* [Blog](https://www2.paloaltonetworks.com/blog)
* [Network Security](https://www2.paloaltonetworks.com/blog/network-security/)
* [Network Perimeter](https://www2.paloaltonetworks.com/blog/network-security/category/network-perimeter/)
* Discover More VM-Series E...

# Discover More VM-Series Efficiency with Amazon Web Services VPC More Specific Routing

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fdiscover-amazon-web-services-vpc-more-specific-routing%2F)  
[](https://twitter.com/share?text=Discover+More+VM-Series+Efficiency+with+Amazon+Web+Services+VPC+More+Specific+Routing&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fdiscover-amazon-web-services-vpc-more-specific-routing%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fdiscover-amazon-web-services-vpc-more-specific-routing%2F&title=Discover+More+VM-Series+Efficiency+with+Amazon+Web+Services+VPC+More+Specific+Routing&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/network-security/discover-amazon-web-services-vpc-more-specific-routing/&ts=markdown)  
\[\](mailto:?subject=Discover More VM-Series Efficiency with Amazon Web Services VPC More Specific Routing)  
Link copied  
By [Salman Syed](https://www.paloaltonetworks.com/blog/author/salman-syed/?ts=markdown "Posts by Salman Syed")  
Sep 01, 2021  
3 minutes  
[Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown)  
[Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)  
[Announcement](https://www.paloaltonetworks.com/blog/tag/announcement-2/?ts=markdown)  
[AWS](https://www.paloaltonetworks.com/blog/tag/aws/?ts=markdown)  
[Cloud Network Security](https://www.paloaltonetworks.com/blog/tag/cloud-network-security/?ts=markdown)

Even more network security efficiency for the cloud is here. We are excited to announce you can now use the new [Amazon Web Services VPC More Specific Routing](https://aws.amazon.com/blogs/aws/inspect-subnet-to-subnet-traffic-with-amazon-vpc-more-specific-routing/) feature for VM-Series virtual firewalls. This allows you to secure your virtual private cloud (VPC) traffic with Palo Alto Networks VM-Series high-availability (HA) virtual firewalls and [AWS Gateway Load Balancer (GWLB)-based deployments](https://www.paloaltonetworks.com/blog/network-security/vm-series-integration-with-aws-gateway-loadbalancer/).

As more organizations migrate to the cloud, they can rely on [VM-Series](https://www.paloaltonetworks.com/prisma/vm-series) virtual next-generation firewalls to augment AWS native network security controls by protecting against exploits, malware, known and unknown threats, and data exfiltration. Some of the capabilities critical to ongoing operations include full visibility and control, consistent policy enforcement, application security, exfiltration prevention, compliance and risk management, security automation, and cloud-agnostic management. And now, with the new integration between the Amazon Web Services VPC More Specific Routing feature, you can now seamlessly insert a VM-Series virtual firewall to protect traffic between the subnets within a VPC.

## More Ease in Deploying Security Services Arrives

For one thing, this makes it easier to deploy production-grade applications with the security services you require within your Amazon Web Services VPC. For example, you can now redirect East-West traffic flowing between two subnets in a VPC through third-party appliances such as VM-Series firewalls.

This development also allows you to strengthen your overall security posture by allowing the inspection of all traffic between your subnets in a VPC through the VM-Series firewall stack exposed as a Gateway Load Balancer endpoint in your VPC. And to further galvanize your security posture you can also configure GWLB Endpoints as the next hop in your subnet route rules to enable redirection of all traffic within the VPC through the firewalls.
![VM-Series virtual firewalls now integrate with the Amazon Web Services VPC More Specific Routing feature.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/08/word-image-22.png)
Fig 1: East-West Traffic Between Subnets in a VPC

## Take A More Real-World Approach to Operations

Additionally, the Amazon More Specific Routing feature facilitates siloed operations of application teams and central security teams. Security teams can continue to deploy the firewall stack in the central security VPC for traffic inspection and expose it as GWLB endpoints in the application VPCs. Previously application teams could inspect all their VPC Internet Ingress traffic using the GWLB endpoints, but they were not able to effectively inspect the Internet Egress traffic (via NAT gateway) because the firewalls lacked visibility to the non-NATed source IP of the VPC workloads. No longer.
![VM-Series virtual firewalls now integrate with the Amazon Web Services VPC More Specific Routing feature.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/08/word-image-23.png)
Fig 2: Internet Egress Traffic Via Nat Gateway (Before More Specific Routing)

With Amazon More Specific Routing, application teams can also inspect the VPC Internet egress traffic from workloads in the private subnets, with complete visibility using the GWLB endpoints. Traffic from the app subnet can be directly sent to the GWLB endpoint, which will give more visibility to the firewall. For ingress and egress traffic, you will need to configure two separate GWLB Endpoints. The default route for the ingress GWLB Endpoint will be IGW, and the Egress GWLB Endpoint default route will be pointing to NATGW.
![VM-Series virtual firewalls now integrate with the Amazon Web Services VPC More Specific Routing feature.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/08/word-image-24.png)
Fig 3: Internet Egress Traffic with More Specific Routing

VPC More Specific Routing integration with the VM-Series firewall will help customers gain visibility into ingress and egress traffic and improve the security posture of the Amazon VPC.

To find out more about getting started, visit [this AWS marketplace listing](https://aws.amazon.com/marketplace/pp/prodview-3xtziatyes54i). You may also find more information on how VM-Series adds an additional layer of protection to AWS environments on the[Live Community AWS resource page](https://live.paloaltonetworks.com/t5/aws/ct-p/AWS).

*** ** * ** ***

## Related Blogs

### [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### Rapid, Automated Firewall Deployment Comes to AWS](https://www2.paloaltonetworks.com/blog/network-security/vm-series-ngfw-orchestration-for-aws/)

### [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### VM-Series Virtual NGFW Propels AWS Security Competency Partner Status](https://www2.paloaltonetworks.com/blog/network-security/aws-security-competency-partner/)

### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### CN-Series Container Firewalls on AWS Marketplace for Containers Anywhere](https://www2.paloaltonetworks.com/blog/network-security/cn-series-aws-marketplace-for-containers-anywhere/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### VM-Series Virtual Firewalls Integrate With AWS Gateway Load Balancer](https://www2.paloaltonetworks.com/blog/2020/11/netsec-aws-gateway-load-balancer-integration/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Strata Network Security Platform](https://www.paloaltonetworks.com/blog/network-security/category/strata-network-security-platform/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Palo Alto Networks Leads the Way with Quantum and Multicloud Security](https://www2.paloaltonetworks.com/blog/2025/08/paves-way-for-quantum-ready-security/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### Learn how to protect your AWS AI applications at AWS re:Inforce 2024](https://www2.paloaltonetworks.com/blog/network-security/aws-reinforce-2024/)

### Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language