Firewall Appliances
- This topic has 5 replies, 2 voices, and was last updated 1 year, 4 months ago by
.
-
Posts
-
I’ve been doing a lot of working in Azure networking over the last month. A big topic has been firewall “network virtualization appliances” (NVAs) – Linux virtual machines that are firewall appliances. It seems to me that there are three tiers of product in the Marketplace:
- Does not support any clustering (least favorable)
- Supports active/passive clustering, but not active/active clustering or scale-out
- Support active/active clustering and scale-out (most favorable)
The various big names in firewalling are spread across those 3 categories. Their documentation also ranges from “it sucks donkey b***s” (WatchGuard & Cisco) to awesome and should be must reading even if not working with their product (Palo Alto).
So far I’ve found:
- Cisco ASAv: single node only
- Check Point CloudGuard:
- Palo Alto VM-Series: active/active
- WatchGuard Firebox Cloud: single node only
- Barracuda CloudGen Firewall: active/passive
What have you found? Have you found any more info in addition to the above?
FYI: Azure Firewall is a platform service that doesn’t have the concept of nodes or instances – it’s highly available and scalable based on consumption without you doing anything. However, it does not offer the L7 security features that a firewall with a security bundle can offer.
You must be logged in to reply to this topic.