In our previous blog for Multi-Cloud Traffic Inspection, we discussed the inline firewall deployment for different types of traffic flows, including east-west, north-south, egress, and ingress (IFA).
We also highlighted many enterprise customers’ firewall deployment challenges in our previous blog, such as it requires manual configuration, setting up the routing and security rules, and managing the firewall. Another challenge is the visibility of traffic and troubleshooting.
In this blog, we will focus on the Alkira capabilities of Cloud Firewall deployment with respect to lifecycle management, autoscaling, and manageability for a multi-cloud environment.
Lifecycle Management
Alkira’s Cloud Area Networking solution completely manages the lifecycle of a cloud firewall (FW); this includes deployment, modification, and deletion of the FW instances. The deployment consists of setting up the interfaces and infrastructure routing.
Figure 1: Creating a Cloud Firewall through Alkira UI Portal
Cloud Firewall Management Integration
Alkira’s Cloud Area Networking solution allows the seamless integration with FW Management systems for each supported vendor, including Palo Alto Panorama, Fortinet FortiManager, and Check Point Security Management.
Figure 2: Palo Alto Panorama Integration with Alkira Cloud Area Networking
Network Segmentation
Network segments created on the Alkira CXP are automatically mapped on a cloud firewall. This allows the routing between the firewall and Alkira CXP to be done seamlessly.
Groups-zones mapping
Using Alkira Cloud Area Networking, micro-segments or Alkira groups map to the firewall security zones, which allows the enterprise to use the same cloud firewalls for different traffic flows.
Figure 3: Cloud Firewall Segmentation and Micro-Segmentation Mapping Configuration
Cloud Firewall Autoscaling
Alkira provides the flexibility to deploy more than one firewall instance of the supported vendors. It also lets the customer decide based on their requirements if they want to deploy a fixed number of firewall instances for high availability or use Alkira’s auto-scaling capability to scale up or down on-demand.
Figure 4: Autoscaling with Fortinet
Policy Framework
Alkira provides a flexible policy framework that allows users to steer traffic per requirement. Using Traffic policies, customers can select what type of traffic they want to inspect based on their match criteria.
Figure 5: Traffic Policy
Figure 6: Policy Inspector
Cloud Firewall Network Visibility
Alkira provides visibility into all traffic that is going to traverse the cloud firewall. Customers can also look at the FW for security policies being applied for that traffic.
Figure 7: Flow Visibility
Cost Benefits
Last but not least, using the Alkira solution, the same set of cloud firewalls can be used for different types of traffic flows, including North-South (on-prem to Cloud), East-West (Cloud-to-Cloud), and Egress/Ingress (Cloud to Internet and Internet to Cloud).
Since the same FWs are being used, it provides significant cost benefits for enterprise customers. Whether in different regions in the same cloud or a multi-cloud environment, the same FWs can be leveraged for all traffic.
Modernize your cloud network with Alkira
Reach out and schedule a demo today to learn more about how Alkira can help simplify cloud networking for your organization.
You can also try our Cloud Insights tool for free, giving instant inventory and insights into your cloud networking resources.
Ahmed Abeer is a Sr. Product Manager at Alkira, where he is responsible for building a best-in-class Multi-Cloud Networking and Security Product. He has been in Product Management for more than ten years in different big and small organizations. He has worked with large enterprise and service provider customers to enable LTE/5G MPLS network infrastructure, automate Layer 3 Data Center, enable Next-Gen Multi-Cloud architecture, and define customers’ Multi-Cloud strategies. Ahmed’s technical expertise in Cloud Computing and Layer 2/Layer 3 network technologies. Ahmed is a public speaker at various conferences & forums and holds a Master’s Degree in Computer Engineering
Deepesh Kumar is a Solutions Architect and product specialist in the computer networking industry with over 8 years of experience. He currently works as part of the post sales team at Alkira and focuses on working with customers to design and deploy the Alkira solution. Prior to working here, he worked at Viptela which was acquired by Cisco Systems. He holds a masters degree from San Jose State University.
