>
    Strata Copilot
    VM-Series Firewall on AWS Cloud Environments
    Focus
    Download PDF
    Focus
    1. Home
    2. VM-Series
    3. VM-Series Firewall on AWS
    4. VM-Series Firewall on AWS Cloud Environments
    Download PDF
    VM-Series

    VM-Series Firewall on AWS Cloud Environments

    Table of Contents

    VM-Series Firewall on AWS Cloud Environments

    Learn how to configure the VM-Series to secure the traffic to and from the EC2 instances on AWS.
    Where Can I Use This?What Do I Need?
    • AWS
    • AWS account
    • Amazon Machine Image (AMI) ID
    • VM-Series License (PAYG or BYOL)
    • VM-Series plugin
    • Panorama
    • Panorama plugin for AWS

    VM-Series Firewall on AWS GovCloud

    AWS GovCloud is an isolated AWS region that meets the regulatory and compliance requirements of the US government agencies and customers.
    To secure your workloads that contain all categories of Controlled Unclassified Information (CUI) data and government-oriented, publicly available data in the AWS GovCloud (US) Region, the VM-Series firewall provides the same robust security features in the standard AWS public cloud and on AWS GovCloud. The VM-Series firewall on AWS GovCloud and the standard AWS public cloud support the same capabilities.
    On AWS GovCloud, you can deploy VM-Series firewalls only in a horizontally scalable manner
    The VM-Series firewall on AWS GovCloud must have AWS Plugin version 5.1.1 or later and PAN-OS version 10.2.3 or later installed. Ensure that your Panorama version is same or higher than your VM-Series PAN-OS version.
    If the VM-Series firewall on AWS GovCloud is offline, you must use the CSP to input the CPU ID, UUID, and the auth code to generate a license file that includes the serial number. You can then install the license on the firewall. See Serial Number and CPU ID Format for the VM-Series Firewall and VM-Series Firewall Licensing.
    For more information, see AWS GovCloud AMI to Deploy the VM-Series Firewall on AWS.

    VM-Series Firewall on AWS China

    The VM-Series firewall is available with the BYOL option on the AWS China Marketplace, and is available in the AWS China (Beijing) and the AWS China (Ningxia) regions. You must have an AWS China account that’s separate from your global AWS account to access this image and use AWS resources on AWS China.
    Make sure to review the VM-Series System Requirements before Launch the VM-Series Firewall on AWS.

    VM-Series Firewall on AWS Outposts

    To provide the same level of security to the workloads located on-premises as those workloads located in the AWS cloud, you can install the VM-Series firewall on AWS on an AWS Outposts rack at your on-premises location. Use the AWS Marketplace BYOL AMIs for your AWS region to deploy the VM-Series firewall instances in your AWS Outposts subnets.
    See Register the VM-Series Firewall (with auth code), to create a support account and register the VM-Series firewall on the Palo Alto Networks Customer Support website for activating your support entitlement with Palo Alto Networks.

    © 2026 Palo Alto Networks, Inc. All rights reserved.