Managed Firewall

With the Managed Firewall (MFW), Equinix offers scalable firewall capacity and a choice of firewall functionality to protect your infrastructure against cyber-attacks and to prevent unauthorized access to your data. The MFW is offered in conjunction with other Equinix Managed Services and Digital Services.

The Managed Firewall is a network security system that monitors, and controls incoming and outgoing network traffic based on predetermined security rules as defined by you. With the right set of rules, a firewall creates a barrier between a trusted network and untrusted network.

This product provides your (third-party) Security Operations Center (security) information and insights to enforce and monitor your security policy.

Equinix has selected hardware and software from market leaders for this service and manages the infrastructure for 24x7 availability.

Changes to the Firewall rules can either be configured by one of your authorized users through our self-service portal, or can be configured by qualified Equinix staff based on your instructions via a Service Request.

Equinix offers two deployment models:

• Virtual Firewall, running¹ on the Managed Private Cloud platform in an IBX data center.

• Physical Firewall, as part of a managed solution. It can be installed in either your Licensed Space or optionally in Managed Services Licensed Space in an IBX data center².

Note:
¹ Resources are included in Virtual Firewall Product.
² Subject to availability.

The benefits of the service include the following:

• Use of the latest firewall technology

• No major investments upfront, only a setup fee and monthly service fee

• Easy and quick upscaling of the required capacity (applicable to virtual appliance)

• Choice of additional functionality on top of the Next-Generation Firewall, such as Intrusion Prevention services or Advanced/Unified Threat Protection

• Self-service portal for policy configuration and access to reporting

• High availability through an active-passive firewall pair setup

• Compliant with European privacy legislation (auditable)

• Managed by an experienced and certified Equinix Security Team.

Managed Firewall service is available in select IBX data centers.

The figure below shows how applications hosted on Managed Private Cloud and/or in (customer) Licensed Space (colocation) are protected with the MFW and how users on different networks can securely access the applications and systems. It also shows the access for self-service and logging.

The Managed Firewall, which is by default a high availability pair, has two Virtual Firewall Domains (VDOMs):

• Customer domain – Monitors and controls the traffic between the different trusted and untrusted network segments. This is the actual Customer Firewall.

• Management domain – Used for management, only connected to the Equinix management environment. There's no connection between customer traffic and Equinix Management traffic.

In above example your applications are hosted on the Managed Private Cloud and in the Colocation space. The Firewall (customer domain) controls access to and from the Internet, the wide area network (WAN) and the network segments in Managed Private Cloud and colocation, based on a rule set which is configured via the self-service portal and/or a change request.

The Central Management System, which includes a self-service management portal and Analyzer Portal uses a Management VDOM to manage the customer’s Firewall (Customer VDOM).

The Analyzer system collects logging and events information to provide online and real-time visibility via the portal.

Optionally, logging information from the Customer domain can be send to an external SIEM system, so you can combine the information with the security logging and events from your other systems for holistic security monitoring.