Cloud Next Generation Firewall is a distributed firewall service that lets you secure your Trusted Cloud by S3NS workloads. The workloads include applications and services that run on Trusted Cloud or that consume Trusted Cloud resources. Using Cloud NGFW, you can protect your workloads against external threats from the public internet and internal threats within your own network.
Cloud NGFW has the following benefits:
Distributed firewall service. Cloud NGFW applies firewall rules to each workload in a network and checks every incoming and outgoing connection for threats.
This approach sets up a zero-trust security framework, where the firewall service verifies each connection before it reaches its destination. If a workload of your network is compromised, Cloud NGFW keeps other workloads secure by verifying every incoming or outgoing connection to and from other workloads.
Simplified configuration and deployment. Cloud NGFW implements network and hierarchical firewall policies that can be attached to a resource hierarchy node. These policies provide a consistent firewall experience across the Trusted Cloud resource hierarchy.
Granular control and micro-segmentation. Cloud NGFW lets you control network traffic in detail. It does this by combining firewall policies with secure tags.
This approach allows precise control over network traffic, even for a single virtual machine (VM). Cloud NGFW helps you manage traffic entering and leaving Trusted Cloud (north-south traffic) and traffic between applications and services within Trusted Cloud (east-west traffic). This control extends across Virtual Private Cloud (VPC) networks and organizations.
Cloud NGFW is available in the following tiers:
- Cloud Next Generation Firewall Essentials
- Cloud Next Generation Firewall Standard
Cloud NGFW also provides additional features that you can add on top of these tiers.
Cloud NGFW Essentials
Cloud NGFW Essentials is the foundational firewall service offered by Trusted Cloud. It includes the following features and capabilities:
Global network firewall policies and regional network firewall policies enable you to group firewall rules into a policy object applicable to all regions or specific regions.
Secure tags combined with network firewall policies provide micro-segmentation and fine-grain control of your Trusted Cloud resources. Secure tags are managed centrally with unique IDs and strict IAM control. You can reference these secure tags in network firewall policy rules for tighter and uniform access control across your regions and network.
Address groups combine multiple IP addresses and IP ranges into a single named logical unit. You can reference the same address group in multiple firewall rules for ingress and egress control.
VPC firewall rules that use network tags and service accounts filter incoming and outgoing traffic at the network level.
Cloud NGFW Standard
Cloud NGFW Standard extends the Cloud NGFW Essentials features to provide enhanced capabilities to help protect your cloud infrastructure from malicious attacks.
It includes the following features:
Fully qualified domain name (FQDN) objects in firewall policy rules filter incoming or outgoing traffic from or to specific domains. Based on the traffic direction, the IP addresses associated with the domain names are matched against the source or destination of the traffic.
Geolocation objects in firewall policy rules filter external IPv4 and IPv6 traffic based on specific geographic locations or regions.
Additional features
In addition to the features available in the Cloud NGFW Essentials and Cloud NGFW Standard tiers, Cloud NGFW offers the following features:
Hierarchical firewall policy rules create and enforce a consistent firewall policy across your organization. You can assign hierarchical firewall policies to the organization as a whole.
Firewall Rules Logging lets you verify whether firewall rules are being used as intended.