Supported Cloud NGFW for AWS Deployments
Table of Contents
Expand all | Collapse all
-
- About Cloud NGFW for AWS
- Getting Started from the AWS Marketplace
- Register Your Cloud NGFW Tenant with a Palo Alto Networks Support Account
- Cloud NGFW for AWS Pricing
- Cloud NGFW Credit Distribution and Management
- Cloud NGFW for AWS Free Trial
- Cloud NGFW for AWS Limits and Quotas
- Subscribe to Cloud NGFW for AWS
- Locate Your Cloud NGFW for AWS Serial Number
- Cross-Account Role CFT Permissions for Cloud NGFW
- Invite Users to Cloud NGFW for AWS
- Manage Cloud NGFW for AWS Users
- Deploy Cloud NGFW for AWS with the AWS Firewall Manager
- Enable Programmatic Access
- Terraform Support for Cloud NGFW AWS
- Provision Cloud NGFW Resources to your AWS CFT
- Configure Automated Account Onboarding
- Usage Explorer
- Create a Support Case
- Cloud NGFW for AWS Certifications
- Cloud NGFW for AWS Privacy and Data Protection
-
-
- Prepare for Panorama Integration
- Link the Cloud NGFW to Palo Alto Networks Management
- Unlink the Cloud NGFW from Palo Alto Networks Management
- Associate a Linked Panorama to the Cloud NGFW Resource
- Use Panorama for Cloud NGFW Policy Management
- View Cloud NGFW Logs and Activity in Panorama
- View Cloud NGFW Logs in Strata Logging Service
- Tag Based Policies
- Configure Zone-based Policy Rules
- Enterprise Data Loss Prevention (E-DLP) Integration with Cloud NGFW for AWS
-
- Strata Cloud Manager Policy Management
Supported Cloud NGFW for AWS Deployments
You can deploy Cloud NGFW in a centralized
model behind a Transit Gateway (TGW) with a Cloud NGFW resource
deployed in a dedicated security VPC or in a distributed model,
with a Cloud NGFW resource associated with each VPC.
Centralized Deployment
In a centralized
deployment, a dedicated security VPC provides a central approach
to managing access control and threat prevention of Inbound, Outbound
and East-West traffic of your VPCs. You must specify the security
VPC and subnet(s) when configuring Cloud NGFW. The NGFW endpoints
are created and deployed in the specified VPC and subnets. You must
then configure route rules on the application VPCs and TGW to redirect
traffic to the security VPC for inspection, as well as, route rules
for return traffic.
For more information and examples of centralized
deployments, see Cloud NGFW for AWS Centralized Deployments.
Distributed Deployment
The distributed
deployment model allows for the distribution of Cloud NGFWs across
multiple VPC, while maintaining centralized security control. In
this model, it is recommended that you use the AWS Firewall Manager
to author a Firewall Manager policy that facilitates the deployment
of NGFWs across multiple AWS accounts of an AWS organization. You
are then directed to Cloud NGFW console to create global rulestacks
and associate them with the Firewall Manager policy. The Firewall
Manager then invokes Cloud NGFW APIs to create the NGFW with the
associated global rulestacks that protect your application VPCs.
Additionally, the AWS Firewall Manager uses AWS VPC APIs to create
NGFW endpoints in the VPCs you specify.
For more information
and examples of centralized deployments, see Cloud NGFW for AWS Distributed Deployments.