I’ve been doing a lot of working in Azure networking over the last month. A big topic has been firewall “network virtualization appliances” (NVAs) – Linux virtual machines that are firewall appliances. It seems to me that there are three tiers of product in the Marketplace:
Does not support any clustering (least favorable)
Supports active/passive clustering, but not active/active clustering or scale-out
Support active/active clustering and scale-out (most favorable)
The various big names in firewalling are spread across those 3 categories. Their documentation also ranges from “it sucks donkey b***s” (WatchGuard & Cisco) to awesome and should be must reading even if not working with their product (Palo Alto).
So far I’ve found:
Cisco ASAv: single node only
Check Point CloudGuard:
Palo Alto VM-Series: active/active
WatchGuard Firebox Cloud: single node only
Barracuda CloudGen Firewall: active/passive
What have you found? Have you found any more info in addition to the above?
FYI: Azure Firewall is a platform service that doesn’t have the concept of nodes or instances – it’s highly available and scalable based on consumption without you doing anything. However, it does not offer the L7 security features that a firewall with a security bundle can offer.