Search the Community

Hi all, I am new to the Forum, sorry if this topic already came up somewhere else. Here is my Question: How would your roadmap look like if your employer asks you to learn how to deploy, for example, a Palo Alto Next-Gen Firewall on AWS. I am a complete noob when it comes to IaC or Cloud Deployment/Development in general. My Employer gives me a good amount of time (3-6 Months) till the Projects for the Customers are going to start. I have basic knowledge of Azure (IaaS) but not much more when it comes to Cloud. I've learned how to deploy Firewalls On-Premise, but to be fully honest I am shook how vast and big the whole Cloud-Networking part is. And to be honest I am kinda overwhelmed and would appreciate your help how to start, or what to learn to make a good IaC deployment of Firewalls in the cloud. I appreciate every answer!

In today's ever-evolving threat landscape, organizations require robust network security solutions to protect their critical assets in the cloud. Google Cloud is committed to providing superior cloud-first security controls, and today at Google Cloud Next, we're thrilled to announce the general availability of Google Cloud NGFW Enterprise, our next-generation cloud firewall offering. Cloud NGFW Enterprise (formerly Cloud Firewall Plus) is an evolution of our fully-distributed cloud-first firewall service that delivers comprehensive Zero Trust network protection for your Google Cloud workloads. It can provide advanced Intrusion Prevention Service (IPS) capabilities, powered by Palo Alto Networks technology, to identify and block malicious traffic. Additionally, Cloud NGFW Enterprise offers enhanced security with high-performance, built-in TLS inspection capabilities, which you can use to decrypt and inspect encrypted traffic for hidden threats at scale. Cloud NGFW is offered in three tiers Essentials, Standard, and Enterprise. Cloud NGFW Enterprise is our top-tier offering, and is built on top of Cloud NGFW Standard that includes Fully Qualified Domain Name (FQDN) objects, geo-location objects, and threat-intelligence capabilities. Simple, scalable, and posture-aware security Simple and scalable: Cloud NGFW Enterprise is built on a distributed architecture that allows granular security controls at the workload level. This architecture eliminates the need for complex routing updates, and can help ensure automatic scaling to meet your security and performance needs. “As our workloads increasingly move to the cloud, we wanted to implement comprehensive threat protection closer to our workloads. Google’s Cloud NGFW Enterprise simplified our network architecture, gave us granular access control and advanced policy enforcement, all of which improved our overall security posture and lowered operations costs” said Richard Persaud, network security architect, McKesson CoverMyMeds. Built-in network security posture management: Cloud NGFW Enterprise offers comprehensive network security posture management with features including hierarchical policies, secure tags, and firewall insights. Hierarchical policies can allow you to create and enforce a consistent firewall policy across your organization, while secure tags can provide granular workload identification and segmentation. Firewall insights provides valuable metrics that help you continuously monitor and optimize your security posture. "To support secure cloud adoption, organizations need firewalls that are truly cloud-native and offer simplicity, scalability, and strong security," said John Grady, principal analyst at TechTarget's Enterprise Strategy Group. "Cloud NGFW Enterprise's high threat efficacy combined with a fully distributed architecture and built-in posture control helps security teams easily configure and enforce consistent security policies across their entire Google Cloud environment, saving them valuable time and resources." Cloud NGFW Enterprise architecture overview Advanced Threat Protection powered by Palo Alto Networks Cloud NGFW Enterprise embeds industry-leading Threat Prevention technology from Palo Alto Networks into our fully distributed, cloud-first architecture. This advanced intrusion prevention system inspects traffic moving to and from your Google Cloud workloads to detect and block malicious activity, including exploits, malware, and command-and-control traffic. Cloud NGFW benefits from Palo Alto Networks’ in-depth threat intelligence capabilities with more than 8.6 billion attacks blocked inline per day across 65,000 global organizations. In a testing environment using third-party tools, Cloud NGFW Enterprise powered by Palo Alto Networks offered 20 times higher threat protection efficacy compared to other cloud providers’ firewall offerings. Threat protection efficacy is measured by the number of threats blocked by firewall offerings. “We’re excited that Google Cloud has chosen Palo Alto Networks’ Threat Prevention technology to power Cloud NGFW Enterprise,” said Anand Oswal, SVP & GM of Network Security, Palo Alto Networks. “The solution provides Google Cloud customers with powerful defenses against the most sophisticated cyberattacks.” Get started with Google Cloud NGFW Enterprise Google Cloud NGFW Enterprise can empower you to secure your cloud environment with confidence. You can get started with Cloud NGFW by enabling it in the console. With just a few clicks, you can activate intrusion prevention, TLS inspection, and advanced security features for your Google Cloud workloads. For more detailed information and hands-on guidance, visit the product webpage, watch our demo video and refer to the Cloud NGFW documentation. Cloud NGFW Enterprise demo View the full article

Sonrai recently launched the first-ever Cloud Permissions Firewall – a new class of solution built to more efficiently protect sensitive permissions and access. A new solution class deserves a proper introduction and definition, so this blog will cover what a Cloud Permissions Firewall is, why enterprises need one, how it is different from other identity-focused […] The post Defining a Cloud Permissions Firewall appeared first on Security Boulevard. View the full article

Firewalla makes configurable hardware firewalls that connect to your router, providing protection for your home or business against various network and internet threats. The company has announced the pre-sale of Firewalla Gold Pro, the newest and most powerful addition to the "Gold" product line. Touted as the world’s most affordable 10-gigabit smart firewall, this device is designed to be compatible with the next-generation Wi-Fi 7 and high-speed 5 and 10-gigabit ISP fiber networks. The Gold Pro features two 10-gigabit and two 2.5-gigabit Ethernet interfaces, which provide network segmentation and redundancy. The device is powered by a quad-core Intel processor and 8GB of RAM, allowing it to scale with growing networks. Available to pre-order The 10-gigabit ports can be used for both WAN and LAN and users can segment their network with VLANs running at 10 gigabits or connect one port to a 10-gigabit Wi-Fi 7 access point and another to a high-speed switch. The firewall supports VPNs at speeds over 2GB, ensuring a fast and secure network experience, even on the go. “Our dedicated community is always pushing for a better network at higher speeds. The Gold Pro makes it possible to protect their homes and offices at future speeds, without monthly fees,” said Jerry Chen, founder of Firewalla. “As small businesses upgrade their infrastructure and consumers adopt faster offerings from their ISPs, the Gold Pro gives them unmatched visibility and protection for the next generation of networks.” The Firewalla Gold Pro is currently available for pre-sale at a price of $789 with early buyers receiving an additional six months of warranty. Shipping is expected to start in early November, with a price increase likely closer to the shipping date. More from TechRadar Pro We've rounded up the best endpoint protection software around todayAnd these are the best small and medium business firewall software optionsCloudflare is adding a firewall to help keep your LLM safe View the full article

AWS WAF has extended support of the ‘ruleMatchDetails’ field in the logs to include Regex rules. Customers use logs to further investigate the requests that are inspected by AWS WAF. The ‘ruleMatchDetails’ log field gives visibility into the part of a request that matched a rule or rule group. View the full article

Introducing Google Cloud Firewall Plus with intrusion preventionView the full article

A working firewall is among the first layers of protection in protecting the cloud server. Previously, this was frequently achieved by the use of complex and obscure utilities. There seem to be a lot of features integrated into such packages or utilities, with iptables as perhaps the most common one lately, however learning and using them require some work on the part of the consumer. In this regard, UFW is a much more user-friendly choice. UFW or Unpretentious Firewall is an iptables front-end. Its key purpose is to make controlling the firewall as seamless as possible by including a user-friendly GUI. It’s well enough and famous in the Linux world, with many Linux distributions including it by default. As a result, it’s a flawless place to start when it comes to protecting your server. Prerequisites Make sure to have any distribution of the Linux operating system installed on your machine. In our example, we have Ubuntu 20.04 installed and used for this purpose. Users must have occupied the root user account or have sudo rights to do anything. Install UFW At the very early stage, you have to make sure that you have the UFW firewall installed and configured on your Ubuntu 20.04 Linux system. Now, open the command-line shell from the Activity side area at the top of the desktop, or you can use the shortcut key Ctrl+Alt+T to do so. If you don’t have UFW installed, you can do so using the below-stated instructions in the shell. The sudo command requires your sudo user password to install the UFW utility in Ubuntu 20.04 Linux distribution. Write your password and tap the “Enter” key from your typewriter. $ sudo apt install ufw You can also use the below command to install UFW with a little change. You can see that the UFW has been installed on our Ubuntu 20.04 Linux system. Check the UFW Status After the installation process, you are finally able to check the activation status of the UFW firewall. For this, we have to use the simple sudo command followed by the word “ufw” and “status”, as displayed below. The output snapshot is showing that the UFW firewall is currently disabled or inactive. $ sudo ufw status Enable UFW Firewall To further use it, we have to first enable it using the sudo command along with the words “ufw” and “enable”, as presented in the snapshot below. Now your firewall has been properly activated and is ready to use. $ sudo ufw enable We can again check the status of the UFW firewall using the old status command, as shown below. You can view the output which indicates that the UFW firewall is not activated. $ sudo ufw status When the VPS is set up for IPv6, make sure to absolutely confirm that UFW is set up to handle IPv6 as well, so it can customize IPv4 mutually as well as IPv6 firewall policies. To do just that, use the following instruction to access the configuration file of the UFW firewall: $ sudo vi /etc/dfault/ufw The following below output window will be popped up. You can see it has already been set to “IPv6”, so we don’t need to change anything. Just press “:q:” and quit the file. Default Settings Defining certain default rules for accepting and refusing connections is among the aspects that can make establishing a firewall simpler. All incoming communications are denied by default, while all outgoing communications are allowed. This ensures that anybody who tries to log into your cloud service will be unable to do so, but any program running on the server will be allowed to communicate with the external world. You may use the subsequent instructions to change UFW’s defaults: $ sudo ufw default allow outgoing Allow SSH and Other Connections By providing instructions in the command-line terminal, you can alter the security policies. Both incoming communications will be rejected if we switched on the firewall right now. When you’re linked to the cloud server via SSH, this will be a challenge because you’d be signed out. To avoid this from occurring, we’ll allow SSH connections to our cloud service, as shown below. The connections are also successfully added. $ sudo ufw allow ssh For general applications, UFW has certain defaults. The illustration shown is the SSH command we used earlier. It’s essentially just an abbreviation for: $ sudo ufw allow 22/tcp The TCP protocol is used to facilitate the communication on port 22 with this instruction, you may use the below instruction to allow connections: $ sudo ufw allow 2222/tcp Check Status Finally, all the connections have been set. There are a lot more connections you can connect with, but we have to check the status of the UFW firewall after connecting SSH with it. The output shows the connections listed in the output. Delete SSH and Other Connections Now before logging out of the system, you may have to delete all the connections. For this purpose, we have to use the same sudo command with a little change. We have been using the “delete” word this time. To delete the “SSH” connection, try the below command: $ sudo ufw delete allow ssh Now we will be deleting the connection for tcp port number 22 as follows: $ sudo ufw delete allow 22/tcp Then we will be deleting the connection for tcp port number 22 as follows: $ sudo ufw delete allow 22/tcp We are disabling the status of UFW firewall by using the same sudo ufw command. It requires sudo privileges to change the status of the UFW firewall. $ sudo ufw disable Upon checking the status, you can see that it’s disabled. $ sudo ufw status Conclusion We have tried every step to allow SSH connection with the UFW firewall. We hope you can easily establish ssh connection by going through this article. View the full article