Organization from many industries have started moving their IT infrastructure to cloud faster than ever. When we talk about infrastructure, it’s not just server, database, storage – there are more to it.
A typical medium to a large organization would have the following infrastructure components.
In a traditional infrastructure, Firewall appliance may cost around few thousand dollars and need a firewall admin to manage it. It’s expensive.
Thanks to the managed firewall where you don’t have to buy expensive hardware appliance and hire an administrator for it.
Managed firewall is a service where you pay for what you use either on-demand or monthly. You don’t have to worry about the hardware. You can administer the firewall rules from intuitive GUI or command lines.
Note: The following are infrastructure firewall and not to confuse with Web Application Firewall.
Let’s take a look at some of the managed firewall you can use to protect your production infrastructure environment.
HeatShield works with any cloud, dedicated or hybrid infrastructure Linux servers. It supports SSH brute force protection out of the box and let you view and update firewall quickly across all your servers.
You can get it started in FREE which block all traffic except SSH, HTTP, and HTTPS on unlimited servers. Under the paid plan, you have full control on firewall rules and offer unlimited rulesets.
If you have servers with multiple cloud providers like GCP, AWS, Linode, Rackspace, Azure, DigitalOcean, etc. and looking to manage firewall centrally, then HeatShield will be a right choice.
Currently, it supports the following Linux distro.
2. Google Cloud Platform (GCP)
Google Cloud create default firewall rules for each VPC (Virtual Private Cloud) network. You can allow or deny connections to ingress (incoming), or egress (outgoing) rules and they are effective immediately.
It supports priority order between 0 to 65535 where lowest rule number got the highest priority. All are managed either through “Firewall rules” section under VPC Network or command line.
I use GCP and love the simplicity.
Source support multiple options like IP ranges, sub networks, source tag or service accounts and in a single line you can give multiple port numbers.
If you are already using Google Cloud, then play around with firewall rules to explore the possibilities to harden and secure the server at network firewall level.
3. Check Point
A known name in the security industry – Checkpoint got the vSEC product for public and private cloud security. vSEC is available on a public cloud such as AWS, GCP, Azure & VMware and private cloud as OpenStack, VMware NSX & Cisco ACI.
vSEC provides advanced threat protections including firewall, IPS (Intrusion Prevention System), Anti-virus, Anti-bot, Zero-day protection, DLP (Data Loss Prevention) and application control.
You can try a FREE test drive.
Cloud Firewall by DigitalOcean is free, and you don’t need to install any software on your server. You can control what services are allowed to your droplet from what sources.
DigitalOcean firewall is easy to use, and you can control the rules in one view to manage the entire DO infrastructure.
Barracuda NexGen firewall is available on the public cloud – AWS, GCP & Azure. NexGen is full featured firewall solutions to provide network level protection.
It acts as a network gateway between your network and the Internet and inspects all inbound & outbound traffics to protect based on the policies.
NexGen firewall got built-in SD-WAN (Software-defined wide area network) to provide connectivity between cloud to an on-premise data center.
Network Security by Dome9 is available for all three major cloud provider – Amazon Web Services, Google Cloud Platform, and Microsoft Azure.
Not just firewall but Dome9 got a powerful visualization of cloud assets, built-in capabilities to fix issues and multiple levels of control.
Dome9 offer free trial.
Zscaler Cloud Firewall is powered by patented technologies such as SSMA, ByteScan, PageRisk, Nanolog, PolicyNow to provide advanced security protection.
You can create a granular level of policies to control protocol, ports, location, user department, etc.
If you are looking for all-in-one network security with some of the following features, then give a try to Zscaler.
- Cloud firewall
- DNS/URL filtering
- Bandwidth control
- DNS Security
- File type controls
- Data loss prevention
I hope above give you an idea about some of the cloud managed firewall available in the market to protect small to enterprise business.
If you are hosting a simple application, blog or website and don’t a way to spend too much then alternatively, you may try Cloudways which offer platform level firewalls.