This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Zero-Trust Security, Zero Infrastructure: Bringing Palo Alto Networks’ Gold Standard to the Managed Cloud

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Blogs
4 min read
Co-Author

Zero-Trust Security, Zero Infrastructure: Bringing Palo Alto Networks’ Gold Standard to the Managed Cloud

rjain3
L1 Bithead
‎04-08-2026 01:31 PM

Strata Graphics (1).jpg

 

In our recent executive blog, we discussed the "4x Speed Paradox." We are now living in a world where AI-powered attacks have compressed the breach lifecycle from days to a mere 25 minutes. For the C-suite, this is a matter of business survival and agility. But for the security architects and cloud engineers in the trenches, the question is more tactical: How do we actually build a defense that moves as fast as the threat?

 

The answer lies in eliminating the trade-off between enterprise-grade security and cloud-native simplicity. Traditionally, architects had to choose between "easy-to-use" native tools with limited efficacy or complex virtual appliances that required manual patching, scaling, and tuning.

Today, we are flipping that script. We are delivering major technical innovations for Cloud NGFW for Azure designed to provide the "Gold Standard" of Palo Alto Networks security as a fully managed, zero-infrastructure service.

 

Available Today: Modernizing Your Posture in Minutes

 

The biggest "brake" on security agility has historically been the migration tax. Manually rewriting hundreds of legacy, port-based rules into modern, application-aware policies is an error-prone process that can take weeks.

 

Our upcoming CSP Firewall Migration Tool is designed to eliminate this friction. Integrated directly into Strata Cloud Manager (SCM), this self-service tool will allow you to:

 

  • Discover and Select: Automatically identify your existing Azure Firewall deployments and associated policies.
  • Analyze and Convert: Translate legacy configurations into sophisticated Palo Alto SCM configurations, upgrading your protection while preserving your original intent.
  • Instant Application: Apply these modernized policies directly to your Cloud NGFW or VM-Series instances.

 

By automating this transition, you will reduce manual errors and significantly shorten your time-to-value.

 

 

Onboarding_with_SCM.png

 

Azure_Firewall_Policy_Migration.png

 

Coming Soon: Scaling for the Hyperscale Workforce with Premium Instances  

 

As organizations scale their AI initiatives and containerized workloads, they often hit "performance ceilings" with standard cloud-native firewalls. Cloud NGFW Premium Instances tier is meant for high-demand, mission-critical environments.

 

This new tier will offer:

 

  • Massive Policy Sets: Support for up to 20K rules, 4K address groups, and 40K objects, effectively doubling the capacity of our standard tier.
  • High-Velocity Performance: A ~17 Gbps Cold Start Throughput with the ability to ramp up to 200 Gbps almost instantly.
  • Fat Flow Support: Optimized handling for large data transfers, supporting up to 8 Gbps per flow.

 

This ensures that security is never the bottleneck. You get the highest-performing Firewall-as-a-Service in the public cloud, with the same zero-maintenance experience you expect from an Azure-native service.

 

Cloud_NGFW_Premium_Model.png

 

Coming Soon: Intelligent Inline Defense (AWF, DNS, DLP)

 

To stop a 25-minute attack, your firewall must be an intelligent enforcement point for all traffic, including SaaS, PaaS, and GenAI services. We are preparing to bring our most advanced, AI-powered security services directly into the managed Cloud NGFW fabric.

 

 

  • Advanced WildFire (AWF): This service uses inline AI to analyze files in the traffic stream, blocking novel, AI-generated malware before it ever touches your workloads.
  • Advanced DNS Security: This integration provides real-time analysis of DNS requests, blocking "shadow domains" used for Command-and-Control (C2) callbacks and stopping breaches from calling home.
  • Data Loss Prevention: This cloud-delivered security service provides in-line and out-of-band analysis of the data going in and out of your network and protects sensitive data in real time.

 

With the above updates, we are also announcing the end of sale for DNS and WF security services which are now replaced with ADNS and AWF. If you are using DNS and WF, they will continue to be supported until Oct 31, 2026. You will automatically be migrated to ADNS and AWF after October 31, 2026.

 

SCM.png

 

Securing Your Cloud with Agility


Agility is about removing the friction between "the way it's always been done" and "the way it needs to be" in 2026. By automating your migration, embedding AI-native intelligence, and scaling with premium performance, we are giving architects the tools to build a truly resilient cloud.

 

If you are already an Azure customer: Deploying Azure-native, Cloud NGFW is just a few clicks from within the Azure Portal, and can be consumed against your existing MACC contract.  You also get a 30-day free trial within the Azure portal. 

 

Alternatively, you can find out more about CNGFW for Azure, and initiate a free trial here: 

Cloud NGFW for Azure | Try for Free


If you are new to Cloud NGFW for Azure, check out this 2 minute explainer video.

 

0 Likes Likes
  • 1279 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Labels
Contributors
Popular Blogs
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks