Deploying NGFW Engines on cloud-based virtualization platforms

You can deploy NGFW Engines on cloud-based virtualization platforms, such as the Amazon Web Services (AWS) cloud and the Microsoft Azure cloud.

NGFW Engines on cloud-based virtualization platforms provide VPN connectivity, access control, and inspection for services hosted on cloud-based virtualization platforms.

For information about deploying NGFW Engines in the AWS cloud, see the document How to deploy Next Generation Firewall in the Amazon Web Services cloud and Knowledge Base article 10156.

For information about deploying NGFW Engines in the Azure cloud, see the document How to deploy Next Generation Firewall in the Azure cloud and Knowledge Base article 14485.

After deployment, you can manage NGFW Engines on cloud-based virtualization platforms using the Management Client in the same way as other NGFW Engines. If you deploy NGFW Engines that use the scaling feature, you can only preview the NGFW Engines and make changes to the Firewall policies.

Note: Only Single NGFW Engines in the Firewall/VPN role are supported. Master NGFW Engines and Virtual NGFW Engines are not supported.

Licensing

Two licensing models are supported.

Bring Your Own License — You pay only the AWS or Azure standard runtime fee for the NGFW Engine instance. You must install a license for the NGFW Engine in the SMC.
Hourly (pay as you go license) — You pay the AWS or Azure standard runtime fee for the NGFW Engine instance plus an hourly license fee based on the runtime of the NGFW Engine. No license installation is needed for the NGFW Engine in the SMC.

For features that require separate licenses, the SMC automatically detects which licensing model the NGFW Engine uses.