* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/)
* See the Unseen in AWS Mir...

# See the Unseen in AWS Mirrored Traffic With VM-Series

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F03%2Faws-vpc-traffic-mirroring%2F)  
[](https://twitter.com/share?text=See+the+Unseen+in+AWS+Mirrored+Traffic+With+VM-Series&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F03%2Faws-vpc-traffic-mirroring%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F03%2Faws-vpc-traffic-mirroring%2F&title=See+the+Unseen+in+AWS+Mirrored+Traffic+With+VM-Series&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2021/03/aws-vpc-traffic-mirroring/&ts=markdown)  
\[\](mailto:?subject=See the Unseen in AWS Mirrored Traffic With VM-Series)  
Link copied  
By [Sai Balabhadrapatruni](https://www.paloaltonetworks.com/blog/author/sbalabhadrapatruni/?ts=markdown "Posts by Sai Balabhadrapatruni")  
Mar 10, 2021  
4 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[AWS](https://www.paloaltonetworks.com/blog/tag/aws/?ts=markdown)  
[VM-Series](https://www.paloaltonetworks.com/blog/tag/vm-series/?ts=markdown)  
[VM-Series on AWS](https://www.paloaltonetworks.com/blog/tag/vm-series-on-aws/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/2019/07/cloud-see-unseen-aws-mirrored-traffic-vm-series/?lang=ja "Switch to Japanese(日本語)")

## **Gain Complete Visibility and Eliminate Network Blind Spots in AWS Cloud**

[Amazon VPC Traffic Mirroring](https://aws.amazon.com/blogs/networking-and-content-delivery/using-vpc-traffic-mirroring-to-monitor-and-secure-your-aws-infrastructure/) provides a non-intrusive way to enable network visibility into your AWS deployments without requiring significant design changes to virtual network architecture.

Palo Alto Networks has built an integration of its VM-Series Virtualized Next-Generation Firewall with Amazon VPC Traffic Mirroring capability. VM-Series is the industry-leading virtualized firewall protecting your applications and data with next-generation security features that deliver superior visibility, precise control and threat prevention at the application level.

VM-Series has supported AWS cloud since 2014 with inline security protections for application workloads running in the cloud. According to Mukesh Gupta, vice president of product management at Palo Alto Networks, "Enterprises require consistent security in the cloud without sacrificing deployment flexibility and choice. Along with inline threat prevention capabilities, the integration of VM-Series with the Amazon VPC Traffic Mirroring capability gives organizations a choice to deploy the firewall out of band for application visibility and advanced threat detection in AWS cloud."

VM-Series on AWS deployed out of band now supports two critical security outcomes in AWS cloud:

* **Granular visibility into application traffic and detection** of network-borne threats through inspection of mirrored traffic.
* **Rapid detection and response against advanced attacks** using an AI-driven approach, such as [Cortex](https://www.paloaltonetworks.com/detection-response) by Palo Alto Networks.

[![VM-Series integrates with AWS VPC Traffic Mirroring - the graphic shows Traffic Mirroring Rules](https://www.paloaltonetworks.com/blog/wp-content/uploads/2019/06/AWS1-500x396.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2019/06/AWS1.png) Figure 1: VM-Series integration with Amazon VPC Traffic Mirroring Feature

## **Application Visibility and Threat Detection**

VM-Series on AWS can analyze, filter and process the raw data available through the VPC Traffic Mirroring capability within AWS cloud and provide contextually rich application, content and threat information. The need for extracting data out of AWS cloud for further processing is eliminated, saving cost and providing deep insight into network traffic. Based on this more in-depth inspection, customers can choose to enable alerts for a wide range of security issues, for example:

* **High priority security alerts** **:** Attacks for known exploits (for example, an attempt to exploit CVE-2017-5638 for Apache Struts-based web servers running in AWS). Primarily, VM-Series is serving as an intrusion detection system (IDS).
* \*\*Traffic to inappropriate, malicious destinations and command-and-control systems:\*\*Detect whether the source/destination is inappropriate or malicious, whether there are geoblocking restrictions to be met, or whether there is bitcoin traffic or an SSH session to a known command-and-control (C2) domain.

Based on the visibility and detection (in logs), you can [filter for events](https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-web-interface-help/objects/objects-log-forwarding.html), and enable alerts and actions that can trigger remediation using [Action-Oriented log forwarding using HTTP(S)](https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/monitoring/configure-log-forwarding.html). This provides a webhook to create a ticket in a service desk system or a security orchestration and response tool, such as [Cortex XSOAR](http://www.demisto.com/), or launch an AWS Lambda function, which can quarantine by shutting down the instance or lock down the Security Group.

## **Rapid Detection and Response Against Advanced Attacks**

The VM-Series firewall supports [enhanced application logging](https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/subscriptions/enhanced-application-logs.html), which converts raw packet data from AWS mirrored network traffic into context-aware network activity information for storage in Palo Alto Networks cloud services, including [Cortex Data Lake](https://www.paloaltonetworks.com/cortex/cortex-data-lake)++.++ Security applications, such as [Cortex XDR](https://www.paloaltonetworks.com/resources/datasheets/cortex-xdr), can start analyzing the rich data collected, using analytics and machine learning to detect stealthy attacks and expedite security investigations accurately. Identified threats can be mitigated through automated response from Cortex XSOAR and other security orchestration and response tools.
[![VM-Series integration with AWS VPC Traffic Mirroring, as well as the action of Cortex Data Lake, Cortex XDR and Cortex XSOAR](https://www.paloaltonetworks.com/blog/wp-content/uploads/2019/06/AWS2-500x316.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2019/06/AWS2.png) Figure 2: Rapid detection and response with Cortex

To learn more, we encourage you to follow these links:

* [Amazon VPC Traffic Mirroring](https://docs.aws.amazon.com/vpc/latest/mirroring/what-is-traffic-mirroring.html)[blog documentation.](https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring/)
* [VM-Series in AWS Marketplace.](https://aws.amazon.com/marketplace/seller-profile?id=0ed48363-5064-4d47-b41b-a53f7c937314)
* [GitHub repository](http://live.paloaltonetworks.com/aws) with sample VM-Series configuration for traffic mirroring.
* [VXLAN Tunnel Content](https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/networking/tunnel-content-inspection/tunnel-content-inspection-overview.html) Inspection feature in PAN-OS 10.0.
* [Log Filtering in PAN-OS.](https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-web-interface-help/objects/objects-log-forwarding.html)
* [Action-Oriented Log Forwarding Using HTTP(S).](https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/subscriptions/enhanced-application-logs.html)
* [Palo Alto Networks VM-Series Reference Architecture for AWS](https://www.paloaltonetworks.com/resources/reference-architectures/aws).
* [Learn more about VM-Series](https://www.paloaltonetworks.com/network-security/vm-series-virtual-next-generation-firewall).

*An earlier version of this blog was published June 25, 2019. It has been updated to reflect new developments in Amazon VPC Traffic Mirroring and PAN-OS.*

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Discover, Protect and Respond with AWS and Prisma Cloud](https://www2.paloaltonetworks.com/blog/2024/11/aws-and-prisma-cloud/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### VM-Series Virtual Firewalls Beat Fortinet Fortigate in Miercom Testing](https://www2.paloaltonetworks.com/blog/2023/03/vm-series-virtual-firewalls-in-miercom-testing/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Virtual Firewall ROI --- US Signal and Guest from Forrester Explain](https://www2.paloaltonetworks.com/blog/2022/07/virtual-firewall-roi/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Save the Date: Dive Into Cloud NGFW With Palo Alto Networks and AWS](https://www2.paloaltonetworks.com/blog/2022/04/cloud-ngfw-with-aws/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Guest Post](https://www.paloaltonetworks.com/blog/category/guest-post/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### VM-Series High-Availability --- Now Supported by IBM Cloud](https://www2.paloaltonetworks.com/blog/2022/04/vm-series-high-availability/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Cloud NGFW: Managed Next-Generation Firewall Service for AWS](https://www2.paloaltonetworks.com/blog/2022/03/next-generation-firewall-service-for-aws/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language