A cloud firewall is a Firewall Appliance that provides network security within a cloud computing environment. Unlike on-premises traditional firewalls a cloud firewall is a virtualized Firewall operating system that runs on a virtual machine within a hypervisor such as VMware for private cloud use within a data center, or a public cloud such as AWS or Microsoft Azure .
Cloud Firewalls provide cloud security to cloud applications and servers within the cloud environment creating a security perimeter in front of the private network and internal LAN IP addresses that virtual machines run on.
Who provides Cloud Firewalls?
The underlying infrastructure for a cloud firewall is provided by a cloud provider, this could be a public cloud provider such as Amazon Web Services or Microsoft Azure or other cloud providers such as Stream Networks.
The cloud provider delivers the infrastructure, but the Firewall software or underlying security solution operating system is provided by a Firewall Vendor. Stream Networks deliver cloud firewalls with operating systems provided by some of the leading firewall vendors such as Juniper, FortiGate, Barracuda, SonicWall and Cisco. This provides a cloud firewall built using leading providers paid for and supported technology. There are also a number of open-source platforms such as PFSENSE and OPNSENSE that provide a lower cost of entry and are generally well supported within the open source community.
What security services does a Cloud Firewall deliver?
Depending on the operating system and licence choice Cloud Firewalls can deliver a complete next generation firewall (NGFW) suite delivering real time protection against cyber threats from malware, advanced threat protection, ransomware, DNS filtering, web application firewall technology (WAF) and services such as IPS (Intrusion Prevention Services), Threat Protection, and anti-virus and anti-spam filtering.
What is the difference between a cloud firewall and FWaaS (Firewall As A Service)?
The main difference between a Cloud Firewall and a Firewall As A Service is that with FWaaS the managed service provider or cloud provider provides management of the firewall rules, security policies, operating system, threat intelligence, underlying Virtual Firewall Cloud Infrastructure and security reporting. Stream Networks provide both a standalone cloud firewall where the customer is responsible for ongoing management of the operating system and FWaaS where we provide a complete managed firewall service for managed secure access delivered from the cloud.
Can you deliver Load Balancing with a Cloud Firewall?
Yes, a Cloud Firewall can deliver load balancing. Typically, within a cloud environment this would deliver load balancing to the Virtual Machines within the Virtual LAN instead of load balancing WAN connections.
When utilising Cloud Firewalls, they are normally connected to highly resilient, low latency infrastructure, within the cloud providers network with BGP dynamic routing and resilient layer2 and 3 connectivity built in, but you can configure cloud firewalls to run multiple WAN links with BGP routing to load balance WAN connectivity as well as to the LAN depending on the levels of network traffic expected.
Load balancing to Virtual Machines within the virtual LAN environment is used extensively particularly when customers are running front end web servers with clustered SQL and MYSQL database servers, this ensures web users are balanced effectively to a front-end apps server to ensure the back-end infrastructure serves data efficiently and no single server is overloaded.
Can a Cloud Firewall provide SD-WAN functionality?
In short yes but you need to ensure your cloud firewall is supported by your SD-WAN Vendor to ensure interoperability. Stream Networks deliver and hold certifications for SD-WAN solutions from Juniper, FortiGate, Cradlepoint and Cisco providing Zero-Trust secure WAN connectivity for corporate networks and IOT deployments. With an SD-WAN network we ensure your endpoint firewall is the same vendor as your cloud firewall with the correct SD-WAN licences to ensure you have full SD-WAN functionality for Virtual Networking Functions, VPN access and critical application performance protocols such as APPQoE.
Do Cloud Firewalls provide DDOS protection?
In short no, DDOS (Distributed Denial of Service) attacks are attacks against a network that cause an increase in bandwidth and data flows that are designed to saturate an Internet link and the device attached (the cloud firewall). A DDOS attack against a cloud firewall will cause a loss of service quite quickly. Instead, your public or private cloud provider should run DDOS Scrubbing on their core Internet Transit services to filter the DDOS attack before it reaches the cloud firewall. Stream Networks Virtual Private Cloud service is protected by our upstream DDOS scrubbing service.
Can you VPN to a Cloud Firewall?
Yes, virtual private networks are supported on cloud firewalls for both SD-WAN connectivity, IPSEC site to site tunnels and dial in VPN secure access for remote users.
How Much Does a Cloud Firewall Cost?
Pricing for cloud Firewalls will depend on the compute resources consumed, bandwidth required and the Vendor used for the Firewall operating systems and Next Generation Firewall features required. Stream Networks deliver opensource Cloud Firewalls starting at £35.00 per month for the compute resource and bandwidth.
What are the benefits of a Cloud Firewall?
The main benefits of a cloud firewall are:
- Scalability – With a cloud firewall you can easily scale the compute resources and bandwidth as your compute workloads increase or decrease
- Pricing – With a cloud firewall pricing is delivered on a monthly pay as you go basis rather than capex
- Next Generation CyberSecurity & Threat Protection – A cloud firewall delivers Next Generation Firewall capabilities and Threat Protection for your critical cloud infrastructure
If you are considering deploying a cloud environment whether it’s a SAAS application, private cloud, Virtual Private Cloud, Hybrid Cloud or public cloud deployment Stream Networks can help support you with Cloud Firewall deployments across your virtual infrastructure.
If you would like further information on our services please complete the contact form below or contact by email to sales@stream-networks.co.uk or by telephone on 01635 884170.