Getting Started from the AWS Marketplace
Table of Contents
Expand all | Collapse all
-
- About Cloud NGFW for AWS
- Getting Started from the AWS Marketplace
- Register Your Cloud NGFW Tenant with a Palo Alto Networks Support Account
- Cloud NGFW for AWS Pricing
- Cloud NGFW Credit Distribution and Management
- Cloud NGFW for AWS Free Trial
- Cloud NGFW for AWS Limits and Quotas
- Subscribe to Cloud NGFW for AWS
- Locate Your Cloud NGFW for AWS Serial Number
- Cross-Account Role CFT Permissions for Cloud NGFW
- Invite Users to Cloud NGFW for AWS
- Manage Cloud NGFW for AWS Users
- Deploy Cloud NGFW for AWS with the AWS Firewall Manager
- Enable Programmatic Access
- Terraform Support for Cloud NGFW AWS
- Provision Cloud NGFW Resources to your AWS CFT
- Configure Automated Account Onboarding
- Usage Explorer
- Create a Support Case
- Cloud NGFW for AWS Certifications
- Cloud NGFW for AWS Privacy and Data Protection
-
-
- Prepare for Panorama Integration
- Link the Cloud NGFW to Palo Alto Networks Management
- Unlink the Cloud NGFW from Palo Alto Networks Management
- Associate a Linked Panorama to the Cloud NGFW Resource
- Use Panorama for Cloud NGFW Policy Management
- View Cloud NGFW Logs and Activity in Panorama
- View Cloud NGFW Logs in Strata Logging Service
- Tag Based Policies
- Configure Zone-based Policy Rules
- Enterprise Data Loss Prevention (E-DLP) Integration with Cloud NGFW for AWS
-
- Strata Cloud Manager Policy Management
Getting Started from the AWS Marketplace
You have a couple of ways to get started with Cloud NGFW from the AWS marketplace. The
critical decision criterion is whether or not you would like to use AWS Firewall Manager
to work with Cloud NGFW.
- Getting started from AWS members accounts—you can subscribe to the Palo Alto Networks Cloud NGFW for AWS Marketplace SaaS listing from your member AWS account. Each subscription results in the creation of a unique Cloud NGFW tenant.You can then add multiple other AWS accounts to the Cloud NGFW tenant. You can create Cloud NGFW resources (also called NGFWs) and associate them with VPCs in their AWS accounts. You can also author security policies on these NGFW. Cloud NGFW monitors the usage of the Cloud NGFW tenant and sends metering records to AWS Marketplace Metering Service. AWS uses this information to invoice the customer.Within your AWS account, you then add a NGFW endpoint (also referred to as a VPC endpoint) for this resource. You then add VPC route rules to route all traffic to the NGFW endpoint for inspection. AWS automatically redirects the traffic sent to the NGFW endpoint to the NGFW resource for inspection. Traffic sent to an NGFW endpoint is always returned to the same NGFW endpoint—the NGFW behaves as a “bump in the wire.”Once started with this method, you cannot use AWS Firewall Manager with this Cloud NGFW tenant.
- Getting started from a AWS Firewall Manager administrator account—If you currently use AWS Firewall Manager to manage security groups, or other network security features across your AWS organization, You can use the same AWS Firewall Manager to deploy NGFWs into multiple accounts and VPCs throughout an AWS organizationYou initiate the AWS Marketplace subscription for the Cloud NGFW listing from the AWS organization's designated AWS Firewall Manager administrative account.You then use the AWS Firewall Manager policy workflow to author a global rulestack and quickly deploy NGFWs across multiple AWS accounts in an AWS Organization. Under the hood, the Firewall Manager orchestrates all of the components. This includes invoking the Cloud NGFW APIs to create the NGFWs and invoking the AWS APIs to create the NGFW endpoints in the customer VPCs.Please refer to the AWS Firewall Manager integration blog and video for more details on how AWS Firewall Manager integrates with Cloud NGFW for AWS.Once started with this method, you should always use an AWS Firewall Manager to add AWS accounts to the Cloud NGFW tenant.