Skip to content
iland Cloud Official Site
iland Cloud Official Siteiland Cloud Official Site
  • Why iland
    • Submenu
      • Column 1
        • iland secure cloud console
          Secure Cloud Console
          iland compliance
          Compliance
          iland proven technology
          Cloud Platform
          iland pricing
          Pricing

      • Column 2
        • iland Security
          Security
          iland global regions
          Cloud Regions
          iland networking
          Cloud Connectivity
          iland interactive tour
          Interactive Tour

      • WHY CHOOSE iland
      • OverviewYour business is unique, your cloud should be too.
      • About ilandThe making of a market leader.
      • LeadershipMeet our experienced & knowledgeable executive team.
      • News & MediaFind out what’s new and happening at iland.
      •  
      • CareersYour future starts here. Join the #ilandlife today.
      • Technology PartnersGreat partnerships are built on great technologies.
      • Customer StoriesDiscover why customers are choosing iland Cloud.
      • BlogTips, tricks, opinions, and news from iland experts.
  • Products & Services
    • Products & Services
      • PRODUCTION HOSTING
      • Secure Cloud Overview
      • Secure Public CloudRun VMware natively. No refactoring required.
      • Secure Private CloudDedicated cloud for performance and security.
      • Object StorageS3-compatible storage for long-term retention.
      • BACKUP
      • Secure Backup Overview
      • Secure BackupSecure cloud backup for no-compromise data protection
      • Microsoft 365Complete data protection for Microsoft 365
      • DISASTER RECOVERY
      • DRaaS Overview
      • DRaaS with VeeamSimplified Disaster Recovery for your unique business
      • DRaaS with ZertoContinuous availability for 24×7 IT resilience
      • AutopilotFully-managed disaster recovery as a service.
      • DRaaS for Physical ServersReplicate physical servers to iland.
      • MANAGED SECURITY
      • Managed Security Overview
      • Continuous Risk ScanningDiscover and monitor vulnerabilities
      • Managed SIEMManaged security information and event management
      • Managed EDRManaged endpoint detection and response
      • Managed FirewallSimplify and improve network edge security
      • SUPPORTING SERVICES
      • Cloud Labs
      • Cloud Connectivity
      • Colocation/Bare-Metal
      • Managed Services
      • Migration Services
      • 24x7x365 Support
      • Strategy, Assessment & Planning
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
      • Column 2
        • iland Health Solutions

          Keep IT healthy.

          See our healthcare expertise.

          What's next in finance?

          Transform & modernize your IT.
          Learn More
          Learn More
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Login to Portal
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • Whitepapers
      • Podcast
      • Datasheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Success Center
      • API Documentation
Search:
  • Console Login
  • Contact Us
Header Right Menu
Free Trial
  • Why iland
    • Secure Cloud Console
    • Compliance
    • Cloud Platform
    • Pricing Model
    • Security
    • Cloud Regions
    • Cloud Connectivity
    • Interactive Tour
    • WHY CHOOSE iland
    • OverviewYour business is unique, your cloud should be too.
    • About ilandThe making of a market leader.
    • LeadershipMeet our experienced & knowledgeable executive team.
    • News & MediaFind out what’s new and happening at iland.
    •  
    • CareersYour future starts here. Join the #ilandlife today.
    • Technology PartnersGreat partnerships are built on great technologies.
    • Customer StoriesDiscover why customers are choosing iland Cloud.
    • BlogTips, tricks, opinions, and news from iland experts.
  • Products & Services
    • PRODUCTION HOSTING
    • Secure Cloud Overview
    • Secure Public CloudRun VMware natively. No refactoring required.
    • Secure Private CloudDedicated cloud for performance and security.
    • Object StorageS3-compatible storage for long-term retention.
    • BACKUP
    • Secure Backup Overview
    • Secure BackupSecure cloud backup for no-compromise data protection
    • Microsoft 365Complete data protection for Microsoft 365
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS with VeeamSimplified Disaster Recovery for your unique business
    • DRaaS with ZertoContinuous availability for 24×7 IT resilience
    • AutopilotFully-managed disaster recovery as a service.
    • DRaaS for Physical ServersReplicate physical servers to iland.
    • MANAGED SECURITY
    • Managed Security Overview
    • Continuous Risk ScanningDiscover and monitor vulnerabilities
    • Managed SIEMManaged security information and event management
    • Managed EDRManaged endpoint detection and response
    • Managed FirewallSimplify and improve network edge security
    • SUPPORTING SERVICES
    • Cloud Labs
    • Cloud Connectivity
    • Colocation/Bare-Metal
    • Managed Services
    • Migration Services
    • 24x7x365 Support
    • Strategy, Assessment & Planning
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • Column 2
  • Partners
    • Overview
    • Become a Partner
    • Login to Portal
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Success Center
    • API Documentation
  • Contact Us
  • Console Login
  • Free Trial
Tags: Cloud Services
Author: iland
Date: November 9, 2017

3rd Party Firewalls in the iland Secure Cloud

Cloud firewallOne of the main barriers to adoption for public clouds over the past few years has been that of security. Fears of hacking and data theft have been heightened by cases in the media.

Many customers thought that cloud would automatically take care of security regarding attacks from the internet, and there have been great advances to allay these fears. However, for many public cloud providers not all bases are covered out of the box, and adding in security features can add significant cost and complexity to the solution.

Here at iland, we have provided many of the security features that an enterprise customer requires, and have been used to within their own on-premises environments.

  • Comprehensive firewalling capabilities at the edge
  • Best of breed security within the cloud environment (anti-virus/anti-malware, intrusion detection, web reputation, file integrity monitoring, log inspection)
  • Encryption at the datastore level along with optional VM encryption

All the functionality of the VMware NSX Edge virtual appliance has been integrated into the iland Secure Cloud Console, and for most customers this provides all of the functionality they need.

However, some customers prefer to use the same firewall technology that they have been using on-premises, be that in the form of a physical or virtual firewall appliance. Also, the appliance may provide different or additional functionality that they need.

One of the differentiators of iland is being able to offer the capability for both physical and virtual appliances. While not very cloudy in nature, physical appliances can be accommodated by co-location, and iland will take care of the cross-connection into the iland cloud environment.

Our standard offering is to use the VMware NSX Edge virtual appliance, but other options exist which will be discussed later.

Standard with VMWare with NSX Edge

  • Supports up to 9 VXLAN-backed networks attached to the Edge
  • Uses standard RFC1918 address structures for networks
  • Route between networks and Internet using the Edge
  • Provides:
    • DNAT, SNAT, 5-tuple Firewall
    • SSL Client VPN, IPsec Site-to-Site VPN
    • Simple Load Balancing (IP hash, round robin)

This standard architecture can be augmented by adding in 3rd party virtual firewall appliances, as shown below. The firewall appliance runs like any other virtual machine in the cloud. Examples of 3rd party firewalls used recently include:

  • Cisco
  • Kemp
  • Checkpoint
  • Watchguard
  • Palo Alto
  • Fortinet

Third party virtual firewall appliance with NSX Edge
3rd party firewall basics:

  • Deployed within vCloud as a normal VM/vApp
  • Will support up to 9 VXLAN-backed internal networks
  • vShield Edge configured mostly in a passthrough mode
  • Customer manages 3rd party firewall to provide required services
  • Requires NATing from vShield Edge to 3rd party firewall. This can result in double-NATing to applications, and IPsec VPNs from the 3rd party firewall will dislike being NATed

Due to the NAT issues discussed above, iland normally prefers to adopt the next option, where the virtual appliance is attached directly to the internet via a block of public IP addresses in a small subnet.


For this use case:

  • VLAN-backed networks attached to the 3rd party firewall appliance, with one external to the Internet. Can support VLAN trunking.
  • Public IP address block as required (/28 for example)
  • Use standard RFC1918 address structures for networks
  • Route between networks and Internet using 3rd party firewall
  • Functionality determined by 3rd party CLI or web UI
  • No integration with iland console for firewall functionality
  • Appears as a VM to manage in the iland console

Finally, as discussed earlier, iland can offer co-location of physical networking appliances:


This last option is similar to the virtual appliance example. Here are a few of the basics features:

  • Can support many VLAN-backed attached to the 3rd party firewall (not limited by VM constraints)
  • Use standard RFC1918 address structures for networks
  • Route between networks and Internet using 3rd party firewall
  • Functionality determined by 3rd party CLI or Web UI
  • No integration with iland console for firewall functionality

In all cases, these 3rd party appliances can be integrated into management tools that the customer may already be running in the iland cloud, or on-premises.

While iland supports a large range of virtual networking appliances, and are not limited to firewalls (we also support load balancers, web application firewalls, WAN optimizers, etc), we do not tend to resell licenses for these appliances (with the exception of the Cisco ASAv), and so customers will usually bring their own licenses, and can upload virtual appliances through OVF/OVA.

Categories: IaaS, SecurityBy ilandNovember 9, 2017
Tags: Cloud Services

Author: iland

iland has been helping customers transform their mission critical applications to the Secure Cloud for hosting, protection, and recovery for over two decades. During that time, we have learned a great deal about exceeding customer expectations from every aspect of the cloud journey.

Post navigation

PreviousPrevious post:Ensuring Data Protections in the CloudNextNext post:The Continuity Tools Explained: VM Snapshots

Related Posts

11:11 Systems Completes Acquisition of Static1
July 11, 2022
iland Wins Zero Trust Security Excellence Award
July 5, 2022
Experts: Prepare for Busy 2022 Hurricane Season
July 1, 2022
What Our Customers Have to Say About 2022’s Most Pressing Cloud Challenges
June 10, 2022
Ready or Not, Cybercrime is on the Rise. Wouldn’t You Rather Be Ready?
May 16, 2022
Bolster Protection with Managed Security Services
April 28, 2022
iland, an 11:11 Systems Company
PRODUCTS & SERVICES
  • Secure Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Cloud Connectivity
  • 24x7x365 Support
  • Compliance
  • Free Trials
COMPANY
  • Why iland
  • Cloud Platform
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD LOCATIONS
  • Dallas, TX
  • Los Angeles, CA
  • Northern Virginia
  • Toronto, Canada
  • London, UK
  • Manchester, UK
  • Amsterdam, NL
  • Singapore
  • Melbourne, AU
  • Sydney, AU
CONNECT
  • LinkedIn
  • Twitter
  • Facebook
  • Youtube

© 2022 iland™ All Rights Reserved | Privacy Notice

Go to Top