In our previous blog  for Multi-Cloud Traffic Inspection, we discussed the inline firewall deployment for different types of traffic flows, including east-west, north-south, egress, and ingress (IFA).

We also highlighted many enterprise customers’ firewall deployment challenges in our previous blog, such as it requires manual configuration, setting up the routing and security rules, and managing the firewall. Another challenge is the visibility of traffic and troubleshooting.

In this blog, we will focus on the Alkira capabilities of Cloud Firewall deployment with respect to lifecycle management, autoscaling, and manageability for a multi-cloud environment.

Lifecycle Management

Alkira’s Cloud Area Networking solution completely manages the lifecycle of a cloud firewall (FW); this includes deployment, modification, and deletion of the FW instances. The deployment consists of setting up the interfaces and infrastructure routing.

Figure 1: Creating a Cloud Firewall through Alkira UI Portal

Cloud Firewall Management Integration

Alkira’s Cloud Area Networking solution allows the seamless integration with FW Management systems for each supported vendor, including Palo Alto Panorama, Fortinet FortiManager, and Check Point Security Management.

Figure 2: Palo Alto Panorama Integration with Alkira Cloud Area Networking

Network Segmentation

Network segments created on the Alkira CXP are automatically mapped on a cloud firewall. This allows the routing between the firewall and Alkira CXP to be done seamlessly.

Groups-zones mapping

Using Alkira Cloud Area Networking, micro-segments or Alkira groups map to the firewall security zones, which allows the enterprise to use the same cloud firewalls for different traffic flows.

Figure 3: Cloud Firewall Segmentation and Micro-Segmentation Mapping Configuration

Cloud Firewall Autoscaling

Alkira provides the flexibility to deploy more than one firewall instance of the supported vendors. It also lets the customer decide based on their requirements if they want to deploy a fixed number of firewall instances for high availability or use Alkira’s auto-scaling capability to scale up or down on-demand.

Figure 4: Autoscaling with Fortinet

Policy Framework

Alkira provides a flexible policy framework that allows users to steer traffic per requirement. Using Traffic policies, customers can select what type of traffic they want to inspect based on their match criteria.

Figure 5: Traffic Policy

Figure 6: Policy Inspector

Cloud Firewall Network Visibility

Alkira provides visibility into all traffic that is going to traverse the cloud firewall. Customers can also look at the FW for security policies being applied for that traffic.

Figure 7: Flow Visibility

Cost Benefits

Last but not least, using the Alkira solution, the same set of cloud firewalls can be used for different types of traffic flows, including North-South (on-prem to Cloud), East-West (Cloud-to-Cloud), and Egress/Ingress (Cloud to Internet and Internet to Cloud).

Since the same FWs are being used, it provides significant cost benefits for enterprise customers. Whether in different regions in the same cloud or a multi-cloud environment, the same FWs can be leveraged for all traffic.

Modernize your cloud network with Alkira

Reach out and schedule a demo today to learn more about how Alkira can help simplify cloud networking for your organization.

You can also try our Cloud Insights tool for free, giving instant inventory and insights into your cloud networking resources.

About the Authors:    & 

Ahmed Abeer is a Sr. Product Manager at Alkira, where he is responsible for building a best-in-class Multi-Cloud Networking and Security Product. He has been in Product Management for more than ten years in different big and small organizations. He has worked with large enterprise and service provider customers to enable LTE/5G MPLS network infrastructure, automate Layer 3 Data Center, enable Next-Gen Multi-Cloud architecture, and define customers’ Multi-Cloud strategies. Ahmed’s technical expertise in Cloud Computing and Layer 2/Layer 3 network technologies. Ahmed is a public speaker at various conferences & forums and holds a Master’s Degree in Computer Engineering

Deepesh Kumar is a Solutions Architect and product specialist in the computer networking industry with over 8 years of experience. He currently works as part of the post sales team at Alkira and focuses on working with customers to design and deploy the Alkira solution. Prior to working here, he worked at Viptela which was acquired by Cisco Systems. He holds a masters degree from San Jose State University.