Skip to main content

1.3 mCloud Firewall Options - Knowledgebase / mCloud / mCloud Product Information / Section 1: Networks & Security - Micron21 Knowledge Hub

1.3 mCloud Firewall Options

Authors list

Micron21’s Firewall Solutions: Open Source Options for Flexible Security

In addition to our enterprise-grade hardware firewall offerings—Juniper SRX firewalls and Fortinet FortiGate firewalls—Micron21 provides clients with open source firewall solutions that offer flexibility and cost-effectiveness. For organizations seeking a robust security posture without the investment in dedicated hardware, we offer our mCloud Firewall, which is provided free with all mCloud services and is based on OpenStack’s Neutron. Alternatively, for clients requiring more advanced features, we can deploy a pfSense or OPNsense open source virtual firewall, offering a rich set of functionalities comparable to commercial solutions.


Distributed Firewall Service

Within our mCloud portal users are provided access to robust firewall services directly integrated into OpenStacks Neutron networking services. This provides a distributed firewall service across each and every compute node where we filter traffic as close to the source instance (virtual machine) as possible reducing networking bottlenecks and single points of failure of traditional centralised firewall services.


Security groups within our mCloud portal provide stateful filtering, operating as a distributed firewall at the instance (VM) 

mCloud users can create and manage multiple security groups where rules can be dynamically applied based on the evolving state of the network. You can add, edit or delete firewall rules based on parameters like TCP, UDP ICMP, source and destination IP ranges, ports, and allow or deny actions for both Egress or Ingress traffic giving you maximum flexibility in making sure your online virtual machine instances stay safe and secure from unwanted threats.

 

Open Source Firewall Solutions

mCloud Software Defined Networking (SDN)

Our mCloud platform empowers customers with Software Defined Networking (SDN) capabilities, including:

Distributed Firewall as a Service (FWaaS)

Distributed Layer 4 Load Balancing

Native VPN IPsec Site-to-Site Connections

Floating IP Addresses dynamically mapped to virtual machine instances

 

Distributed Firewall Service with OpenStack Neutron

Within our mCloud portal, users gain access to robust firewall services directly integrated into OpenStack’s Neutron networking services. This integration provides a distributed firewall service across each compute node, filtering traffic as close to the source instance (virtual machine) as possible. By doing so, we reduce networking bottlenecks and eliminate the single points of failure often associated with traditional centralized firewall services.

 

Security Groups and Stateful Filtering

Security groups within our mCloud portal provide stateful filtering, operating as a distributed firewall at the instance level. mCloud users can create and manage multiple security groups where rules can be dynamically applied based on the evolving state of the network. You can add, edit, or delete firewall rules based on parameters like TCP, UDP, ICMP protocols, source and destination IP ranges, ports, and specify allow or deny actions for both egress and ingress traffic. This flexibility ensures that your virtual machine instances remain secure from unwanted threats.

 

Advantages of mCloud’s Neutron Firewall

Distributed Architecture: By filtering traffic at each compute node, the Neutron firewall minimizes latency and prevents bottlenecks, enhancing overall network performance.

Scalability: The distributed nature of the firewall allows for seamless scaling as your infrastructure grows.

Cost-Effective: Included free with all mCloud services, providing essential security without additional costs.

Ease of Management: Manage firewall rules and security groups directly through the mCloud portal, simplifying network security administration.

 

Considerations

While the mCloud Neutron firewall provides essential security features suitable for many use cases, it offers basic functionality compared to more feature-rich solutions. Organizations requiring advanced security features or centralized management may consider additional options.

 

pfSense and OPNsense Virtual Firewalls

For clients seeking a more feature-rich open source firewall solution, Micron21 offers deployment of pfSense or OPNsense virtual firewalls. Both pfSense and OPNsense are highly regarded in the industry for their robustness, flexibility, and extensive feature sets.

 

What Are pfSense and OPNsense?

pfSense: An open source firewall and router software based on FreeBSD. It offers a wide range of features including firewalling, routing, VPN, DHCP, DNS services, and more.

OPNsense: A fork of pfSense, also based on FreeBSD, offering similar functionalities with a focus on user-friendly interfaces and frequent updates.




Key Features

Advanced Firewall Capabilities: Stateful packet inspection, NAT, and granular rule definition.

VPN Support: Includes support for various VPN technologies like IPsec, OpenVPN, and PPTP, allowing secure remote connectivity.

Intrusion Detection and Prevention: Integration with IDS/IPS systems like Snort or Suricata to detect and prevent malicious activities.

Traffic Shaping and QoS: Manage bandwidth and prioritize traffic to ensure optimal network performance.

Extensive Package System: Ability to install additional packages to extend functionality, such as antivirus, proxy servers, and monitoring tools.

User-Friendly Web Interface: Intuitive management interface for easy configuration and monitoring.

 

Centralized Firewall Architecture

Unlike the distributed nature of the Neutron firewall, pfSense and OPNsense operate as centralized firewalls. All network traffic passes through the firewall VM, allowing for comprehensive inspection and control.

 

Advantages of pfSense/OPNsense

Feature-Rich: Offers a wide array of advanced networking and security features comparable to commercial solutions.

Customization: Highly configurable to meet specific network requirements.

Comprehensive Logging and Reporting: Detailed logs and reporting capabilities for monitoring and auditing purposes.

Community Support: Backed by active communities providing support, updates, and a wealth of documentation.

 


Public Access VLAN with Advance Hardware Firewall Filtering 

Enhance your network’s security and performance by taking full advantage of our Public Access VLAN service combined with our Advanced Hardware Firewall Filtering. When you choose this service, Micron21 meticulously filters your ingress and egress traffic based on your specific security requirements, utilising our state-of-the-art Juniper SRX clustered hardware firewall platform. This allows us to permit only the necessary TCP and UDP ports from specified locations, ensuring that authorised traffic flows seamlessly while unauthorised access is effectively blocked


Considerations

Resource Requirements: As a centralized firewall, the pfSense/OPNsense VM may require sufficient resources to handle network traffic without becoming a bottleneck.

Potential Single Point of Failure: Centralized architecture introduces a single point through which all traffic passes, necessitating proper redundancy planning.

Management Overhead: With extensive features comes increased complexity in configuration and management.

 

Choosing Between mCloud Neutron Firewall and pfSense/OPNsense

mCloud Neutron Firewall is ideal for:

Clients seeking basic firewall functionality integrated seamlessly with their mCloud services.

Environments where distributed firewalling is preferred to minimize latency and avoid bottlenecks.

Organizations looking for a cost-effective solution without additional licensing costs.

 

pfSense/OPNsense Virtual Firewalls are suitable for:

Clients requiring advanced firewall features and greater control over network security policies.

Environments where centralized management of firewall rules is desired.

Organizations needing additional functionalities like VPN services, intrusion detection, and traffic shaping.

 

Micron21’s Support for Open Source Firewall Solutions

At Micron21, we understand that every organization’s security needs are unique. By offering both distributed and centralized open source firewall options, we provide the flexibility for clients to choose the solution that best aligns with their requirements.

Our team of experts can assist you in:

Assessing Your Needs: We help evaluate your security requirements to determine the most appropriate firewall solution.

Deployment and Configuration: Our specialists can deploy and configure pfSense or OPNsense virtual firewalls, tailoring settings to your environment.

Ongoing Support: We offer support and maintenance services to ensure your firewall operates optimally and remains up-to-date with the latest security patches.

 

Conclusion

Micron21 is committed to providing comprehensive firewall solutions that cater to a wide range of security needs and budgets. Whether you opt for our enterprise-grade Juniper SRX or Fortinet FortiGate hardware firewalls, or explore the flexibility of open source options like mCloud’s Neutron firewall and pfSense/OPNsense, we have the expertise and resources to support your network security journey.

 

Experience the Micron21 Advantage

Flexibility: Choose from multiple firewall options to match your security posture and operational preferences.

Expertise: Leverage our knowledge in deploying and managing both commercial and open source firewall solutions.

Integration: Seamlessly integrate firewall services with your existing Micron21 infrastructure for a cohesive security environment.

Support: Benefit from our dedicated support team committed to ensuring your network remains secure and efficient.

 

Get Started with Micron21

Protect your organization with the firewall solution that best fits your needs. Contact us today to discuss how Micron21 can assist you in enhancing your network security with our range of firewall options.

 

Contact Information:

   •    Email: sales@micron21.com

   •    Phone: +61 1300 769 972

   •    Website: www.micron21.com

 

By understanding the differences between distributed and centralized firewalls, and the features each solution offers, you can make an informed decision that aligns with your organization’s security objectives. Micron21 is here to guide you through this process, ensuring that your network is protected by the solution that best meets your needs.


Helpful Unhelpful