Skip to main content
Azure
  • 5 min read

Secure your cloud environment with Cloud Next-Generation Firewall by Palo Alto Networks, an Azure Native ISV Service—now in preview

To support our customers in accelerating their digital transformation journey and protecting their cloud environment against threats, Microsoft is committed to giving customers the best possible options for securing their applications and we are excited to announce the preview of Cloud Next-Generation Firewall (NGFW) for Azure.

(Updated July 31, 2023) Cloud Next-Generation Firewall by Palo Alto Networks is now generally available. With the GA announcement, we are pleased to extend availability of the service in ten new regions. In addition to improvements around user experience and monitoring of the service, we will open up support of CLI, SDK, and Terraform shortly. Read the announcement.

To support our customers in accelerating their digital transformation journey and protecting their cloud environment against threats, Microsoft is committed to giving customers the best possible options for securing their applications. To accelerate that commitment, we are excited to announce the preview of Cloud Next-Generation Firewall (NGFW) for Azure.

Cloud NGFW for Azure is Palo Alto Networks NGFW delivered as a managed service on Microsoft Azure. It enables you to easily utilize Palo Alto Networks best-in-class network security capabilities on Azure, and you can manage it using either Palo Alto Networks Panorama policy management solution or directly from the Azure portal. Cloud NGFW for Azure combines the scalability and reliability of Microsoft Azure with Palo Alto Networks deep expertise in network security.

At Microsoft, we are dedicated to ensuring that Microsoft Azure is the most trusted and secure cloud platform. With the preview release of the Palo Alto Networks Cloud NGFW for Azure, we are pleased to expand our ecosystem of native ISV solutions and provide customers and developers with more options to meet their security needs. This collaboration between Palo Alto Networks and Microsoft combines the scalability and reliability of Azure with Palo Alto Networks expertise to help safeguard our customers against the latest threats.”—Julia Liuson President, Microsoft Developer Division at Microsoft.

“More and more of our customers are running their business critical applications in Azure and are looking to us to help keep those workloads secure. With Cloud NGFW for Azure we are excited to combine Palo Alto Networks best-in-class security with the scalability and reliability of Azure to provide our mutual customers the ability to run their applications with confidence. As a managed Azure Native ISV service, we are proud to deliver the ease of use customers expect from a cloud native experience.”—Lee Klarich, Chief Product Officer, Palo Alto Networks.

Palo Alto Networks Next-Generation Firewall is available on Azure

Palo Alto Networks is a leader in cloud security and provides next-generation cybersecurity to thousands of customers globally, across all sectors. With the integration of Cloud NGFW for Azure into the Azure ecosystem we are delivering an integrated experience and empowering a growing ecosystem of developers and customers to help protect their organizations on Azure.

Cloud NGFW for Azure is offered through Azure Marketplace and offers many of the same capabilities as Palo Alto Networks hardware firewalls and virtualized next-generation firewalls as a managed service, making it easily scalable for cloud environments.

We are excited to work with Palo Alto Networks to provide powerful capabilities to Azure customers, including:

  • Security: Palo Alto Networks provides a rich set of security features thanks to its unique machine learning (ML) powered NGFW. Cloud NGFW for Azure uses AI and ML behind the scenes to detect and stop known, unknown, and zero-day threats, enabling customers to stay ahead of sophisticated adversaries. This advanced technology has allowed Palo Alto Networks to block nearly 5 billion events each day, demonstrating the effectiveness of this solution in providing robust security to customers.
  • Ease of Use: Cloud NGFW for Azure is designed to be incredibly easy to use, thanks to its Azure-native ISV Service architecture. This enables customers to procure and deploy the solution directly from the Azure portal in just a few minutes, providing instant protection against cyber threats. The solution is also very easy to operate as Palo Alto Networks takes care of scaling, resilience, and software updates. Furthermore, Cloud NGFW for Azure integrates seamlessly with Azure Virtual wide area network (WAN) deployments, enabling customers to protect traffic across their entire network. This integration provides customers with the agility and flexibility they need to manage their cloud security while focusing on their core business objectives.
  • Consistent Management from On-Prem to Cloud: Cloud NGFW for Azure is integrated with their Panorama policy management solution. This combination offers a host of benefits to our mutual customers. Firstly, it enables seamless security policy extension from on-prem to Azure, simplifying operations and reducing administrative workload and total cost of ownership. More importantly, this integration enforces the same high standards of security in the cloud, ensuring that customers’ cloud environments are secure and protected against cyber threats. Additionally, integration provides centralized visibility, providing valuable insights into the threats on their network from on-prem environments to the cloud. This enables customers to manage their security policies through their existing Panorama console, streamlining management, allowing their cloud teams to focus on application migration and new application development. 

Do more with less

We have invested in a deeply integrated experience with Palo Alto Networks on Azure including some of the key capabilities listed below to help you do more with less.

Seamless end user experience

We collaborated closely with Palo Alto Networks to develop Cloud NGFW for Azure, and tested it with our joint customers. Cloud NGFW for Azure provides a seamless and simplified end user experience for Cloud NGFW for Azure by integrating the deployment, management, billing, and support of the Palo Alto Networks solution on Azure, available via Azure Marketplace.

Cloud NGFW for Azure also provides integrated billing with Azure subscription invoicing, deep integrations with Azure services for role-based access control (RBAC) and identity management, and a unified support model. This service gives the user consistency in performance and security across their portfolio of on-prem and Azure cloud apps by using the same security solution and configurations everywhere. 

Deploy in minutes

Palo Alto Networks Cloud NGFW is deeply integrated into the Azure ecosystem. Through this deep integration, users can provision a new Palo Alto Networks Next-Generation Firewall in a matter of minutes, so they can quickly secure their Azure applications.

Run where you want

Palo Alto Networks Cloud NGFW for Azure can be deployed into both Virtual Networks and Virtual WAN hubs, and integrated with Azure Key Vault so even encrypted communications can be inspected for security. Cloud NGFW for Azure can be deployed into your Virtual Network automatically using a custom solution via service injection, and user-defined routing can be applied to route traffic to-and-from Cloud NGFW for Azure for inspection.

Customers who want a fully managed network-as-a-service with powerful routing can also choose to deploy the solution in a Virtual WA. Virtual WAN abstracts and simplifies the complexity of routing within a large hybrid network that spans on-premises and Azure at-scale. Configuring routing in Virtual WAN to send traffic to Cloud NGFW for Azure as a bump-in-the-wire solution requires just a single click with the Virtual WAN’s intelligent routing engine handling the rest of the routing.

Getting started with Cloud NGFW for Azure

Discovery and procuring: Azure customers can find the Palo Alto Networks service listed on Azure Marketplace, review the different purchasing plans offered, and procure it directly with single billing enabled:

Provisioning the Palo Alto Networks resources: Within several clicks, you can deploy Palo Alto Networks service in your desired subscription and datacenter regions with your preferred plan.

Related posts