In our previous blog for Multi-Cloud Traffic Inspection, we discussed the inline firewall deployment for different types of traffic flows, including east-west, north-south, egress, and ingress (IFA).
We also highlighted many enterprise customers’ firewall deployment challenges in our previous blog, such as it requires manual configuration, setting up the routing and security rules, and managing the firewall. Another challenge is the visibility of traffic and troubleshooting.
In this blog, we will focus on the Alkira capabilities of Cloud Firewall deployment with respect to lifecycle management, autoscaling, and manageability for a multi-cloud environment.
Alkira’s Cloud Area Networking solution completely manages the lifecycle of a cloud firewall (FW); this includes deployment, modification, and deletion of the FW instances. The deployment consists of setting up the interfaces and infrastructure routing.
Figure 1: Creating a Cloud Firewall through Alkira UI Portal
Cloud Firewall Management Integration
Alkira’s Cloud Area Networking solution allows the seamless integration with FW Management systems for each supported vendor, including Palo Alto Panorama, Fortinet FortiManager, and Check Point Security Management.
Figure 2: Palo Alto Panorama Integration with Alkira Cloud Area Networking
Network segments created on the Alkira CXP are automatically mapped on a cloud firewall. This allows the routing between the firewall and Alkira CXP to be done seamlessly.
Using Alkira Cloud Area Networking, micro-segments or Alkira groups map to the firewall security zones, which allows the enterprise to use the same cloud firewalls for different traffic flows.
Figure 3: Cloud Firewall Segmentation and Micro-Segmentation Mapping Configuration
Cloud Firewall Autoscaling
Alkira provides the flexibility to deploy more than one firewall instance of the supported vendors. It also lets the customer decide based on their requirements if they want to deploy a fixed number of firewall instances for high availability or use Alkira’s auto-scaling capability to scale up or down on-demand.
Figure 4: Autoscaling with Fortinet
Alkira provides a flexible policy framework that allows users to steer traffic per requirement. Using Traffic policies, customers can select what type of traffic they want to inspect based on their match criteria.
Figure 6: Policy Inspector
Cloud Firewall Network Visibility
Alkira provides visibility into all traffic that is going to traverse the cloud firewall. Customers can also look at the FW for security policies being applied for that traffic.
Figure 7: Flow Visibility
Last but not least, using the Alkira solution, the same set of cloud firewalls can be used for different types of traffic flows, including North-South (on-prem to Cloud), East-West (Cloud-to-Cloud), and Egress/Ingress (Cloud to Internet and Internet to Cloud).
Since the same FWs are being used, it provides significant cost benefits for enterprise customers. Whether in different regions in the same cloud or a multi-cloud environment, the same FWs can be leveraged for all traffic.
Modernize your cloud network with Alkira
Reach out and schedule a demo today to learn more about how Alkira can help simplify cloud networking for your organization.
You can also try our Cloud Insights tool for free, giving instant inventory and insights into your cloud networking resources.