Register and deploy CNGFW in Azure/ AWS - Step by step

• Observed that there is no clear guidance on registering and deploying CNGFW
• There may be discrepancy in selecting services/subscriptions while deploying CNGFW using credits for customers

• Cloud NGFW in Azure/ AWS - credit based deployments

The primary root cause of the issue was the customer trying to create a deployment profile using software credits for CNGFW. There is no clear guidance on a step - by - step process to register and deploy CNGFW in Azure / AWS

Step-by-step guide to deploy CNGFW: 

1. Subscribe to the Cloud NGFW Resource Provider in the Azure Portal (or AWS Portal if it is a CNGFW in AWS).
2. Deploy the Cloud NGFW Firewall with the PAYG (Pay-As-You-Go) option.
3. Register the PAYG Firewall to the CSP Account where Cloud NGFW Credits will be deposited.
4. Activate the Cloud NGFW Credits from the email you received and deposit them into the CSP Account where the firewall is registered.
5. From the Hub, access the Cloud NGFW Credits Management App and create the deployment profile for Cloud NGFW on Azure/ AWS, selecting the PAYG Cloud NGFW Serial Number that was registered. (Please note, the serial number remains the same whether it’s PAYG or Credit-based, as it’s tied to the Azure/ AWS Tenant.)
6. Finally, deploy the new Cloud NGFW Firewall from the Azure/ AWS Portal, selecting the newly available plan.

How to purchase CNGFW credits:

Purchase Cloud NGFW Credits directly from us, which come with a set term in years

Initially, Cloud NGFW was offered only as PAYG, with all billing processed through the cloud provider marketplace.

Selecting Individual Services/Subscriptions:

The billing for each service is based on the firewall configuration.

1. If using the Local Rulestack for policy management, one can enable or disable individual services directly by navigating to Local Rulestack → Resources → Security Services. From here, select the security service needed.

2. If using Panorama for management, and a specific security service is configured and pushed to the Cloud NGFW, one shall be billed for that service (e.g., URL Filtering, Advanced Threat Prevention, etc.).

guide for deploying CNGFW: https://live.paloaltonetworks.com/t5/cloud-ngfw-for-azure-videos/cloud-ngfw-credits/ta-p/597712