Overview
IMPORTANT: This listing will be restricted starting from 05/11. Please consider using https://aws.amazon.com/marketplace/pp/B083M7JPKB instead.
The VM-Series next-generation firewall allows developers and cloud security architects to embed inline threat and data loss prevention into their application development workflows. Your applications and data are protected with whitelisting and segmentation policies that are dynamically updated based on AWS tags, allowing you to reduce the attack surface area and achieve compliance. Additionally, threat prevention policies can stop both known and unknown attacks.
Bundle 1 includes Threat Prevention (IDS/IPS) subscription and Premium Support. Panorama (available separately in Marketplace) allows the VM-Series to be managed centrally alongside our firewall appliances to maintain security policy that is consistent with on-premises environments.
Note: With PAN-OS 9.0.3.xfr and 9.1.0, VM-Series now supports DPDK on the C5 and M5 instances to efficiently process traffic and offer increased performance. If you are switching your VM-Series to C5/M5, we recommend you to migrate the configuration from the old instance to the new C5/M5 instance.
Highlights
- An AWS Network Competency and Security Competency approved solution that complements native AWS security with real-time threat and data theft prevention
- Dynamic and large scale deployments can be protected using AWS Auto Scaling/ELB integration and Transit VPC with AWS Transit Gateway
- Amazon GuardDuty and AWS Security Hub integration enables the VM-Series to automatically block potentially malicious activity.
Details
Typical total price
$1.062/hour
Features and programs
Financing for AWS Marketplace purchases
Pricing
Free trial
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
|---|---|---|---|
m3.xlarge | $0.87 | $0.266 | $1.136 |
m3.2xlarge | $0.87 | $0.532 | $1.402 |
m4.xlarge | $0.87 | $0.20 | $1.07 |
m4.2xlarge | $0.87 | $0.40 | $1.27 |
m4.4xlarge | $0.87 | $0.80 | $1.67 |
m5.xlarge Recommended | $0.87 | $0.192 | $1.062 |
m5.2xlarge | $0.87 | $0.384 | $1.254 |
m5.4xlarge | $0.87 | $0.768 | $1.638 |
m5.12xlarge | $0.87 | $2.304 | $3.174 |
m5.24xlarge | $0.87 | $4.608 | $5.478 |
Additional AWS infrastructure costs
Type | Cost |
|---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
See documentation for detailed steps to set admin password before using the web interface of VM-Series. Once the instance is running, connect to it using a SSH client with the private key file used to launch the instance. For example: ssh -i <privatekey.pem> admin@<EIP or private IP of eth0> Then use the PAN-OS CLI commands "configure", "set mgt-config users admin password" and "commit" commands to set the password.
Support
Vendor support
Premium support is available as part of this offering once the VM-Series firewall has been deployed and configured. To help you get started, how-to videos, deployment guides, reference architectures and discussion forums are available on our VM-Series on AWS resource page. The resource page will also allow you to register your firewall and contact support 24/7 in the event that you encounter critical or complex issues once the deployment has completed. http://live.paloaltonetworks.com/aws
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Reliable Security with Advanced Features
2. User Friendly UI
3. High performance capabilities even under heavy workloads
2. When I was a beginner, it was a very steep learning curve as I never had experience working on it.
Using Palo Alto NGFW
Managing the Attack Surface
Often times you'll find other vendors referencing max throughput which is measured in really strict conditions and/or without utilizing full security features on firewall. This is often times really missleading. When you look at PANW firewall throughput, it's measured while having all the beneficial services running.
AppID is really mind blowing part of the Firewall. From Reducing the attack surface by approving exactly what is the bare minimum of necessary apps. (Firewall it self offloads this for you, using the Policy Optimizer) all the way to knowing the impact of using such appliactions.
Generaly, features by themselves are something that you expect from firewall to have, however the approach that was taken, Reducing the Attack surface, is really what makes the ZTNA possible. All the way from segmentation, continuously inspecting the traffic, only from specific users/groups, and only allowed applications is a unbeatable combination.
From creating a security zones (aka Segments), and only allowing traffic within explicitly defined zones,
Implementing user identification (either transparent or explicit) which has endless posibilities.
Using Security Profiles to inspect allowed traffic.
Using Decryption that is not intrusive by default. (Firewall bypasses decryption on certain errors, so users are not escalating to support)