like best about the product?
What I like best about Palo Alto Networks Cloud NGFW is how seamlessly it integrates with cloud-native environments while still providing enterprise-grade security. It's easy to deploy, scales automatically, and gives you advanced threat protection without having to manage the underlying infrastructure. The consistent policy enforcement across different workloads is a huge plus, and the tight integration with AWS services makes it ideal for hybrid or multi-cloud setups. It just gives you peace of mind knowing your cloud assets are protected with minimal operational overhead.
What do you dislike about the product?
ChatGPT ha detto:
What I dislike about Palo Alto Networks Cloud NGFW is that while it's powerful, the initial setup and configuration can be a bit challenging, especially for users who aren't already familiar with Palo Alto’s ecosystem. Additionally, the pricing model can become quite expensive as your cloud environment scales, so it requires careful planning to avoid unexpected costs.
What I dislike about Palo Alto Networks Cloud NGFW is that while it's powerful, the initial setup and configuration can be a bit challenging, especially for users who aren't already familiar with Palo Alto’s ecosystem. Additionally, the pricing model can become quite expensive as your cloud environment scales, so it requires careful planning to avoid unexpected costs.
What problems is the product solving and how is that benefiting you?
Palo Alto Networks Cloud NGFW is solving several key problems related to cloud security, such as protecting against advanced threats, maintaining consistent security policies across regions, and simplifying the management of firewall rules in complex cloud environments. For me, this translates into stronger protection for cloud workloads, reduced time spent on manual configurations, and greater peace of mind knowing that security is enforced automatically and uniformly, even as the infrastructure scales or evolves.