Cloud firewall

Digital threats such as viruses, spyware, phishing, encryption, DDoS attacks and hacking are routed daily via the internet. Often with the aim to shut down your organisation or to steal your data. A good cloud firewall is certainly not a luxury.

cloud firewall

What does a firewall do?

The gatekeeper to your virtual environment

With a firewall you are protected against (digital) intruders. Like a gatekeeper, it checks everyone who wants to go in or out and only allows the desired visitors, as illustrated in  the image below. So a firewall is a security system that is placed between the internet and, in this case, the Fundaments servers. The firewall prevents unauthorised use of and access to your virtual environment. It also analyses all data that goes in and out. What is allowed past the firewall and what is blocked can be specified in the settings.

Firewall

Why this service

Nowadays, most environments already have a kind of firewall solution that protects your environment against abuse from the outside. For example, the standard firewall solution from Fundaments, the Edge Gateway, also has firewall functions that block network traffic from the outside. The Next Generation Redundant Firewall solution offers even more options.

More and more organisations now have to comply with specific security requirements that are set by the government, for example (according to a number of our partners, this is the most important reason for choosing a cloud firewall with more options). In addition, these organisations must be able to demonstrate that they are actively involved in this and meet these requirements. And since 1 January 2016 there’s a duty to report data leakshich means organisations must report as soon as they have a data leaks, possibly resulting in high fines.

The Next Generation Redundant Firewall from Fundaments gives you the opportunity to better protect your environment against threats and abuse from the outside. This firewall solution, based on Fortinet’s technology, the market leader in IT security, includes technologies such as firewall solutions, extensive VPN capabilities and intrusion protection (IPS). In addition, this cloud firewall can also provide you with comprehensive real-time information in terms of monitoring and logging.

When you purchase this service, you gain access to the cloud firewall via a web interface. This enables you to configure the cloud firewall to your own requirements so that it is compatible with your environment. Support is available.

 Conditions

To use the FortiGate firewall, you must be connected to the Fundaments network. You will need at least one internet connection from Fundaments. The firewall service can be used within one working day.

Technical information

A big advantage of the Next Generation Redundant Firewall is the high throughput speed of 20Gbps and a latency of 6 μs. This firewall has two modes namely NAT/Route and Transparent.

In NAT/Route mode the Next Generation Redundant Firewall is set up as a gateway or a router between your environment and the internet. The firewall can apply Network Address Translation (NAT) to the IP addresses of your network.

In Transparent mode, the Next Generation Redundant Firewall is placed between your internal network and the router. As a result, the firewall doesn’t make any changes to the IP addresses, but the set security rules apply to the network traffic that passes (pass-through). In this setup, little adjustments to your network are required.

This firewall also has the following options:

  • Client-to-Gateway IPsec VPN
  • Gateway-to-Gateway IPsec VPN
  • SSL VPN
  • Intrusion Prevention System (with a throughput of 3.5 Gbps)
  • Data Leakage Prevention (DLP)

The FortiClient is an application with which VPN connections can be set up from the desktop itself. In addition, the FortiClient (once installed on the desktop) also provides information to the firewall about the ‘reputation’ of this desktop. Based on this reputation, FortiClient can indicate when it may be eligible for quarantine. Once in quarantine, all traffic to and from the desktop is blocked. This gives the user the time to ‘clean’ or restore the desktop.

Data Leakage Prevention (DLP) monitors the internal network and detects, based on a unique document fingerprint, when a document with sensitive information leaves the network, as illustrated in the image below.

Firewall DLP

Fortinet supplies its products with 24x7x365 updates which are distributed via the Fortinet Distributed Network. This ensures the firewall is always equipped according to the latest security rules.

The service levels

Service levels define the quality of a service. Fundaments guarantees the following service levels for the Next Generation Redundant Firewall service:

  • The Next Generation Redundant Firewall has been redundantly implemented in our data centres, guaranteeing an availability guarantee of 99.90%.
  • The firewall has a throughput of 20Gbps with a latency of 6 μs
  • With the Next Generation Redundant Firewallyou are protected against threats such as malware (ransomware) and zero-day attacks
  • Data leaks can be prevented by using Data Leakage Prevention
  • Firewall policies and rules are updated 24x7x365, distributed via the Fortinet Distributed Network.

Options

As indicated, Fundaments offers two options for a firewall service. The standard solution is the Edge Gateway which also acts as a firewall. This Edge Gateway is located in vCloud.

The second option is the Next Generation Redundant Firewall. This can be implemented as NAT/Route or as Transparent mode. The firewall offers extensive monitoring options and can also function as IPS. Additional technologies such as Data Leakage Prevention increase the security of your environment. These combined distinguish the FortiGate Next Generation Redundant Firewall from the standard Edge Gateway. 

Price

For a good firewall solution an organisation has to make a considerable investment, since these solutions aren’t cheap nowadays. The Next Generation Redundant Firewall Service is available at Fundaments for a fixed amount per month. This gives you full access to the functions of this firewall via the web interface.

Why Fundaments

Fundaments works exclusively in Dutch data centres and is both ISO 27000 and NEN7510 certified. 24/7 support and any migration support is included with us.

For more information about purchasing a cloud firewall at Fundaments, please contact us at info@fundaments.nl or call 088 4 227 227.

Do you want a good firewall?
A leap forward
“By using Fundaments’ platform and expertise we have made a leap forward as a company in professionalising our part of the chain.’’
Jeroen Mahler
Managing Director of CoBrowser
Excellent flexibility
“Fundaments’ excellent flexibility is also an important factor. The viewpoint of making sure something is fixed before talking about the invoice is very helpful to us.”
Jeroen Mahler
Managing Director of CoBrowser
Modern smart firewall
"We were looking for a solution that would help defend us against every possible vector attack. We really needed a modern, smart firewall and with the Fundaments Next Generation Redundant Firewall offer, based on Fortinet technology, we have got exactly what we wanted. It was a logical choice for us.”
Maarten Huijs
Engineer at Kempen Automatisering
Trusting a partner
"Sometimes specific knowledge is imperative and it isn’t always profitable to acquire this in-house. It’s great to be able to trust a partner who takes that worry away, who’s familiar with the subject and doesn’t immediately send an invoice for every little thing. This partner will have an ongoing conversation with you: what is it you need, how can we tackle this and find a solution? That’s what Fundaments does."
Richard Hagen of the Rolf group
Multiple physical locations
"If the customer wants to have their data stored in several physical locations in view of DR, this is possible. But whether it’s a customised option or well-planned standard options, the customer doesn’t have to worry about a thing. That’s the beauty of the new ways of BU and DR"
Michel Erkens and Alexander van Bruchem of Onguard
Good solution with less costs
“When you look at the connectivity costs, meaning the private connections, as a part of migrating to the cloud, where you no longer need your own hardware or maintenance, your insurance policy is reduced, the company’s energy expenditure goes down and other expenses become smaller, you will see that this is really a good solution.”
Jeroen Bruggeman
Enterprise Administrator at CNS-IT
Security is no.1
At Cobrowser they’ve noticed a huge difference in how companies deal with security. “There are companies who consider this not so important. It’s essential to us to find a partner who takes security seriously. That’s why we’ve chosen Fundaments. Security is a very natural element of our collaboration.”
Frank Leegstra
Director and security officer of CoBrowser
Time saving and significantly reduced down time
“We can now reduce the actual down time with a migration to minutes instead of hours. This means many advantages for our customers and that’s the most important thing. In addition, it saves time for our engineers.”
Harm Jan Stam
Technical Supervisor at Oxilion