OCI Network Firewall: A Cloud-Native NGFW Powered by Palo Alto Networks

Showing results for 
Show  only  | Search instead for 
Did you mean: 
L1 Bithead



On May 24, 2022, Oracle Cloud Infrastructure (OCI), together with Palo Alto Networks, announced OCI Network Firewall. This firewall service offered by OCI will allow organizations to deploy the best-in-class NGFW powered by Palo Alto Networks with the cloud native simplicity and scale. (You can find announcements below.)


This service is now generally available in OCI regions. Please visit the OCI Network Firewall Service Page to learn more about the latest information and try out the service. You can follow official docs to set it up in your OCI tenancy. 


Deploy Firewall and Gain Protection with Ease


One of the major benefits of using OCI Network Firewall is the simplicity when it comes to deployment. Let’s take a look at the following example:




In this example, the user is deploying OCI Network Firewall for north-south inbound traffic protection. The traffic comes in via an Internet Gateway, then it is routed to the OCI Network Firewall for inspection. If it passes the inspection, it will then be routed to the workload, which is the intended final destination.


If this was a 3rd party solution, the user must manage everything, such as launching the firewall instance from the marketplace, creating the subnet, updating the route table as well as managing the lifecycle of the firewall including content updates, software updates and scale.


In comparison, using OCI Network Firewall makes it much easier. All the user has to do is launch the Network Firewall from the OCI console and then redirect the inbound traffic to the IP address of the Network Firewall. All the other operational overhead will be taken care of by OCI. Users can also deploy OCI Network Firewall using a variety of templates.


Read more about different routing deployment models, topologies and best practices in the Secure your workloads using Oracle Cloud Infrastructure Network Firewall Service Reference Architecture document. 


Protect Against Known Exploits


Powered by Palo Alto Networks NGFW technologies such as VM-Series software firewall and Threat Prevention technologies, OCI Network Firewall is very effective in protecting your applications against known threats. For example, any attempt to exploit the Apache Log4j (CVE-2021-44228) vulnerability will be detected and blocked by OCI Network Firewall. OCI will regularly update the Threat Prevention signatures as they are made available by Palo Alto Networks.


In addition, thanks to the integration with OCI Vault, OCI Network Firewall also supports the inspection of HTTPS encrypted traffic (TLS 1.2 and TLS 1.3).


The screenshot below shows the single steps to enable IPS protection on your OCI Network Firewall available within Network Firewall Policy creation flow:




Native Integration with OCI Monitoring and Logging Services


As a native OCI Service, Network Firewall can easily take advantage of many other OCI native services such as OCI monitoring and logging services. This gives customers visibility into their security posture, security events and the potential threats. As you can see from the sample screenshot below, the user has access to a visualized dashboard where important metrics are aggregated in a single place and policies metrics are reflected.




Similarly, OCI Network Firewall can be configured to send threat and traffic logs to OCI Logging service where the user can take a look at the detailed analysis of the past events.


Below sample screenshot reflects how you can explore traffic logs. 




What’s Next


Oracle Cloud Infrastructure and Palo Alto Networks are working closely together to bring more capabilities to OCI Network Firewall. In the near future, you will be able to leverage other Palo Alto Networks technologies such as Advance URL Filtering and App-ID on OCI Network Firewall. Stay tuned!


Announcement Blog: Announcing Oracle Cloud Infrastructure Network Firewall

OCI Network Firewall Service Overview Blog: Defense in Depth, Layering using OCI Network Firewall

Oracle Press Release: Oracle Enhances its Comprehensive Cloud Security Capabilities with Integrated Threat Management

Palo Alto Networks Press Release: Oracle Chooses Palo Alto Networks to Power OCI Network Firewall

Executive video: Introducing OCI Network Firewall Powered by Palo Alto Networks


Register or Sign-in
Top Liked Authors